Chronology of Data Breaches
Security Breaches 2005 - Present

Posted Date: April 20, 2005
Updated Date: December 31, 2013

Is this your first visit to our Chronology of Data Breaches?

  • Read our FAQ about what we define as a breached record, how we calculate the "total" records breached, our data sources, state breach notice laws, studies and other resources

  • Learn how to use our Chronology and take advantage of its sophisticated search and sort features

  • Get our RSS Feed to see when we add new breaches to the list

What would you like to do?


Click or unclick the boxes then select go.


Select features, then click GO.



Help Guide

Can't find the sort feature you're looking for? Click here to download a CSV file of the data breach list as it exisits today.
Breach Total
868,045,823 RECORDS BREACHED
(Please see explanation about this total.)
from 4,351 DATA BREACHES made public since 2005

Save or Print PDF of Entire Breach List including introduction.Save or Print a PDF of Entire Breach List (including introductory FAQ)

Filter breach list before saving or printing PDF. Conduct a search of the Chronology using its sorting features, and Save or Print a PDF of your search results (Select filters)

If you do not have access to PDF, you can print the Chronology in landscape view.

Date Made Public Name Entity Type
May 29, 2013 Jackson Health System
Miami, Florida
MED PHYS

1,407 (No SSNs or financial information reported)

A box that contained patient medical records was determined to have been missing since January.  Patient medical diagnoses, surgical procedures, and other personal health information may have been exposed. The missing records were either on their way to be electronically scanned or returning from being scanned.

 
Information Source:
Media
records from this breach used in our total: 0

May 30, 2013 Drupal.org
,
BSO HACK

Unknown

Drupal is a volunteer-based organization and doesn't have a central location.

A hacker or hackers exploited a vulnerability in a third-party software and used it to access accounts on drupal.org. The hackers were able to upload files to the association.drupal.org and compromised Drupal's serer. Accounts on groups.drupal.org may have also been exposed. Usernames, email addresses, hashed passwords, and country information may have been exposed.

 
Information Source:
Media
records from this breach used in our total: 0

June 3, 2013 Health Information Trust Alliance
Frisko, Texas
MED HACK

111 (No SSNs or financial information reported)

A hacking incident resulted in the exposure of 111 records.  Names, phone numbers, addresses, email addresses, and company names were exposed.

 
Information Source:
Media
records from this breach used in our total: 0

May 30, 2013 California Department of Developmental Services
Sacramento, California
MED PHYS

Unknown

Stacks of patient and billing records were left in an unsecured and abandoned office in March of 2012. Credit card and Social Security numbers may have been exposed.

 
Information Source:
Media
records from this breach used in our total: 0

May 21, 2013 DENT Neurological Institute
Buffalo, New York
MED DISC

10,000 (No SSNs or financial information reported)

DENT Neurological Institute accidentally emailed the private information of more than 10,000 patients.  No sensitive medical files or Social Security numbers were involved.

 
Information Source:
Media
records from this breach used in our total: 0

May 21, 2013 Erie County Department of Social Services
Buffalo, New York
MED PHYS

Unknown

An audit revealed that several employees had not been following correct protocol for patient record disposal.  Employees had inadvertently exposed Social Security numbers, copies of birth certificates, personal medical records, tax returns, bank account information, inmate records, payroll information, court records, and passports.  Employees should have been using locked disposal totes for shredding and were discarding documents in recycling totes instead.

 
Information Source:
Media
records from this breach used in our total: 0

June 5, 2013 Massachusetts Mutual Life Insurance Company, MassMutual Financial Group
Springfield, Massachusetts
BSF DISC

Unknown

The 401(k) retirement plan information of certain clients was inadvertently exposed when a MassMutual account manager sent an email on May 8.  Names, Social Security numbers, investment elections, and account balances were included in the email.  A third party provider received the email and confirmed that the information was deleted without being saved or copied. The employee who accidentally sent the sensitive email received training on proper security procedures.

 
Information Source:
California Attorney General
records from this breach used in our total: 0

May 30, 2013 Anasazi Hotel, LLC
Sante Fe, New Mexico
BSO HACK

Unknown

Anasazi Hotel learned that it was a common link in a number of fraudulent credit card activities.  An investigation revealed that Anasazi's network had been accessed and customer credit card information had been accessed.  Malware that could transmit customer names and credit card information was on Anasazi's system.  Anyone who used a credit card at Anasazi between June 18, 2012 and March 21, 2013 may have been affected.

