We're Moving!

Beginning Thursday January 29th, Privacy Rights Clearinghouse will be moving offices and our phone systems will be down on Thursday the 29th and Friday the 30th. Our phone system will be up starting Monday February 2nd.

If you have a privacy complaint please use our online complaint center https://www.privacyrights.org/new-complaint. If you need to reach a staff member on those days, please send an email and the appropriate staff member will respond as soon as possible. For media inquiries, please email paul@privacyrights.org, for legislative issues please email bethg@privacyrights.org.


 

Chronology of Data Breaches
Security Breaches 2005 - Present

Posted Date: April 20, 2005
Updated Date: December 31, 2013

Is this your first visit to our Chronology of Data Breaches?

  • Read our FAQ about what we define as a breached record, how we calculate the "total" records breached, our data sources, state breach notice laws, studies and other resources

  • Learn how to use our Chronology and take advantage of its sophisticated search and sort features

  • Get our RSS Feed to see when we add new breaches to the list

What would you like to do?


Click or unclick the boxes then select go.


Select features, then click GO.



Help Guide

Can't find the sort feature you're looking for? Click here to download a CSV file of the data breach list as it exisits today.
Breach Total
932,729,111 RECORDS BREACHED
(Please see explanation about this total.)
from 4,478 DATA BREACHES made public since 2005

Save or Print PDF of Entire Breach List including introduction.Save or Print a PDF of Entire Breach List (including introductory FAQ)

Filter breach list before saving or printing PDF. Conduct a search of the Chronology using its sorting features, and Save or Print a PDF of your search results (Select filters)

If you do not have access to PDF, you can print the Chronology in landscape view.

Date Made Public Name Entity Type
March 4, 2012 Cambridge Eastern Education and Development Society (CEEDS)
Seattle, Washington
EDU HACK

13 (No SSNs or financial information reported)

A hacker or hackers accessed and posted the database information of Cambridge Eastern Education and Development Society (CEEDS) online.  The leaked data included 12 email addresses and one administrator login and (salted) password combination.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

March 4, 2012 Epson America
Long Beach, California
BSR HACK

66 (No SSNs or financial information reported)

A hacker or hackers accessed and posted the database information of Epson online.  The leaked data included 66 administrator user logins and password combinations.  Many of the passwords were weak and stored in an easily readable plain-text format.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

March 7, 2012 University of California Los Angeles (UCLA)
Los Angeles, California
EDU HACK

168 (No SSNs or financial information reported)

Hackers accessed and posted the usernames and passwords of individuals who had access to the UCLA.edu MySQL database. A total of 128 regular users had their names, titles, email addresses, logins, and password hashes posted online. Additionally, the IDs, usernames, salts, and password hashes from 37 staffers were posted online. Three database users also had their usernames and password hashes posted online.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

March 9, 2012 Gaming Perfection
Bronx, New York
BSO HACK

1,784 (No SSNs or financial information reported)

A hacker or hackers accessed and posted the database information of Gaming Perfection online.  A total of 1,784 email addresses, passwords with associated salts, and usernames were exposed.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

March 18, 2012 National Capital Planning Commission (NCPC)
Washington, District Of Columbia
GOV HACK

21 (No SSNs or financial information reported)

A hacker or hackers accessed and posted the database information of NCPC online.  A total of 21 names, email addresses, telephone numbers, passwords, and job titles were leaked.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

March 9, 2012 LifeSize Communications
Austin, Texas
BSR STAT

Unknown

A computer that contained unencrypted personal information was stolen from LifeSize Communications on January 26, 2012.  Names, Social Security numbers and other information were on the stolen computer.  Those who were affected were sent notifications on March 9.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

March 15, 2012 Iran Defense Forum, Irandefence.net
Plano, Texas
NGO HACK

3,212 (No SSNs or financial information reported)

A hacker or hackers accessed and posted the database information of Irandefence.net online.  The leaked information included usernames, email addresses, passwords, and associated password salts.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

March 16, 2012 Arizona Sports Fans, Arizonasportsfans.com
Bernardsville, New Jersey
BSO HACK

