Chronology of Data Breaches
Security Breaches 2005 - Present

Posted Date: April 20, 2005
Updated Date: December 31, 2013

Is this your first visit to our Chronology of Data Breaches?

  • Read our FAQ about what we define as a breached record, how we calculate the "total" records breached, our data sources, state breach notice laws, studies and other resources

  • Learn how to use our Chronology and take advantage of its sophisticated search and sort features

  • Get our RSS Feed to see when we add new breaches to the list

What would you like to do?


Click or unclick the boxes then select go.


Select features, then click GO.



Help Guide

Can't find the sort feature you're looking for? Click here to download a CSV file of the data breach list as it exisits today.
Breach Total
815,842,526 RECORDS BREACHED
(Please see explanation about this total.)
from 4,488 DATA BREACHES made public since 2005

Save or Print PDF of Entire Breach List including introduction.Save or Print a PDF of Entire Breach List (including introductory FAQ)

Filter breach list before saving or printing PDF. Conduct a search of the Chronology using its sorting features, and Save or Print a PDF of your search results (Select filters)

If you do not have access to PDF, you can print the Chronology in landscape view.

Date Made Public Name Entity Type
August 9, 2012 AmericInn
Medford, Wisconsin
MED INSD

Unknown

A dishonest employee faces six charges of fraudulently using a credit card and 59 counts of identity theft.  The former employee apparently used customer credit card numbers to pay tuition and insurance bills. 

 
Information Source:
Databreaches.net
records from this breach used in our total: 0

March 29, 2012 Go-Kart Records
New York, New York
BSR HACK

227 (No SSNs or financial information reported)

A hacker or hackers accessed and published sensitive information from a Go-Kart Records database.  A total of 218 usernames, email addresses, and passwords were posted. Additionally, nine employee usernames, email addresses, and plain text passwords were posted.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

March 30, 2012 Public Broadcasting System
Arlington, Virginia
NGO HACK

1,871 (No SSNs or financial information reported)

A hacker or hackers accessed and published information from a Public Broadcasting System server or database.  A total of 1,598 press usernames, plain-text passwords, and email addresses were posted online.  Thirty-six administrator names, usernames, email addresses and passwords were also publicly posted.  Finally, 237 names, emails, passwords, and usernames from other sources were posted online.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

March 13, 2012 Citibank
New York, New York
BSF HACK

Unknown

An unauthorized party was able to illegally access information maintained by Citi through a source other than Citi.  The unauthorized party logged onto Citi's credit card online account access system by using passwords and user IDs.  Customer names, addresses, email addresses, account numbers, and transaction information may have been viewed.  Customers who were affected were notified, issued replacement cards, and required to create new account login credentials.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

March 14, 2012 Forte Interactive, Children's Service Council of Palm Beach County, Ocean Reef Community Association
West Palm Beach, Florida
BSO DISC

Unknown

Information Forte Interactive inadvertently copied from web applications used by Children's Service Council and Ocean Reef Community accidentally became publicly accessible after a system upgrade.  Names, Social Security numbers, driver's license numbers, and dates of birth of individuals whose information was contained in the web portal or web portals was publicly accessible between December 7, 2011 and February 3, 2012. The issue was discovered on January 30, 2012.  

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

August 9, 2012 Blizzard Entertainment
Irvine, California
BSO HACK

Unknown

There is an official Battle.net FAQ page here: http://us.battle.net/support/en/article/important-security-update-faq

Blizzard's security team found an unauthorized party or parties had accessed the Blizzard internal network.  Blizzard immediately addressed the security issue and found no evidence that credit card, billing address, or name information had been accessed. Players using North American servers may have had scrambled versions of Battle.net passwords, answers to personal security questions, and information relating to Mobile and Dial-In Authenticators accessed.  Users are encouraged to change their passwords immediately and to change the passwords of other accounts if they are similar to the compromised Battle.net passwords.  A list of email addresses for global Battle.net users outside of China was also accessed.

UPDATE (11/12/2012): Two people have filed a suit alleging that Blizzard's $6.50 protection charge is inadequate and that Blizzard did not take the necessary measures required to secure the private information of customers that was stored online. The lawsuit also alleges that Blizzard continues to fail to disclose to consumers that additional security products must be acquired after buying games in order to ensure that information stored in online accounts is secured.

