Chronology of Data Breaches
Security Breaches 2005 - Present

Posted Date: April 20, 2005
Updated Date: December 31, 2013

Is this your first visit to our Chronology of Data Breaches?

  • Read our FAQ about what we define as a breached record, how we calculate the "total" records breached, our data sources, state breach notice laws, studies and other resources

  • Learn how to use our Chronology and take advantage of its sophisticated search and sort features

  • Get our RSS Feed to see when we add new breaches to the list

What would you like to do?


Click or unclick the boxes then select go.


Select features, then click GO.



Help Guide

Can't find the sort feature you're looking for? Click here to download a CSV file of the data breach list as it exisits today.
Breach Total
868,045,823 RECORDS BREACHED
(Please see explanation about this total.)
from 4,347 DATA BREACHES made public since 2005

Save or Print PDF of Entire Breach List including introduction.Save or Print a PDF of Entire Breach List (including introductory FAQ)

Filter breach list before saving or printing PDF. Conduct a search of the Chronology using its sorting features, and Save or Print a PDF of your search results (Select filters)

If you do not have access to PDF, you can print the Chronology in landscape view.

Date Made Public Name Entity Type
February 17, 2012 Islamic Finder
Anaheim, California
BSO HACK

279 (No SSNs or financial information reported)

A hacker or hackers accessed and posted information from islamicfinder.org online.  Usernames, names, passwords, and email addresses were exposed.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

February 19, 2012 LABusinessConnect.com, AdultStaffing.com
Phoenix, Arizona
BSO HACK

686 (No SSNs or financial information reported)

A hacker or hackers hacked LABusinessconnect.com with the intention of exposing the company's wrong doings.  A database for adultstaffing.com was contained within LABusinessconnect.com.  Administrator information from LABusinessConnect.com was posted. A total of 686 usernames, email addresses, and passwords were exposed.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

August 28, 2012 Wilkinson County Schools
Irwinton, Georgia
EDU HACK

Unknown

A student was able to access and distribute information from a classroom management system called PowerTeacher.  The student used user names and passwords to access grades, demographics, Social Security numbers, and other personal information.  Some parents reported receiving strange calls that disclosed personal information.

 
Information Source:
Databreaches.net
records from this breach used in our total: 0

August 28, 2012 Charter One, Dollar Bank, Fifth Third, First Merit, Key, PNC, Total Merchant Services
Cleveland, Ohio
BSF INSD

Unknown

Ten people consisting of assistant managers, sales representatives, and other employees of banks were arrested for participating in an identity theft ring.  Information was stolen and misused between November 2011 and February 2012.  

 
Information Source:
Databreaches.net
records from this breach used in our total: 0

February 20, 2012 Yamaha Commercial Audio Systems
Colombus, Ohio
BSR HACK

1,755 (No SSNs or financial information reported)

A hacker or hackers accessed and posted sensitive information from an official Yamaha music website.  A total of eight administrator accounts, as well as 1,755 email addresses and plain-text passwords were exposed.  

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

February 3, 2012 Patriot Self Storage (CubeSmart Management, LLC)
Boston, Massachusetts
BSR PHYS

Unknown

Files containing customer lease documents were discovered missing.  The information was several years old and included customer names and addresses.  Drivers' license numbers and Social Security numbers may have also been exposed.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

February 7, 2012 David Yurman (Yurman Design, Inc.)
New York, New York
BSR DISC

Unknown

Yurman mailed some 1099 forms to the wrong addresses.  Names, tax information, and Social Security numbers were exposed.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

August 29, 2012 Chili's
Coral Springs, Florida
BSR INSD

Unknown

A dishonest employee was arrested for using a skimming device to steal customer credit card numbers at Chili's.  Investigators were able to link another fraudulent credit card crime to a credit card stored in the dishonest employee's skimmer.  This led to the discovery of a credit card making machine, a credit card skimmer, laptops, blank credit cards, and pages of names, Social Security numbers, and dates of birth at a separate residence.