8,855 (No SSNs or financial information reported)

A hacker or hackers accessed and posted database information from arizonasportsfans.com online.  The leaked information included email addresses, passwords, salts for passwords, and usernames.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

March 19, 2012 Adult Insider Network, Adultinsider.com
Killeen, Texas
BSO HACK

10,704 (No SSNs or financial information reported)

A hacker or hackers accessed and posted information from the adultinsider.com database online.  The leaked information included email addresses, passwords with associated salts, and usernames.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

March 15, 2012 vBCoderz.com
Provo, Utah
BSO HACK

1,290 (No SSNs or financial information reported)

A hacker or hackers accessed and posted the database information of vBCoderz.com online.  A total of 1,290 email addresses, usernames, and passwords with associated salts were exposed.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

March 9, 2012 Bad Boy Tires
, Massachusetts
BSR HACK

111 (No SSNs or financial information reported)

No city was listed for this breach.

A hacker or hackers accessed and posted database information from Bad Boy Tires online.  A total of 111 names, emails, postal addresses, phone numbers, and plain-text passwords were exposed.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

March 28, 2012 Hawaii Community Federal Credit Union (HCFCU)
Kailua-Kona, Hawaii
BSF INSD

Unknown

An HCFCU member filed a complaint in 2011 after suspecting that their information had been improperly used for an HCFCU board nomination process. It became apparent that several employees had added names to nomination petitions, then went to credit union members to have them sign the petitions. Fewer than 500 of the 40,000 HCFCU members had their account information and the last four digits of their Social Security numbers accessed. The employees involved were disciplined and/or had their employment terminated. HCFCU employees are now required to go through a new training process to reinforce policies that prohibit accessing members' information.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

March 28, 2012 Douglas County Probation Office
Omaha, Nebraska
GOV PHYS

Unknown

A county clerk was the victim of a car theft. She had left sensitive documents for homicide trials in the trunk of her car.  The documents were recovered from the car wreckage.  Personal information for police officers associated with the homicide trials and names and addresses of witnesses could have been exposed. Documents will be scanned and never physically taken from the courthouse again as a result of the breach.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

March 30, 2012 Eclipse AeroSpace
Albuquerque, New Mexico
BSO HACK

Unknown

A hacker or hackers accessed and posted Eclipse AeroSpace database information online.  The leaked information included email addresses, usernames, names, and passwords.  

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

March 30, 2012 Savvyinsider.com
Trenton, New Jersey
BSO HACK

24 (No SSNs or financial information)

A hacker or hackers accessed and posted savvyinsider.com database information online.  A total of 24 usernames, email addresses, and passwords were exposed.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

July 12, 2012 SwedishAmerican Hospital
Rockford, Illinois
MED PHYS

Unknown

Around 1,500 X-ray films were stolen from SwedishAmerican Hospital on May 31. Someone claiming to be the person responsible for picking up and destroying the films was able to steal them.  Patient names, medical record numbers, dates of service, and dates of birth were exposed. Representatives believe the risk of identity theft is low since extracting the silver from X-ray films is usually the motive for similar thefts.

 
Information Source:
PHIPrivacy.net
records from this breach used in our total: 0

July 17, 2012 Awklein
, California
MED PHYS

2,000 (No SSNs or financial information reported)

The city where the incident occurred was not reported.

Sensitive health information in an unspecified format was stolen or discovered stolen on or around February 1, 2011. The incident was posted on the HHS website on June 8.

 
Information Source:
HHS via PHIPrivacy.net
records from this breach used in our total: 0

July 17, 2012 Office of Dr. Stephen Haggard, DPM Podiatry
Federal Way, Washington
MED STAT

1,597 (No SSNs or financial information reported)

A theft, possibly of a network server, resulted in the exposure of sensitive patient health information.  The theft occurred on or around March 4, 2012 and notifications were available for a limited time after April 22. The incident was posted on the HHS website on June 8.