UPDATE (07/11/2013): The U.S. District Court for the Central District of California dismissed most of the claims that were brought against Blizzard Entertainment.

UPDATE (08/23/2013): At least six out of eight claims from the lawsuit against Blizzard have been dismissed.  Blizzard still faces litigation for failing to fully disclose the importance of an authenticator to users.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

August 1, 2012 Marquette University
Milwaukee, Wisconsin
EDU HACK

15 (No SSNs or financial information reported)

A hacker or hackers accessed and posted sensitive Marquette University information online.  Fifteen names, addresses, email addresses, and passwords were exposed.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

July 3, 2012 Miami Northwestern Senior High School
Miami, Florida
EDU PHYS

Unknown

A group of volunteers discovered school materials inside of a public dumpster.  There were folders containing sensitive student records among textbooks, novels, and workbooks. The folders contained student Social Security numbers, health records, grade reports, and student education forms.  An administrative error meant that custodians discarded obsolete materials that had been stored.  The items should have been delivered to the district's central warehouse or sold to used-book dealers. The items were recovered and transmitted to the correct locations.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

July 10, 2012 Phandroid, Androidforums.com
Inverness, Florida
BSO HACK

Unknown

Phandroid user account details were accessed and posted online by a hacker or hackers.  Hackers breached a back end database that powers Androidforums.com.  Androidforum usernames, email addresses, hashed passwords, member IP addresses, forum group memberships, and other data may have been accessed.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

July 15, 2012 High Tech Crime Solutions
Atlanta, Georgia
BSO HACK

32,000 (No SSNs or financial information reported)

A hacker or hackers accessed and posted information from High Tech Crime Solutions Inc.'s website by using an SQL injection cyber attack.  A total of 8,900 names and phone numbers were posted online.  Over 32,000 private messages were also exposed.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

July 9, 2012 Acronis
Woburn, Massachusetts
BSR DISC

Unknown

A technical error caused a spreadsheet containing an unspecified number of email addresses and upgrade serial numbers to be indexed by search engines.  The email addresses from the spreadsheet were not accompanied with any personal information.  The spreadsheet was downloaded by 14 different IP addresses and the owners of those IP addresses were contacted.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

July 20, 2012 Oregonwine.com
Portland, Oregon
BSR HACK

1,313 (No SSNs or financial information reported)

A hacker or hackers accessed and posted sensitive information online.  A total of 1,313 user names and passwords were posted publicly.  The account details and name of one administrator were also posted.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

August 14, 2012 First Republic Bank
San Francisco, California
BSF PHYS

Unknown

Sensitive information that may have been in the form of paper records was improperly disposed of on August 2.  Client names, account types, account numbers, tax payer identification numbers, and Social Security numbers may have been exposed.  

 
Information Source:
California Attorney General
records from this breach used in our total: 0

February 14, 2012 Valley National Bank, American Stock Transfer and Trust Company, LLC
New York, New York
BSF DISC

Unknown

A mailing error caused 1099 forms to be sent to the wrong addresses on January 17, 2012.  Names, tax identification numbers, and addresses were exposed because incorrect or multiple addresses were printed on the forms.  Information on stock dividends and phone numbers was also exposed.  The error was discovered when some of the forms were returned by the post office as undeliverable.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

April 16, 2012 Kindred Transitional Care and Rehabilitation-Highgate
Dedham, Massachusetts
MED PHYS

Unknown

Patients may call 800-545-0749.

An office burglary resulted in the theft of a safe on January 26.  The safe contained unencrypted backup tapes that require specialized software and equipment to read.  The tapes contained patient names, dates of birth, genders, diagnoses, and progress notes.  

 
Information Source:
PHIPrivacy.net
records from this breach used in our total: 0

August 17, 2012 University of Texas M.D. Anderson Cancer Center (M.D. Anderson)
Houston, Texas
MED PORT

2,200 (No SSNs or financial information reported)

An unencrypted flash drive was discovered missing.  It had last been seen on an employee shuttle bus on July 13.  It contained patient names, dates of birth, medical record number, diagnoses and treatment information, and research information.  

 
Information Source:
PHIPrivacy.net
records from this breach used in our total: 0

June 16, 2012 U.S. Department of the Interior National Business Center
Denver, Colorado
GOV PORT

7,500 (No SSNs or financial information reported)

A compact disc was discovered missing on or around May 26.  It had been sent to the National Business Center in Denver, but may not have arrived. The data on the CD was encrypted and password-protected.  Unspecified types of personal information may have been exposed.