 
Information Source:
California Attorney General
records from this breach used in our total: 0

May 29, 2013 TJG, Inc., Target Marketing
Ashland, Virginia
BSO HACK

Unknown

The Target Marketing website was accessed by unauthorized parties on May 14.  People who used debit or credit cards on the online e-commerce platform may have had their names, email addresses, payment card numbers, expiration dates, and CVV codes accessed.

UPDATE (05/29/2013): Shumsky in Dayton, Ohio was also affected. Shumsky customers may have had their names, addresses, email addresses, credit/debit card numbers, payment card expiration dates, and CVV codes accessed.

 
Information Source:
California Attorney General
records from this breach used in our total: 0

May 28, 2013 Beachbody
Santa Monica, California
BSR HACK

Unknown

Hackers accessed Beachbody's Powder Blue website. Beachbody learned of the incident on April 17 and found that customer credit card numbers, email addresses, mailing addresses, telephone numbers, full names, and CVV numbers may have been accessed.

 
Information Source:
California Attorney General
records from this breach used in our total: 0

June 6, 2013 SynerMed, Inland Valleys IPA, Inland Empire Health Plan
Monterey Park, California
MED PORT

1,566 (No SSNs or financial information reported)

The theft of an employee's laptop resulted in the exposure of patient information.  The theft occurred on the night of April 14 or the early morning of April 15 when a thief broke into the employee's automobile.  The laptop was password-protected and reported missing on the morning of the April 15.  The laptop's access to the SynerMed systems was eliminated on the morning of April 15 and the laptop contained member names, membership numbers, member addresses, CPT Codes, Diagnosis Codes, and dates of birth.

UPDATE (06/07/2013): The laptop belonged to a group of independent California physicians managed by SynerMed, Inc. called Inland Valleys IPA.

UPDATE (06/17/2013): There were no Social Security numbers on the laptop.

UPDATE (06/21/2013): A total of 1,566 people were affected.

UPDATE (07/01/2013): A total of 3,164 patients were affected.

 
Information Source:
California Attorney General
records from this breach used in our total: 0

May 13, 2013 80sTees.com
Mount Pleasant, Pennsylvania
BSR HACK

Unknown

Unauthorized activity was detected on the 80sTees.com website.  Customers may have had their credit or debit card information exposed.

 
Information Source:
California Attorney General
records from this breach used in our total: 0

May 10, 2013 Equity Trust Company
Elyria, Ohio
BSF HACK

Unknown

An unauthorized third party accessed Equity Trust Company's computer network.  The breach was discovered at the end of January 2013 and notification letters were sent on April 15.  Equity Trust customers may have had their names, Social Security numbers, addresses, and other information viewed by online intruders.

 
Information Source:
California Attorney General
records from this breach used in our total: 0

April 11, 2013 Chapman University
Orange, California
EDU DISC

Unknown

Sensitive documents could have been viewed electronically by authenticated users of the on-campus network.  The issue was discovered on February 27. Names, Social Security numbers, student identification numbers, and dates of birth may have been viewed by people who could log into Chapman's system, but shouldn't have been able to access the information.

 
Information Source:
California Attorney General
records from this breach used in our total: 0

June 12, 2013 Sentara Virginia Beach General Hospital
Virginia Beach, Virginia
MED PHYS

Unknown

Two men claimed to be from a recycling company and stole over 200 pounds of x-ray film that contained sensitive patient information.  The men transported the x-rays from the hospital without incident by using a moving truck. The breach occurred in 2012 and affected less than 500 patients.

 
Information Source:
Databreaches.net
records from this breach used in our total: 0

June 12, 2013 Wyndham Vacation Ownership
Orlando, Florida
BSR INSD

Unknown

The Orlando Police Department notified Wyndham Vacation Ownership that a Wyndham employee had been arrested for participating in fraudulent credit card purchases.  The dishonest employee was fired the next day and may have obtained customer credit card numbers.  Wyndham learned of the issue on January 18.

 
Information Source:
Media
records from this breach used in our total: 0

June 12, 2013 Lucile Packard Children's Hospital
Palo Alto, California
MED PORT

12,900 (No SSNs or financial information reported)

A press release from Lucile Packard can be found here: http://www.lpch.org/aboutus/news/releases/2013/patient-notification.html.