 
Information Source:
HHS via PHIPrivacy.net
records from this breach used in our total: 0

July 17, 2012 Safe Ride Services, Inc.
Phoenix, Arizona
MED INSD

42,000 (No SSNs or financial information reported)

A former employee may have accessed computer systems without authorization and accessed service files.  The incident or incidents occurred between August 31, 2011 and January 31, 2012. Employee personal information as well as patient demographic and insurance information were exposed.  It is unclear if the former employee was currently employed at the time of the incidents.  The incident was posted on the HHS website on June 8.

 
Information Source:
HHS via PHIPrivacy.net
records from this breach used in our total: 0

July 17, 2012 SHIELDS For Families
Los Angeles, California
MED STAT

961 (No SSNs or financial information reported)

A February 27 office burglary resulted in the theft of a computer server.  Sensitive client health information such as dates of birth, addresses, treatment plans, and other types of personal information were exposed.  The server was not recovered, but the theft was discovered the next morning and a police report was filed. The incident was posted on the HHS website on June 8.

 
Information Source:
HHS via PHIPrivacy.net
records from this breach used in our total: 0

July 17, 2012 Hogan Services Inc.
Saint Louis, Missouri
BSO HACK

1,134 (No SSNS or financial information reported)

An email or emails with sensitive health information related to a health care premium plan was mistakenly emailed to or accessed by unauthorized people.  The incident occurred or was discovered sometime around March 30, 2012.  The incident was posted on the HHS website on June 8.

 
Information Source:
HHS via PHIPrivacy.net
records from this breach used in our total: 0

July 14, 2012 Orcutt Burger Restaurant
Orcutt, California
BSR CARD

Unknown

People who used debit cards to make purchases at Orcutt Burgers may have had their information stolen.  Coast Hills Federal Credit Union sent out an alert to clients and reissued an unspecified number of debit cards.  It is unclear how the debit card data was accessed and how long the information was at risk.  It is also unclear if credit cards were also compromised.

 
Information Source:
Databreaches.net
records from this breach used in our total: 0

July 11, 2012 Formspring
San Francisco, California
BSO HACK

420,000 (No SSNs or financial information revealed)

A hacker or hackers accessed Formspring's development server and posted the password hashes of 420,000 users online.  Formspring immediately reset all 28 million user passwords and addressed the security issues upon confirming that a breach had occurred.

 
Information Source:
Databreaches.net
records from this breach used in our total: 0

July 12, 2012 Yahoo! Voices
Sunnyvale, California
BSO HACK

453,492 (No SSNs or financial information reported)

A hacker or hackers used an SQL injection technique to access the plain-text passwords of over 450,000 Yahoo! Voices (formerly known as Associated Content) users.  The information was then posted online.  Yahoo! Voice users are encouraged to change their Yahoo! passwords immediately. Users from as far back as 2006 or earlier may have had their passwords exposed.

UPDATE (08/02/2012): A Yahoo! user is suing Yahoo! Inc. for negligence.  The user claims that Yahoo!'s failure to adequately safeguard his personal information should result in compensation for himself and other users who experienced account fraud and had to take measures to protect accounts put at risk by the Yahoo! breach.

 
Information Source:
Databreaches.net
records from this breach used in our total: 0

July 20, 2012 Israel Deaconess Medical Center
Boston, Massachusetts
MED PORT

3,900 (No SSNs or financial information involved)

The May 22 office theft of a physician's laptop resulted in the exposure of patient information. It is unclear what type of information was on the laptop, but the chief information officer said that "nothing that would be used from an identity theft perspective" was on the laptop.

 
Information Source:
PHIPrivacy.net
records from this breach used in our total: 0

July 19, 2012 Yale University
New Haven, Connecticut
EDU HACK

1,200 (Unknown number of SSNs)

Hackers accessed at least one Yale database and obtained the details of 1,200 students and staff.  Hackers may have obtained names, Social Security numbers, addresses, and phone numbers. Additionally, usernames, passwords, and email addresses were published as proof of the hack.