 
Information Source:
Databreaches.net
records from this breach used in our total: 0

February 8, 2012 Eaton Vance Management
Boston, Massachusetts
BSF DISC

Unknown

A mailing error caused the Social Security numbers of some employees to be visible through the window of mailed envelopes. The employee stock and tax documents were mailed on January 25, 2011 and notification was posted on February 6.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

February 14, 2012 Valley National Bank, American Stock Transfer and Trust Company, LLC
New York, New York
BSF DISC

Unknown

A mailing error caused 1099 forms to be sent to the wrong addresses on January 17, 2012.  Names, tax identification numbers, and addresses were exposed because incorrect or multiple addresses were printed on the forms.  Information on stock dividends and phone numbers was also exposed.  The error was discovered when some of the forms were returned by the post office as undeliverable.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

February 13, 2012 Alicare, National Retirement Fund
White Plains, New York
BSF DISC

Unknown

A mailing error caused the Social Security numbers of National Retirement Fund participants to be printed on the outside of a mailed envelope.  Names and mailing addresses were also exposed.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

September 1, 2012 Temple Community Hospital
Los Angeles, California
MED STAT

600 (No SSNs or financial information reported)

Concerned patients may call 888-633-6122.

The July 3 office theft of a computer from the Radiology Department resulted in the exposure of patient information. The computer was used to store CT examination images taken between January 1, 2012 and July 2, 2012.  It contained pictures of CT scans performed, reasons for the scans, patient names, ordering doctors' names, and patient hospital account numbers.

 
Information Source:
PHIPrivacy.net
records from this breach used in our total: 0

August 30, 2012 Harris County Hospital District
Houston, Texas
MED INSD

Unknown

The Harris County Hospital District was alerted to an issue when they received a grand jury subpoena on February 11, 2011.  A dishonest employee was immediately fired for viewing and possibly sharing patient names, Social Security and member numbers, medical record numbers, addresses, phone numbers, dates of birth, sexes, emergency contact information, payer information, and other medical care information. The Harris County Hospital District decided to send patients notifications on July 20, 2012 after receiving additional information about the breach. The former employee was indicted and will be tried on criminal charges related to the stolen and misused information on September 24, 2012.

 
Information Source:
PHIPrivacy.net
records from this breach used in our total: 0

August 30, 2012 BMO Harris Bank
Milwaukee, Wisconsin
BSF PORT

Unknown

The laptop of an employee who works for a BMO Harris Bank vendor was stolen.  It contained customer names, addresses, and dates of birth. BMO learned of the breach on June 20.

 
Information Source:
Databreaches.net
records from this breach used in our total: 0

September 1, 2012 New Hampshire Department of Corrections
Concord, New Hampshire
GOV HACK

Unknown

A staff member found that a cable line hooked to the computers used by inmates had been connected to a line connecting to the entire Concord prison computer system.  This may have allowed one or more prisoners to view, steal, or change sensitive records. The network is used to track invoiced and billing for Correctional Industries contracts. Information from the offender management database system "Corrections Offender Records and Information System" may have been compromised as well.

 
Information Source:
Databreaches.net
records from this breach used in our total: 0

September 4, 2012 Twinspires.com (Churchill Downs Technology Initiatives Company)
Louisville, Kentucky
BSF HACK

Unknown

TwinSpires.com computer records were breached on August 3, 2012.  Customer names, cryptographically hashed Social Security numbers, dates of birth, and email addresses may have been exposed.  

 
Information Source:
California Attorney General
records from this breach used in our total: 0

September 6, 2012 Boston Water and Sewer Commission
Boston, Massachusetts
GOV PORT

Unknown

Those with questions may call (617)-989-7800.

A contractor working for Boston Water and Sewer Commission misplaced a hard drive.  The hard drive may have contained customer names, account numbers, meter numbers, phone numbers, addresses, and other information the utility organization recorded. Residents were also warned to be aware of possible calls from people pretending to be from the Commission.

 
Information Source:
Databreaches.net
records from this breach used in our total: 0

September 4, 2012 CWI Railroad System Specialists
Barto, Pennsylvania
BSR HACK

Unknown

A hacker accessed the company's banking system and issued separate payments totalling $190,000 to banks in Virginia.  It is likely that the hacker placed malware in the system in order to make the withdrawal.  The malware has yet to be discovered and it is unclear how long ago the hacker first breached the system.

 
Information Source:
Databreaches.net
records from this breach used in our total: 0

September 4, 2012 Apple
Cupertino, California
BSR HACK

1,000,000 (No SSNs or financial information involved)

Hackers associating themselves with Anonymous claim to have obtained 12 million Apple Unique Device Identifiers (UDIDs) by hacking an FBI agent's laptop.  The hackers offered proof of the breach by posting over one million UDIDs. However, both Apple and the FBI are denying that an FBI agent would have access to that information and keep it on a laptop. The hack occurred in March. Apple replaced the types of identifiers the hackers appear to have obtained and will discontinue their use.