Between May 2 and May 8, a non-functional laptop computer was stolen from a secured area of the hospital.  The laptop was password protected and contained names, ages, medical record numbers, telephone numbers, scheduled surgical procedures, and names of physicians involved in procedures between 2009 and 2012.  

 
Information Source:
PHIPrivacy.net
records from this breach used in our total: 0

June 14, 2013 Florida Department of Health
Florida,
MED DISC

3,300 (No Social Security Numbers reported)

Information on personal drug prescriptions from the Florida Department of Health somehow ended up in the hands of prosecution lawyers.  Names, addresses, phone numbers, pharmacies, and drug dosages were obtained by lawyers involved in six prescription-drug fraud cases. The American Civil Liberties Union of Florida began an investigation into how the records were exposed.

 
Information Source:
Media
records from this breach used in our total: 0

June 19, 2013 Ephrata Community Hospital
Ephrata, Pennsylvania
MED INSD

Unknown

Ephrata Community Hospital posted an official notice here:

http://www.ephratahospital.org/HospitalOverview/AboutUs/News/tabid/168/anid/100/Default.aspx

Those with questions may call 1-888-414-8021 and enter the reference code: 8934061413.

An employee inappropriately accessed patient information.  The incident or incidents were discovered on April 16. Patient clinical and other medical information may have been exposed. No Social Security numbers were exposed.

 
Information Source:
Media
records from this breach used in our total: 0

June 17, 2013 Yolo Federal Credit Union
Woodland, California
BSF UNKN

Unknown

Yolo was notified by Visa that there may have been a breach at several merchant locations.  Yolo was not the sight of the breach, but customers were issued new payment cards.  The issue was reported to Yolo on May 31.  

 
Information Source:
Media
records from this breach used in our total: 0

June 12, 2013 comScore
Reston, Virginia
BSR DISC

Unknown

Two comScore panelists filed a lawsuit in August of 2011 after downloading comScore software.  Allegedly, comScore collected and sold consumers' Social Security numbers, credit card numbers, financial information, retail transactions, and other personal information.  The action may have violated the Stored Communications Act, the Computer Fraud and Abuse Act, the Electronics Communications Privacy Act, and the Illinois Consumer Fraud and Deceptive Practices act. The lawsuit might cover tens of millions of people who have downloaded comScore software since 2005.  In June of 2013, the Seventh Circuit Court of Appeals in Chicago denied comScore's request to overturn a lower court's decision that had allowed the suit to proceed as a class action suit.

 
Information Source:
Media
records from this breach used in our total: 0

June 12, 2013 comScore
Reston,
BSR DISC

Unknown

Two comScore panelists filed a lawsuit in August of 2011 after downloading comScore software.  Allegedly, comScore collected and sold consumers' Social Security numbers, credit card numbers, financial information, retail transactions, and other personal information.  The action may have violated the Stored Communications Act, the Computer Fraud and Abuse Act, the Electronics Communications Privacy Act, and the Illinois Consumer Fraud and Deceptive Practices act. The lawsuit might cover tens of millions of people who have downloaded comScore software since 2005.  In June of 2013, the Seventh Circuit Court of Appeals in Chicago denied comScore's request to overturn a lower court's decision that had allowed the suit to proceed as a class action suit.

 
Information Source:
Media
records from this breach used in our total: 0

June 21, 2013 Facebook
Menlo Park, California
BSO DISC

6,000,000 (No SSNs or financial information involved)

Facebook's official notice can be found here: https://www.facebook.com/notes/facebook-security/important-message-from-facebooks-white-hat-program/10151437074840766

Facebook discovered a bug that may have allowed unauthorized users to view the personal contact information of Facebook users.  The people who could have used the information would have had some kind of connection to them or some kind of contact information, but users may have thought their email and phone numbers were hidden from these connections.  People who used the Download Your Information (DYI) tool may have been able to access the contact information.  The issue was discovered by an external group of security researches involved with the White Hat program. The breach began sometime in 2012.