 
Information Source:
Databreaches.net
records from this breach used in our total: 0

July 18, 2012 ITWallStreet.ccom
New York, New York
BSO HACK

50,000 (No SSNs or financial information reported)

A hacker may have accessed as many as 12 data files containing detailed information on IT professionals searching for work with Wall Street.  First and last names, mailing addresses, email addresses, usernames, hashed passwords, and phone numbers were posted online.  Many of the passwords were decrypted and displayed in plain-text. Past salaries, salary expectations, contact information for references, and other types of job search information were also exposed.

 
Information Source:
Media
records from this breach used in our total: 0

July 17, 2012 Dropbox
San Francisco, California
BSR UNKN

Unknown

Dropbox users began receiving spam from email sources posing as Dropbox.  Many users claim that Dropbox must have suffered a breach because email addresses they used specifically and solely for Dropbox were compromised.

UPDATE (07/20/2012): Dropbox investigated customer concerns of a data breach but could not find any evidence of an unauthorized intrusion or activity as of July 20.

UPDATE (07/31/2012): Dropbox has confirmed that some accounts were accessed by hackers. One of the compromised accounts was that of a Dropbox employee.  The employee's account contained a project document of user email addresses.  Dropbox required some users to change their passwords and increased their security by adding a two-factor authentication system, new automated mechanisms to help identify suspicious activity, and a page that allows users to monitor active logins to their accounts.

 
Information Source:
Media
records from this breach used in our total: 0

July 13, 2012 Nvidia
Santa Clara, California
BSR HACK

400,000 (No SSNs or financial information reported)

A security breach affected Nvidia's developer forums. Hashed passwords and other sensitive information may have been obtained.  Public information such as birthdays, gender, and location may have been exposed. People who used the forums were given temporary passwords and instructed to choose a new forum password.

UPDATE (07/13/2012): A Nvidia representative said that its forum has 290,000 registered accounts, its DevZone site has 100,000 accounts, and its research site has 1,200 accounts.

 
Information Source:
Media
records from this breach used in our total: 0

July 23, 2012 Gamigo
Hamburg,
BSR HACK

3 million American accounts (No SSNs or financial information reported)

Hackers were able to access Gamigo's server in February of 2012.  Notification of the breach was sent on March 1.  Gamigo warned users and advised that they change any passwords for emails associated with Gamigo.  The hacked information was released on July 6.  A total of 8,243,809 user email addresses and encrypted passwords were posted online. 

 
Information Source:
Media
records from this breach used in our total: 0

July 20, 2012 Mission Linen Supply
Santa Barbara, California
BSR HACK

Unknown

A customer notified Mission Linen Supply of unauthorized charges on the credit cards of several other customers.  Mission Linen Supply discovered that the third party vendor who stores and maintains purchase information for their web stores had a data breach.  The unnamed vendor experienced an unauthorized access of their file servers.  Customers who made online purchases may have had their credit or debit card numbers, expiration dates, and possibly name and other payment card information compromised. The customer contacted Mission Linen Supply on June 29, but it is unclear when the vendor experienced the data breach.

 
Information Source:
California Attorney General
records from this breach used in our total: 0

July 26, 2012 Petco Animal Supplies, Inc.
Chanhassen, Minnesota
BSR PORT

Unknown

Five laptops were stolen from an unnamed auditor of Petco's 401(k) Plan between May 18 and May 20.  The auditor informed Petco on July3.  Current and former employee names, Social Security numbers, and other 401(k) account information may have been exposed. Anyone who was issued a Petco paycheck in 2010, had a 401(k) account and received a distribution, or had a fee deducted from their account in 2011 may have been affected.

 
Information Source:
California Attorney General
records from this breach used in our total: 0

July 27, 2012 Northwestern Memorial Hospital Home Hospice
Chicago, Illinois
MED PORT

Unknown

Those with questions may call (855) 755-8480 and use the reference number 6963071312.

A June 11 office burglary resulted in the theft of six laptops and a tablet. One or more of the computer devices included the personal health information of current and former Home Health patients.  Information included names, Social Security numbers, addresses, dates of birth, demographics, patient medical treatment profiles, diagnoses, symptoms, medications, treatment notes, and health insurance information.  The standard laptop security controls had been temporarily suspended on the devices since they were undergoing a software upgrade. 