 
Information Source:
Media
records from this breach used in our total: 0

July 30, 2012 Neurocare, Inc.
Newton, Massachusetts
MED HACK

Unknown

A malware attack on a Neurocare CPU resulted in unauthorized intrusion into Neurocare's computer systems.  The attack compromised Neurocare's credentials for accessing a third party paryoll processor.  Unauthorized access to Neurocare's payroll system occurred sometime around June 26, but Neurocare's payroll processor immediately noticed the suspicious account activity and addressed the issue.  Neurocare was notified and immediately changed system passwords, sent notifications, and began investigations. A total of 19 employees had their personal information accessed, but all Neurocare employees may have been affected.

 
Information Source:
Media
records from this breach used in our total: 0

August 17, 2012 Discover Financial Services
Riverwoods, Illinois
BSF UNKN

Unknown

An unspecified number of Discover customers had their account numbers changed and were issued a new card.  It is unclear what type of security breach prompted the notification and when it may have occurred. Several customers in California received the notification letter; residents of other states may have been notified as well.

 
Information Source:
California Attorney General
records from this breach used in our total: 0

August 13, 2012 Office of Peggy Garland-Coleman
Spartanburg, South Carolina
BSF PHYS

Unknown

The owner of a tax preparation business that closed three years ago accidentally discarded several boxes of sensitive records.  The records had been picked over before tossed, but sensitive information still ended up in a public dumpster.  A concerned citizen found them in a recycling bin in an old supermarket lot.  Names, Social Security numbers, dates of birth, and invoices were exposed.

 
Information Source:
NAID
records from this breach used in our total: 0

August 20, 2012 U.S. District Court, Los Angeles California
Los Angeles, California
GOV INSD

Unknown

A Los Angeles federal court clerk was identified as the source of leaked confidential information.  The clerk was married to a convicted felon who then sold the information from sealed criminal case documents to an identity theft ring.  The federal court clerk, her husband, and at least 60 others from the theft ring were caught by an FBI investigation.

 
Information Source:
Databreaches.net
records from this breach used in our total: 0

March 9, 2012 Kelly Services
Troy, Michigan
BSO INSD

Unknown

People who signed up for employment through the Kelly Services staffing agency may have had their personal information retained by a former Kelly Services employee.  Kelly Services retrieved all of the sensitive information from the former employee upon learning of the breach.  Names and Social Security numbers may have been exposed.  

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

March 23, 2012 Suddenlink Communications, AAT Communications
Overland Park, Kansas
BSO INSD

Unknown

On February 24, 2012, law enforcement notified Suddenlink management of an incident involving a former employee.  The employee had obtained the personal information of individuals who worked at Suddenlink and AAT Communications between May 22, 2006 and July 21, 2006.  Names, Social Security numbers, addresses, dates of birth, wage information, and banking information may have been exposed.  The former employee was using the information for fraudulent purposes and an investigation uncovered isolated instances of information misuse between 2006 and 2012.  The former employee was arrested.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

March 27, 2012 WorldPass
El Dorado Hills, California
BSR HACK

Unknown

A hacker or hackers accessed WorldPass' online database in early July of 2010 and was not detected until March 5, 2012.  The hacker may have obtained the credit card numbers, user names, email addresses, billing addresses, and payment information of customers.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

August 21, 2012 Colorado State University - Pueblo
Pueblo, Colorado
EDU DISC

19,000 (No SSNs or financial information reported)

A few students accidentally gained access to sensitive student files.  It is not clear if the files were physical or electronic.  The students notified school authorities immediately and the problem was fixed.  It is not clear what types of student information were exposed.  

 
Information Source:
Databreaches.net
records from this breach used in our total: 0

August 22, 2012 South Bend Community School Corporation
South Bend, Indiana
EDU DISC

Unknown

A computer glitch that occurred when the district changed its student management systems caused some employee Social Security numbers to be exposed.  The numbers could only be seen by other employees who were being trained on the new computer program.  Employees were notified of the breach.