 
Information Source:
Media
records from this breach used in our total: 0

June 21, 2013 Gulf Breeze Family Eyecare (Sight and Sun Eyeworks Gulf Breeze)
Gulf Breeze, Florida
MED INSD

Unknown

Sight and Sun learned of a patient privacy breach on May 17.  Patient names, Social Security numbers, addresses, medical record numbers, and other personal information may have been exposed.  An employee accessed and copied patients' electronic medical records without legitimate purpose.

UDPATE (06/26/2013): A total of 9,000 patients were affected.  It appears that the records were accessed to target patients for other medical service offerings.

 
Information Source:
Media
records from this breach used in our total: 0

June 26, 2013 Iowa Department of Health Services
Des Moines, Iowa
MED PORT

7,335 (No Social Security numbers or financial information reported)

Former patients of the Mental health Institute in Independence, Iowa and state employees may have had their confidential information exposed.  A backup tape was found to have been missing as of April 30.  Officials of Iowa Department of Human Services believe the tape was accidentally discarded or destroyed.  

UPDATE (06/27/2013): The tape contained the information of 7,300 patients and 700 employees. Only patients who were admitted after June of 2010 were affected.

 
Information Source:
PHIPrivacy.net
records from this breach used in our total: 0

June 27, 2013 Millimaki Eggert, LLP
San Diego, California
BSF PORT

Unknown

The April 27 office burglary of two password-protected laptops resulted in the exposure of sensitive client information.  Names, Social Security numbers, and addresses may have been involved.  

 
Information Source:
California Attorney General
records from this breach used in our total: 0

June 27, 2013 Citi Prepaid Services
New York, New York
BSF DISC

Unknown

Those with questions may call (888) 742-9213.

A code change in the prepaid cardholder website impacted the security features that authenticate cardholder logins.  Anyone who logged into the prepaid cardholder website between June 2 and June 13 was affected.  The issue was remediated and it does not appear that unauthorized charges have occurred on any of the affected accounts.

 
Information Source:
California Attorney General
records from this breach used in our total: 0

June 25, 2013 Baptist Health South Florida, West Kendall Baptist Hospital
Miami, Florida
MED INSD

Unknown

An employee of West Kendall Baptist Hospital sold patient information to a man who used the information to file fraudulent tax returns.  Patients may have had their names, Social Security numbers, and dates of birth exposed.  The man who purchased and used the information was sentenced to 31 months in federal prison after pleading guilty to possessing 15 or more Social Security numbers.

 
Information Source:
PHIPrivacy.net
records from this breach used in our total: 0

June 10, 2013 Independence Care System
New York, New York
MED PORT

2,434 (No SSNs or financial information involved)

The May 7 home burglary of an employee's home resulted in the theft of a laptop that contained patient information.  Fewer than 60% of the affected members had their names, zip codes, and Independence Care System (ICS) Member ID numbers exposed.  Approximately 40% of those affected also had their street address, phone number, Medicaid ID number, and enrollment and/or disenrollment date exposed.  ICS plans to implement a two-factor authentication system for network access by September of 2013 to prevent the issued from occurring again.

 
Information Source:
PHIPrivacy.net
records from this breach used in our total: 0

June 9, 2013 Integrity Oncology, Baptist Medical Group, North Atlantic Telecom
, Tennessee
MED UNKN

539 (No SSNs or financial information reported)

Integrity Oncology has multiple locations in Tennessee.

Integrity Oncology's business associate North Atlantic Telecom discovered a breach incident on March 5.  

 
Information Source:
HHS via PHIPrivacy.net
records from this breach used in our total: 0

June 9, 2013 City of Norwood
Norwood, Ohio
MED PORT

500 (No SSNs or financial information reported)

A laptop that contained protected health information was lost between the dates of April 4 and April 19.  

 
Information Source:
HHS via PHIPrivacy.net
records from this breach used in our total: 0

June 28, 2013 Greensboro ABC Stores, Triad ABC
,
BSR HACK

Unknown

Stores in the Greensboro, South Carolina and Winston-Salem, North Carolina areas were affected.

Greensboro ABC stores and Triad ABC stores discovered that the software used by cash registers had been hacked.  The malware was discovered after customers complained about fraudulent charges on their debit and credit card accounts.  The ABC stores stopped accepting credit and debit cards while investigating the issue.

 
Information Source:
Media
records from this breach used in our total: 0

July 3, 2013 Bureau of Automotive Repair (BAR)
Rancho Cordova, California
GOV HACK

Unknown

Those with questions may call the Consumer Information Center at 1-800-952-5210.