 
Information Source:
PHIPrivacy.net
records from this breach used in our total: 0

July 27, 2012 Upper Valley Medical Center, Data Image
Troy, Ohio
MED UNKN

15,000 (No SSNs or financial information reported)

A data breach of Data Image's online billing system may have exposed the private information of Upper Valley Medical Center patients.  Names, addresses, hospital account numbers, and balances owed could have been obtained during an 18-month period.  Current and former patients were notified that the breach was discovered on March 21, 2012, but could have occurred as early as October 1, 2010.  

 
Information Source:
PHIPrivacy.net
records from this breach used in our total: 0

July 27, 2012 Upper Valley Medical Center
Troy, Ohio
MED PORT

Unknown

The May 16 office theft of a hard drive resulted in the exposure of patient information.  The theft was discovered the next day and a suspect was caught on tape.  Upper Valley Medical Center does not believe any patient information was contained on the hard drive.

 
Information Source:
PHIPrivacy.net
records from this breach used in our total: 0

July 23, 2012 Office of Dr. Luz Colon, DPM Podiatry
Miami, Florida
MED PORT

1,137 (No SSNs or financial information reported)

The theft or loss of a laptop or laptops resulted in the exposure of protected health information.  The data breach occurred sometime around March 20, 2012, and was reported on July 3, 2012.

 
Information Source:
HHS via PHIPrivacy.net
records from this breach used in our total: 0

July 23, 2012 Independence Physical Therapy
Mystic, Connecticut
MED STAT

925 (No SSNs or financial information reported)

A desktop computer was stolen or discovered stolen on August 1, 2011.  It contained protected health information.  The incident was disclosed on July 3.

 
Information Source:
HHS via PHIPrivacy.net
records from this breach used in our total: 0

July 23, 2012 Titus Regional Medical Center (TRMC)
Mount Pleasant, Texas
MED PHYS

Unknown

The March 29 theft of an unknown number of x-ray films resulted in the exposure of protected health information.  Thieves were able to access the secured storage location that contained the old x-ray films.  These thefts usually occur for the purpose of extracting valuable precious metals from the films by destroying them.  Most of the information on the films was more than five years old.  It is unclear what type of patient information the x-ray films contained, but they did not include Social Security numbers. Notice of the breach was given on May 24.

 
Information Source:
PHIPrivacy.net
records from this breach used in our total: 0

July 23, 2012 West Dermatology
Redlands, California
MED UNKN

1,900 (No SSNs or financial information reported)

A theft that occurred sometime around April 22, 2012 resulted in the exposure of protected health information.  The breach was posted on the HHS website on July 3.

 
Information Source:
HHS via PHIPrivacy.net
records from this breach used in our total: 0

July 23, 2012 Physician's Automated Laboratory
Bakersfield, California
MED PHYS

745 (No SSNs or financial information reported)

An office burglary was discovered on March 26.  The theft of lab requisition forms that were kept in a locked cabinet resulted in the exposure of information of patients who received laboratory services between February 1 and March 23.  Patient names, addresses, phone numbers, dates of birth, insurance information, ordering practitioner's name, and types of laboratory tests ordered may have been accessed. 

 
Information Source:
HHS via PHIPrivacy.net
records from this breach used in our total: 0

July 23, 2012 Volunteer State Health Plan, Inc. (VSHP), Comprehensive Counseling Network
Chattanooga, Tennessee
MED PHYS

1,102 (No SSNs or financial information reported)

Envelopes containing BlueCare member protected health information were damaged while being sent to Comprehensive Counseling Network.  Lists of claims containing patient protected health information became separated from the envelopes and were lost. Patient names, BlueCare ID numbers, dates of services, procedure codes, claim numbers, totals charged, amounts paid, provider names and provider addresses may have been exposed.  The envelopes also contained check to pay for medical visits that were listed on the claims, but the checks were not lost.

 
Information Source:
HHS via PHIPrivacy.net
records from this breach used in our total: 0

July 31, 2012 Massachusetts Mutual Life Insurance Company (MassMutual)
Springfield, Massachusetts
BSF HACK

Unknown

On July 13, MassMutual inadvertently sent a report via secure email that included client information to an incorrect retirement Plan Sponsor.  Client names, Social Security numbers, and 401(k) balance information were exposed.  The individual who received the plan information informed MassMutual of the error immediately and claimed to have deleted the information without storing or printing it.