 
Information Source:
Media
records from this breach used in our total: 0

September 11, 2012 WhatGreatSkin.com (Healing Touch Day Spa Inc.)
Nipomo, California
BSR HACK

Unknown

The WhatGreatSkin.com servers were hit by an organized attack on the afternoon of August 28.  Hackers may have accessed customer names, addresses, and credit card details. Customers were warned to be cautious of phishing attempts for Social Security numbers, credit card information, or any other personal information.

 
Information Source:
California Attorney General
records from this breach used in our total: 0

September 11, 2012 Carmichael Company
Vallejo, California
BSF PORT

Unknown

Those with questions may call 707-643-1745.

An electronic filing report was found during a raid.  The report contained tax return information such as Social Security numbers. 

 
Information Source:
California Attorney General
records from this breach used in our total: 0

September 11, 2012 Local 2/Hospitality Industry Child & Elder Care Plan
San Francisco, California
MED PORT

Unknown

A USB drive was determined to be lost on August 13, 2012. Information from the non-medical program within the SF Culinary, Bartetenders, and Service Employees Welfare Plan was on the flash drive.  People who participated in the Child and Elder Care Plan may ahve had their names, Social Security numbers, and addresses exposed.

 
Information Source:
California Attorney General
records from this breach used in our total: 0

September 12, 2012 Education Resources Information Center (ERIC)
Washington, District Of Columbia
NGO DISC

Unknown

An official notice was posted here:http://www.eric.ed.gov/pdf_availability.html

Those wishing to access a specific PDF should email ERICRequests@ed.gov.  

ERIC began an effort to remove personally identifiable information from their full text documents in August of 2012.  The information had been publicly available through other means, but it was appearing more frequently in internet searches and becoming easier to access because of web advances.  Access to many full text documents on ERIC's database was temporarily disabled. Every document will be checked for personally identifiable information before being restored. 

 
Information Source:
Databreaches.net
records from this breach used in our total: 0

February 16, 2012 Horry Telephone Cooperative, Inc. (HTC)
Conway, South Carolina
BSR HACK

Unknown

Those with questions may call 1-855-260-2537.

Unauthorized attempts were made to illegally transfer funds from an HTC bank account between February 1 and February 3 of 2012. The unauthorized party or parties were able to view a limited amount of automated payment records being processed by a third party vendor.  Names on customer bank accounts used for automated payments to HTC, customer bank account numbers used for automated payments to HTC, bank routing numbers used for automated payments to HTC, and customer HTC account numbers were exposed. HTC internal databases were not accessed.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

February 24, 2012 Grimmer Middle School
Schererville, Indiana
EDU HACK

54 (No SSNs or financial information reported)

A hacker or hackers accessed faculty and staff usernames, email addresses, and passwords.  The information was then posted online.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

February 24, 2012 Lake Central Clark Middle School
Saint John, Indiana
EDU HACK

31 (No SSNs or financial information exposed)

A hacker or hackers accessed faculty and staff usernames, email addresses, and passwords.  The information was posted online.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

February 21, 2012 Hagerty Insurance Agency, LLC
Traverse City, Michigan
BSF DISC

Unknown

Those with questions may call 800-922-4050.

An administrative change on www.hagerty.com exposed the personal information of consumers.  Names, addresses, driver's license numbers, policy numbers, email addresses, phone numbers, and dates of birth were temporarily available online.  The error occurred late in the afternoon of February 14 and was corrected during the afternoon of the following day.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

February 3, 2012 American Third Position (A3P)
Las Vegas, Nevada
NGO HACK

Unknown

Activists who use hacking (hactivists) targeted several American White supremacist groups.  A partial list of officers, political candidate information, financial data, and other member information was exposed.  

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

February 16, 2012 D.R. Horton Inc. (DHI Mortgage)
Fort Worth, Texas
BSF UNKN

Unknown

A software security incident caused the personal information of mortgage applicants to be exposed. Unknown external sources caused a breach that compromised customer Social Security numbers, dates of birth, income data, and assets and liabilities information. The breach was discovered on February 10 at DHI's Internet Loan Prequalification System.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

September 14, 2012 U.S. Postal Service
Miami, Florida
GOV PHYS

Unknown

A man shot and killed a postal worker in December of 2010 in order to steal his master key. The key was then used by the the man and his partner to access apartment complex mailboxes in the North Miami-Dade area.  An unknown number of people then became victims of tax refund fraud.