 
Information Source:
Databreaches.net
records from this breach used in our total: 0

March 23, 2012 Duke University Health System (DUHS)
Durham, North Carolina
MED PHYS

Unknown

A notice from Dukehealth.org can be found here: http://www.dukehealth.org/health_library/news/notice-to-patients-who-previously-filed-chapter-13-bankrupty

ON or around January 25, DUHS received notice that its billing subsidiary staff attached copies of outstanding billing statement(s) for services provided by DUHS facilities and/or DUHS-affiliated physicians to support proofs of claim filed in Chapter 13 bankruptcy actions by patients of DUHS.  Patient and patient dependent names, addresses, DUHS medical record number, health insurance carriers, and clinical information were exposed.  Some patients and patient dependents had their Social Security numbers and dates of birth exposed as well.  Notification letters were mailed on March 23 and again on May 18.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

March 30, 2012 Advanced Clinical Research Institute
Anaheim, California
MED PHYS

875 (No SSNs or financial information reported)

A vehicle containing paper records was impounded overnight.  Some papers with the sensitive information of research participants were discovered missing when the vehicle was reclaimed. The breach occurred on or around January 26.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

August 23, 2012 State Farm Insurance
Bloomington, Illinois
BSF INSD

Unknown

An employee was caught misusing customer information on July 28.  The dishonest employee had been improperly using customer names, Social Security numbers, addresses, dates of birth, and credit card numbers for at least two months. An unspecified number of customers had fraudulent online purchases made in their names.

 
Information Source:
California Attorney General
records from this breach used in our total: 0

August 23, 2012 John Stewart Company (JSCo)
San Francisco, California
BSO DISC

Unknown

A set of internal emails were sent to various JSCo employees on August 7 and August 13.  The emails contained the names, Social Security numbers, and in some cases, dates of birth of other employees.  Employees were instructed to delete the email upon discovery.  

 
Information Source:
California Attorney General
records from this breach used in our total: 0

March 22, 2012 Zybez
Huntsville, Alabama
BSO HACK

353 (No SSNs or financial information reported)

A hacker or hackers accessed and exposed information from Zybez.  Usernames, email addresses, IP addresses, and passwords were exposed.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

March 23, 2012 BenefitsEvent, Orvis Company
Peck Slip, New York
BSR HACK

Unknown

Orvis' hosting company notified Orvis that it may have experienced a breach.  It received reports from other clients that fraudulent charges had appeared on their customers' credit cards.  The customer credit cards had been used for hosted events. The computer database was encrypted, though it appears to have been compromised.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

February 1, 2012 Greene County
Greene, Ohio
GOV HACK

250 (No SSNs or financial information reported)

A hacker or hackers accessed information from Greene County's web server.  Names, email addresses, user names, and passwords may have been compromised.  Users who registered the same username, email address, and password combination for other accounts are encouraged to change those passwords as well.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

February 11, 2012 Manwin Holding SARL (Brazzers)
Waltham, Massachusetts
BSR HACK

350,000 (No SSNs or financial information exposed)

A hacker or hackers were able to access user records from the inactive forum of a website run by Brazzers. A portion of the compromised emails, usernames, and encrypted passwords were posted online.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

February 2, 2012 Syracuse Police Department
Syracuse, New York
GOV HACK

39 (No SSNs or financial information reported)

A hacker or hackers accessed and posted the information from a public Syracuse Police Department website. The usernames and plain text passwords of 39 police officers were exposed.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

February 10, 2012 Intel, Inc.
Santa Clara, California
BSF HACK

Unknown

A hacker accessed user information on an Intel website through a vulnerability.  The hacker had access to credit card data, Social Security numbers, emails, passwords, and other details.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

February 13, 2012 Combined Systems
Jamestown, Pennsylvania
BSR HACK

Unknown

A hacker or hackers accessed the Combined Systems website and shut it down.  The hackers claim to have struck in honor of the anniversary of the February 14, 2011 Bahrain uprising and to have wiped out the company's web servers.  Administrator logins, customer data, and emails were posted online.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

February 13, 2012 Gossip Girl
Providence, Utah
BSR HACK

2,480 (No SSNs or financial information reported)

The official fan website for the Gossip Girl TV show was hacked and defaced. Usernames, IDs, emails, and encrypted passwords were posted online.  Another hacker followed up on the attack by decrypting many of the publicly posted password hashes.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

February 8, 2012 Indianapolis Super Bowl (indianapolissuperbowl.com)
Indianapolis, Indiana
BSO HACK