 
Information Source:
California Attorney General
records from this breach used in our total: 0

February 8, 2012 Eaton Vance Management
Boston, Massachusetts
BSF DISC

Unknown

A mailing error caused the Social Security numbers of some employees to be visible through the window of mailed envelopes. The employee stock and tax documents were mailed on January 25, 2011 and notification was posted on February 6.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

August 1, 2012 Tarleton State University
Stephenville, Texas
EDU PHYS

Unknown

Financial aid documents with student information were found scattered in the street.  It is unclear how the documents got there.  Hundreds of current and former students who applied for or received financial aid during 1997 and 1998 may have had their Social Security numbers, dates of birth, federal Pell grant disbursements, and other personal information exposed.  

 
Information Source:
Databreaches.net
records from this breach used in our total: 0

August 6, 2010 WellPoint, Inc.
Indianapolis, Indiana
MED HACK

31,700 (No SSNs or financial information reported)

It is unclear if this incident is related to a June 2010 incident which was determined to have affected 470,000 people.

A hacking or IT incident that occurred or was discovered around November 3, 2009 resulted in the possible exposure of protected health information on a network server.  The incident was reported by HHS on August 6, 2010.

 
Information Source:
HHS via PHIPrivacy.net
records from this breach used in our total: 0

August 7, 2012 California Correctional Health Care Services (CCHCS) Regional Administration
Fresno, California
MED PHYS

Unknown

A June 11 theft of materials inside of a kiosk mailbox located outside of the CCHCS Regional Administration building may have resulted in the exposure of sensitive information.  Documents that included prospective employment candidate responses to employment inquiries with personally identifiable information may have been in the mailbox.  California State Employment Application forms and applicable documents include names, Social Security numbers, driver's license numbers, residential addresses, dates of birth, telephone numbers, email addresses, employment histories, education histories, and other employment information of prospective candidates. 

 
Information Source:
California Attorney General
records from this breach used in our total: 0

August 9, 2012 CQ Roll Call, The Economist Group, Bloomberg
Washington, District Of Columbia
BSF DISC

Unknown

A group of former CQ employees were able to continue using log-ins and passwords to access sensitive information from The Economist Group after they left.  CQ Roll Call is owned by The Economist Group.  Many or all of the former CQ employees accessed the information while employed at Bloomberg.  Bloomberg has already paid an unspecified amount to The Economist Group as compensation for the unauthorized access incident or incidents.  It is not clear what type of information was exposed.

 
Information Source:
Databreaches.net
records from this breach used in our total: 0

August 9, 2012 AmericInn
Medford, Wisconsin
MED INSD

Unknown

A dishonest employee faces six charges of fraudulently using a credit card and 59 counts of identity theft.  The former employee apparently used customer credit card numbers to pay tuition and insurance bills. 

 
Information Source:
Databreaches.net
records from this breach used in our total: 0

March 29, 2012 Go-Kart Records
New York, New York
BSR HACK

227 (No SSNs or financial information reported)

A hacker or hackers accessed and published sensitive information from a Go-Kart Records database.  A total of 218 usernames, email addresses, and passwords were posted. Additionally, nine employee usernames, email addresses, and plain text passwords were posted.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

March 30, 2012 Public Broadcasting System
Arlington, Virginia
NGO HACK

1,871 (No SSNs or financial information reported)

A hacker or hackers accessed and published information from a Public Broadcasting System server or database.  A total of 1,598 press usernames, plain-text passwords, and email addresses were posted online.  Thirty-six administrator names, usernames, email addresses and passwords were also publicly posted.  Finally, 237 names, emails, passwords, and usernames from other sources were posted online.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

Breach Total
932,729,111 RECORDS BREACHED
(Please see explanation about this total.)
from 4,478 DATA BREACHES made public since 2005
Showing 3601-3650 of 4478 results


X

Sign In!

Loading