The man was found guilty of 14 counts of homicide, carjacking, robbery, possession of a firearm, and aggravated identity theft in September of 2012.  He faces a sentence of up to life in prison.

 
Information Source:
Databreaches.net
records from this breach used in our total: 0

September 14, 2012 Wounded Warrior Project
Jacksonville, Florida
NGO PORT

Unknown

A July 25 office burglary resulted in the theft of at least 33 laptops and iPads. The personal information of an unspecified number of former employees may have been affected.

UPDATE (11/28/2012): The laptops contained employee names, Social Security numbers, addresses, dates of birth, passport numbers, credit card information, bank account numbers, and possibly life insurance dependent information.  The IT department remotely locked access to the devices after discovering they had been stolen earlier in the same day.

 
Information Source:
Databreaches.net
records from this breach used in our total: 0

September 16, 2012 Quest Diagnostics
Madison, New Jersey
MED INSD

Unknown

A dishonest employee was discovered to have forwarded emails that contained sensitive personal information in late July.  The emails included names, Social Security numbers, addresses, dates of birth, driver's license numbers, financial account information, and medical/health insurance information.  

 
Information Source:
PHIPrivacy.net
records from this breach used in our total: 0

September 16, 2012 Lahey Clinic
Burlington, Massachusetts
MED PORT

Unknown

The loss of a physician's unencrypted, password-free Blackberry at an airport on July 1 resulted in the exposure of patient names, dates of birth, medical record numbers, diagnosis information, procedure names, and test results.  Lahey Clinic was able to remove all data from the device remotely on July 6. Affected patients were notified in late August.

 
Information Source:
PHIPrivacy.net
records from this breach used in our total: 0

February 21, 2012 China East
Wauwatosa, Wisconsin
BSR INSD

Unknown

A dishonest employee was caught with a backpack full of customer financial information.  A resident reported the employee when he saw someone checking his mail for packages.  Police investigated and were able to uncover fraudulent activity.  At least 10 purchases were made with customer debit and credit cards between January and February.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

September 17, 2012 St. Therese Medical Group
Bakersfield, California
MED STAT

Unknown

A July 22 Saint Therese office theft of a computer resulted in the exposure of patient information.  The computer was unencrypted; however, it was password protected.Names, Social Security numbers, dates of birth, health insurer names, dates of treatment, amount billed, and account balances were exposed. Notifications were sent on September 17.

 
Information Source:
California Attorney General
records from this breach used in our total: 0

September 21, 2012 Central States Southeast and Southwest Areas Health and Welfare Fund
Des Plaines, Illinois
NGO PHYS

754 (No SSNs or financial information reported)

An incident occurred on July 31 that may have caused sensitive health information to be exposed. The information was in the form of paper records that were exposed in some undisclosed way.

 
Information Source:
HHS via PHIPrivacy.net
records from this breach used in our total: 0

September 18, 2012 Northstar Healthcare
Chicago, Illinois
MED DISC

170 (No SSNs or financial information reported)

An email that was sent to patients displayed the names of all patients who received the email.  The email was sent to patients being treated for HIV or AIDS and inadvertently revealed names and HIV status.

 
Information Source:
PHIPrivacy.net
records from this breach used in our total: 0

September 19, 2012 Cabinet for Health and Family Services
Frankfort, Kentucky
MED HACK

2,500 (No SSNs or financial information reported)

The Cabinet for Health and Family Services displayed an official notice on their website here: http://chfs.ky.gov/news/HIPAA+Notice.htm

An employee was the victim of a phishing attack via email sent by a hacker.  The employee's account was then compromised.  Unauthorized activity was identified on the account within half an hour and the account was immediately disabled.  

 
Information Source:
PHIPrivacy.net
records from this breach used in our total: 0

September 21, 2012 Library Resources, Inc. (LRI)
Philadelphia, Pennsylvania
MED PORT

3,183 (No SSNs or financial information reported)

Consumers with questions may call LRI's Quality Management Hotline at 1-888-634-2155 ext. 629.

The August 4th theft of a laptop resulted in the exposure of sensitive information. The laptop contained names, Medicaid numbers, and short summary information used for administrative purposes. 

 
Information Source:
HHS via PHIPrivacy.net
records from this breach used in our total: 0

September 21, 2012 Lana Medical Care
Ormond Beach, Florida
MED PORT

500 (No SSNs or financial information reported)

The August 18th theft of a laptop resulted in the exposure of patient information.