An unauthorized individual accessed the network of a BAR service provider between May 2012 and March 2013.  The bank routing information of Smog Check stations licensed with the BAR was exposed.  Those who may have had their accounts accessed are encouraged to close their old accounts and open new accounts with new PINs or passwords.

UPDATE (07/11/2013): Approximately 7,500 Smog Check stations had bank account and routing numbers associated with the businesses exposed.

 
Information Source:
California Attorney General
records from this breach used in our total: 0

July 8, 2013 Roy's Holdings, Inc.
Honolulu, Hawaii
BSR STAT

Unknown

Malware infected an employee's desktop computer.  Roy's restaurants in Ko'Olina, Waikiki, Kaanapali, Poipu, and Waikoloa were affected.  Anyone who used a debit or credit card at those locations between February, 1, 2013 and February 25, 2013 may have had their payment card information compromised.

 
Information Source:
California Attorney General
records from this breach used in our total: 0

July 11, 2013 Texas Health Harris Methodist Hospital Fort Worth, Shred-it
Fort Worth, Texas
MED PHYS

277,000 (Unknown number of SSNs)

People who may have been affected may call 1-877-216-3789 and use reference code 4537070513.

A concerned citizen alerted police to a situation on May 11.  Old microfiche records were discovered in a park even though they should have been destroyed by the Hospital's contractor Shred-it.  The records contained names, addresses, dates of birth, and health information and were from 1980 to 1990. Some records also contained Social Security numbers.  

 
Information Source:
Media
records from this breach used in our total: 0

July 11, 2013 Guildford County Schools, Page High School
Greensboro, North Carolina
EDU DISC

456 (No SSNs or financial information reported)

Parents with questions may call 336-332-0810.

A Guildford County Schools employee accidentally emailed a PDF file that contained Page High School student personal information.  Student names, addresses, phone numbers, course enrollments, grades, school district identification numbers, and other transcript data were in the PDF file. The information was emailed to a single guardian on July 2, 2013.

 
Information Source:
Media
records from this breach used in our total: 0

July 12, 2013 Long Beach Memorial Medical Center
Long Beach, California
MED INSD

2,864 (No SSNs reported)

Patients who received treatment between September 2012 to June 2013 may have had their information exposed by a breach related to an employee.  Names, sex, dates of birth, home addresses, phone numbers, account numbers, insurance information, and the reason for admission were exposed.  There is currently no reason to believe that the information was used in a malicious manner.

 
Information Source:
Media
records from this breach used in our total: 0

July 13, 2013 Cedars-Sinai Medical Center
Los Angeles, California
MED INSD

14 (No Social Security numbers or financial information reported)

Five medical workers were fired for their role in a hacking effort that targeted a celebrity.  A total of 14 patient records were breached between June 18 and June 24.  The employees misused the Hospital's information system to access patient records for curiousity or media purposes.  A volunteer also participated and was barred from working at the Hospital.

 
Information Source:
Media
records from this breach used in our total: 0

May 16, 2013 City of Akron
Akron, Ohio
GOV HACK

47,452 (Unknown number of Social Security numbers)

The City of Akron's website and internal systems were hacked by a foreign group.  Files with 47,452 entries were posted online.  Names, Social Security numbers, account numbers, credit card numbers, credit card expiration dates, addresses, and other information were in the files.  The hacking attack appears to be part of an organized international effort to hack into various U.S. government websites.

 
Information Source:
Media
records from this breach used in our total: 0

December 11, 2012 Jackson Health System, Jackson South Community Hospital
Miami, Florida
MED DISC

566 (No SSNs or financial information exposed)

Approximately 1,200 photo records of 566 patients were publicly posted on November 30.  The information was removed and two managers resigned as a result of the breach.

 
Information Source:
Media
records from this breach used in our total: 0

July 22, 2013 Apple Inc.
Cupertino, California
BSR HACK

Unknown

Apple's website for developers was accessed by unauthorized parties.  Registered developer names, mailing addresses, and email addresses may have been accessed on Thursday, July 18.  Encrypted customer information was not affected.