2,026 (No SSNs or financial information reported)

A hacker or hackers accessed and posted information from indianapolissuperbowl.com.  In addition to 10 administrator accounts, 2,016 usernames, email addresses, and cell phone numbers were publicly posted.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

February 8, 2012 Internet Marketing Strategies (Internet Marketing Tools), Power-blog.com
Tampa, Florida
BSO HACK

5,860 (No SSNs or financial information reported)

A hacker or hackers accessed and posted information from the Internet Marketing Strategies website Power-blog.com.  Emails, usernames, and encrypted passwords were exposed.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

February 16, 2012 Drago's Seafood Restaurant
Metairie, Louisiana
BSR INSD

Unknown

A waiter was arrested for using a skimming device to steal customer credit card information.  The dishonest employee was linked to two men who were arrested for using the information. The men would purchase electronic equipment with the stolen credit card information and then attempt to resell it for cash.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

February 17, 2012 Islamic Finder
Anaheim, California
BSO HACK

279 (No SSNs or financial information reported)

A hacker or hackers accessed and posted information from islamicfinder.org online.  Usernames, names, passwords, and email addresses were exposed.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

February 19, 2012 LABusinessConnect.com, AdultStaffing.com
Phoenix, Arizona
BSO HACK

686 (No SSNs or financial information reported)

A hacker or hackers hacked LABusinessconnect.com with the intention of exposing the company's wrong doings.  A database for adultstaffing.com was contained within LABusinessconnect.com.  Administrator information from LABusinessConnect.com was posted. A total of 686 usernames, email addresses, and passwords were exposed.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

August 28, 2012 Wilkinson County Schools
Irwinton, Georgia
EDU HACK

Unknown

A student was able to access and distribute information from a classroom management system called PowerTeacher.  The student used user names and passwords to access grades, demographics, Social Security numbers, and other personal information.  Some parents reported receiving strange calls that disclosed personal information.

 
Information Source:
Databreaches.net
records from this breach used in our total: 0

August 28, 2012 Charter One, Dollar Bank, Fifth Third, First Merit, Key, PNC, Total Merchant Services
Cleveland, Ohio
BSF INSD

Unknown

Ten people consisting of assistant managers, sales representatives, and other employees of banks were arrested for participating in an identity theft ring.  Information was stolen and misused between November 2011 and February 2012.  

 
Information Source:
Databreaches.net
records from this breach used in our total: 0

February 20, 2012 Yamaha Commercial Audio Systems
Colombus, Ohio
BSR HACK

1,755 (No SSNs or financial information reported)

A hacker or hackers accessed and posted sensitive information from an official Yamaha music website.  A total of eight administrator accounts, as well as 1,755 email addresses and plain-text passwords were exposed.  

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

February 3, 2012 Patriot Self Storage (CubeSmart Management, LLC)
Boston, Massachusetts
BSR PHYS

Unknown

Files containing customer lease documents were discovered missing.  The information was several years old and included customer names and addresses.  Drivers' license numbers and Social Security numbers may have also been exposed.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

February 7, 2012 David Yurman (Yurman Design, Inc.)
New York, New York
BSR DISC

Unknown

Yurman mailed some 1099 forms to the wrong addresses.  Names, tax information, and Social Security numbers were exposed.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

February 13, 2012 Alicare, National Retirement Fund
White Plains, New York
BSF DISC

Unknown

A mailing error caused the Social Security numbers of National Retirement Fund participants to be printed on the outside of a mailed envelope.  Names and mailing addresses were also exposed.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

September 1, 2012 Temple Community Hospital
Los Angeles, California
MED STAT

600 (No SSNs or financial information reported)

Concerned patients may call 888-633-6122.

The July 3 office theft of a computer from the Radiology Department resulted in the exposure of patient information. The computer was used to store CT examination images taken between January 1, 2012 and July 2, 2012.  It contained pictures of CT scans performed, reasons for the scans, patient names, ordering doctors' names, and patient hospital account numbers.

 
Information Source:
PHIPrivacy.net
records from this breach used in our total: 0

Breach Total
815,842,526 RECORDS BREACHED
(Please see explanation about this total.)
from 4,488 DATA BREACHES made public since 2005
Showing 3651-3700 of 4488 results


X

Sign In!

Loading