 
Information Source:
HHS via PHIPrivacy.net
records from this breach used in our total: 0

September 29, 2012 Health and Sports Rehab, Inc.
Dorchester, Massachusetts
MED INSD

Unknown

A dishonest intern stole personal information while working at the clinic.  The information was used to create and cash fraudulent checks and the dishonest intern pled guilty.

 
Information Source:
PHIPrivacy.net
records from this breach used in our total: 0

September 27, 2012 Apex Laboratory
Farmingdale, New York
MED HACK

Unknown

Apex Laboratory learned from law enforcement investigators on July 30 that an unauthorized party or parties accessed their computer systems.  Patients may have had their names, Social Security numbers, addresses, phone numbers, dates of birth, gender, and insurance identification numbers were exposed.

 
Information Source:
PHIPrivacy.net
records from this breach used in our total: 0

September 27, 2012 Rite Aid Corporation
Camp Hill, Pennsylvania
BSR DISC

Unknown

A customer using RiteAid's mobile app to check a prescription noticed that he was able to access the names, addresses, and prescription records of other customers.  The customer was able to identify some of the problems by using his computer science background.  He noticed there was no secure login tied to web service calls made from the smartphone application.  The customer was able to correspond with several RiteAid representatives and RiteAid began to address some of the security concerns.

 
Information Source:
PHIPrivacy.net
records from this breach used in our total: 0

September 21, 2012 Tricounty Behavioral Health Clinic
Acworth, Georgia
MED PORT

4,000 (No SSNs or financial information reported)

Those with questions may call 888-261-6360.

An August 26 office theft of a laptop resulted in the exposure of patient information. 

 
Information Source:
HHS via PHIPrivacy.net
records from this breach used in our total: 0

October 2, 2012 Robeson County Board of Elections
Lumberton, North Carolina
GOV PORT

71,000 (Partial SSNs exposed)

Five password-protected laptop computers that contained personal information of registered voters in Robeson County were discovered stolen in September.  Voters had their names, addresses, dates of birth, and the last four digits of their Social Security numbers exposed.  The computers went missing between July 18 and September 4. They were most likely taken while outside of their normally secured area and left with unsupervised community volunteers.  Driver's license numbers may have also been exposed.  Those who were affected were mailed letters on September 12.

 
Information Source:
Databreaches.net
records from this breach used in our total: 0

October 1, 2012 San Mateo Union High School District
San Mateo, California
EDU HACK

Unknown

Hackers accessed San Mateo Union High School District's computer system and attempted to use it to infiltrate FBI and CIA electronic systems. The District became aware of the problem when United States Naval Intelligence informed them that the District's servers had been compromised.  The hackers appear to have used additional organizations in their scheme.

 
Information Source:
Databreaches.net
records from this breach used in our total: 0

September 24, 2012 CIty of Tulsa, Oklahoma
Tulsa, Oklahoma
GOV HACK

Unknown

Those with questions may call (918) 596-2699.

A hacker or hacker managed to infiltrate and bring down the City of Tulsa's website.  It is unclear if any information was accessed, but notifications were sent to people who applied online for jobs or submitted online police reports.  Names, Social Security numbers, addresses, and driver's license numbers may have been exposed.

UPDATE (10/01/2012): A member or members of the IT department used a third-party firm to test the City's computer system.  There was no unauthorized access.

 
Information Source:
Media
records from this breach used in our total: 0

October 4, 2012 Monterey Institute of International Studies, Middlebury College
Monterey, California
EDU PORT

Unknown

A September 14, 2012 home burglary resulted in the theft of a laptop.  The laptop was password-protected and was stolen along with other items.  Student names and Social Security numbers were on the laptop.  

 
Information Source:
California Attorney General
records from this breach used in our total: 0

September 26, 2012 American Heart Association, Olive Crest
Las Vegas, Nevada
NGO PORT

Unknown

An office burglary resulted in the exposure of personal information.  Two or more laptops with donor information and a docking station were stolen.

 
Information Source:
Databreaches.net
records from this breach used in our total: 0

October 8, 2012 GreenStone Homes
Columbus, Ohio
BSO PHYS

Unknown

A pile of thousands of documents were found in the street. Two bags were stuffed with financial information such as tax returns with Social Security numbers. The information was found in the driveway of a model home that had been foreclosed in July 2011.

 
Information Source:
Databreaches.net
records from this breach used in our total: 0

Breach Total
868,045,823 RECORDS BREACHED
(Please see explanation about this total.)
from 4,347 DATA BREACHES made public since 2005
Showing 3651-3700 of 4347 results


X

Sign In!

Loading