 
Information Source:
Media
records from this breach used in our total: 0

July 18, 2013 NASDAQ.com
New York, New York
BSO HACK

Unknown

Hackers were able to steal passwords from a NASDAQ Community forum.  It is likely that only passwords  and non-financial inforimation was stolen.  NASDAQ alerted users to the issue and took the website offline to upgrade its security.  There is concern that the hackers will use the email and password information to send phishing messages and obtain access to various financial accounts.

 
Information Source:
Media
records from this breach used in our total: 0

July 23, 2013 Henry Ford Health System
Detroit, Michigan
MED PHYS

15,417 (No SSNs or financial information reported)

A warehouse that was not owned by Henry Ford Health System was raided for old X-rays.  X-rays can be stripped for silver and these medical X-rays also contained the names, addresses, and dates of birth of patients of Henry Ford Health System.  The X-rays dated between 1996 and 2003.  Henry Ford Health System learned about the issue on May 24.

 
Information Source:
Media
records from this breach used in our total: 0

July 26, 2013 NASDAQ OMX Group Inc.
New York, New York
BSF INSD

Unknown

Malware was installed on servers between November of 2008 and October of 2010.  This allowed one or more hackers to execut commands to delte, change, and steal data from the computers used by NASDAQ.  A total of five foreign hackers were charged for involvement in a series of financial incidents.  They were all collaborating in a scheme to target major corporate networks and were able to steal more than 160 million credit card numbers across corporations.

 
Information Source:
Media
records from this breach used in our total: 0

July 24, 2013 Tinder
West Hollywood, California
BSO DISC

Unknown

Tinder advertises to users that their physical location information is never shown to other users.  An outside engineer discovered an issue with the Tinder app that allowed the locations of users to be available for at least two weeks.  Last known locations, Facebook IDs, dates of birth, gender, and names were available.  

 
Information Source:
Media
records from this breach used in our total: 0

July 24, 2013 Tinder
West Hollywood, California
BSO DISC

Unknown

Tinder advertises to users that their physical location information is never shown to other users.  An outside engineer discovered an issue with the Tinder app that allowed the locations of users to be available for at least two weeks.  Last known locations, Facebook IDs, dates of birth, gender, and names were available.  

 
Information Source:
Media
records from this breach used in our total: 0

July 29, 2013 Fairfax County Public Schools
Falls Church, Virginia
MED PORT

2,000 (No Social Security numbers or financial information reported)

Brookfield, Fairfax Villa, and Navy elementary schools were affected.  Lanier and Rocky Run middle schools were affected. Chantilly High School and Chantilly Academy were also affected.

The July 15 theft of a laptop resulted in the exposure of student information.  The laptop was stolen from the car of a school nurse and contained school, health and other confidential information.  Student names, school identification numbers, allergies, and other medical conditions were on a spreadsheet on the health-department-issued laptop.

 
Information Source:
Media
records from this breach used in our total: 0

July 29, 2013 Wal-Mart
, Oklahoma
BSR CARD

Unknown

Multiple locations in Oklahoma were affected.

Two men were indicted for their role in a skimming plot.  They are accused of fraudulently obtaining $400,000 by placing skimming devices at gas pumps at Wal-Mart stores for up to two months at a time.  The then created counterfeit cards by using hte legitimate card information obtained through skimming.  The skimming ring ran from April 2012 through January 2013.

 
Information Source:
Media
records from this breach used in our total: 0

July 26, 2013 Stanford University
Stanford, California
EDU HACK

Unknown

People who used Stanford University's computer network have been asked to reset their passwords. Stanford released few details but stated that it does not appear that Social Security numbers and financilai nformation were accessed or exposed.

 
Information Source:
Media
records from this breach used in our total: 0

July 29, 2013 Oregon Health & Science University (OHSU)
Portland, Oregon
MED DISC

3,000 (No SSNs or financial information reported)

Patient data could have been accessed due to a storage error.  The information of patients admitted between January 2011 and July 3 of 2013 was placed on Google's cloud computing system.  The information was password-protected, but could have still been used for promotional and other purposes because OHSU does not have a contract with Google.  OSHU removed the information from the cloud.

 
Information Source:
Media
records from this breach used in our total: 0

Breach Total
868,045,823 RECORDS BREACHED
(Please see explanation about this total.)
from 4,351 DATA BREACHES made public since 2005
Showing 3951-4000 of 4351 results


X

Sign In!

Loading