Chronology of Data Breaches
Security Breaches 2005 - Present

Posted Date: April 20, 2005
Updated Date: December 31, 2013

Is this your first visit to our Chronology of Data Breaches?

  • Read our FAQ about what we define as a breached record, how we calculate the "total" records breached, our data sources, state breach notice laws, studies and other resources

  • Learn how to use our Chronology and take advantage of its sophisticated search and sort features

  • Get our RSS Feed to see when we add new breaches to the list

What would you like to do?


Click or unclick the boxes then select go.


Select features, then click GO.



Help Guide

Can't find the sort feature you're looking for? Click here to download a CSV file of the data breach list as it exisits today.
Breach Total
873,642,074 RECORDS BREACHED
(Please see explanation about this total.)
from 4,400 DATA BREACHES made public since 2005

Save or Print PDF of Entire Breach List including introduction.Save or Print a PDF of Entire Breach List (including introductory FAQ)

Filter breach list before saving or printing PDF. Conduct a search of the Chronology using its sorting features, and Save or Print a PDF of your search results (Select filters)

If you do not have access to PDF, you can print the Chronology in landscape view.

Date Made Public Name Entity Type
March 5, 2010 Hancock Fabrics
Baldwyn, Mississippi
BSR DISC

Unknown

Employee documents were found near a dumpster behind the Huntsville, Alabama store. The documents were not shredded and contained payroll records dating back to 2005 with Social Security numbers, names, and pay rates.

 
Information Source:
Databreaches.net
records from this breach used in our total: 0

March 7, 2010 Randle Eastern Ambulance Service inc.
Miami, Florida
MED INSD

Unknown

A man and his wife who were previously charged with selling patient information in 2009, were charged with stealing personal information of individuals transported by Randle Eastern Ambulance Service Inc. (American Medical Response).  The information was then sold to South Florida personal injury attorneys and clinics.  The stolen information included names, telephone numbers, medical diagnoses, and addresses.  They used the help of a former AMR employee.

 
Information Source:
Databreaches.net
records from this breach used in our total: 0

March 11, 2010 First Convenience Bank
Killeen, Texas
BSF INSD

Unknown

A former employee sold customer information which led to the theft of at least $53,000 from customer accounts.

 
Information Source:
Databreaches.net
records from this breach used in our total: 0

March 1, 2010 US Bank
Cleveland, Ohio
BSF PORT

Unknown

A laptop was stolen from the desk of a financial adviser. The laptop contained personal information about bank customers.

 
Information Source:
Databreaches.net
records from this breach used in our total: 0

March 2, 2010 Diabetes Direct Inc
Juniper, Florida
MED INSD

Unknown

A former employee is accused of stealing patient information to commit identity theft. The former employee also had multiple driver's licenses and was able to open utility, bank and credit accounts.

 
Information Source:
Databreaches.net
records from this breach used in our total: 0

February 27, 2010 AT&T
Chicago, Illinois
BSF INSD

Unknown

A former employee of an unknown service provided for AT&T removed documents that contained customer credit card information.  The information may have also included Social Security numbers, driver's license numbers, names and addresses.

 
Information Source:
Databreaches.net
records from this breach used in our total: 0

October 17, 2009 Feeney Insurance Agency
Pittsburgh, Pennsylvania
BSF STAT

Unknown

A break in resulted in the theft of an unencrypted computer. The computer contained contact information, Social Security numbers, birth dates, and driver's license numbers.

 
Information Source:
Databreaches.net
records from this breach used in our total: 0

February 24, 2010 7-Eleven
Sandy, Utah
BSR CARD

Unknown

A skimming device monitored transactions at a gas station pump in Sandy, Utah. The device could have been active for 60 days before being discovered and was used to steal over $11,000.

 
Information Source:
Databreaches.net
records from this breach used in our total: 0

February 17, 2010 T.G.I. Friday's (TGIF)
Coon Rapids, Minnesota
BSR CARD

Unknown

A former employee used a skimming device to gain credit card information from customers of the Coon Rapids T.G.I. Friday's. The dishonest employee was involved with a partner who used skimming devices in a variety of locations throughout Minnesota.

 
Information Source:
Databreaches.net
records from this breach used in our total: 0

February 11, 2010 Sandwich Board Cafe
Greenwood Village, Colorado
BSO INSD

Unknown

An employee used customer credit card information to purchase $200,000 worth of Wal-Mart shopping cards.

 
Information Source:
Databreaches.net
records from this breach used in our total: 0

February 3, 2010 Private Dental Practice in Medical Commons One
Greensburg, Pennsylvania
MED PORT

Unknown

A laptop containing patient information was stolen.

 
Information Source:
HHS via Databreaches.net
records from this breach used in our total: 0

February 3, 2010 Private Practice in Medical Arts Building
Greensburg, Pennsylvania
MED PORT

Unknown

A laptop containing patient information was stolen.

 
Information Source:
HHS via Databreaches.net
records from this breach used in our total: 0

January 27, 2010 Seattle Municipal Court
Seattle, Washington
GOV INSD

Unknown

Those with questions may call (206) 553-4110.

A former customer service representative sold the names and credit card information of court customers to ID thieves who then used the information to make fake credit cards in the victims' names.

UPDATE (6/24/2011):  The leader of an ID theft ring was sentenced to five years in prison, five years of supervised release and over $220,000 in restitution for bank fraud and aggravated identity theft on June 17, 2011.  The information that the ID thieves obtained from the Seattle Municipal Court employee included the personal information and credit card numbers of people who used credit cards to pay parking and traffic fines.  One member of the ID theft ring also managed to obtain financial information from the customers of an unnamed fast food restaurant where the defendant worked.  At least five people participated in the ID theft ring.

 
Information Source:
Databreaches.net
records from this breach used in our total: 0

January 19, 2010 CHASE
Louisville, Kentucky
BSF DISC

Unknown

CHASE customer information that was sold to another business was accidentally posted on a website.  The information included names, addresses and bank account numbers.

 
Information Source:
Databreaches.net
records from this breach used in our total: 0

December 31, 2009 Time Inc., Harvard Business Review
New York, New York
MED INSD

Unknown

The incident occurred in Florida. The location listed is the corporate headquarters.

A customer service center employee may have misused customer credit card information.

UPDATE (8/09/10): Harvard Business Review customers were affected as well.

 
Information Source:
Databreaches.net
records from this breach used in our total: 0

December 22, 2009 Western Michigan University
Kalamazoo, Michigan
EDU DISC

Unknown

University officials discovered that student employee information was viewable online. The information included names, addresses and Social Security numbers.

 
Information Source:
Databreaches.net
records from this breach used in our total: 0

January 5, 2010 Metropark
Los Angeles, California
BSR DISC

Unknown

Personal documents were found at the Palisades Mall in West Nyack, New York. The documents had names, Social Security numbers, contact information, and other personal information. They appeared to be mishandled applications from a clothing store called Metropark.

 
Information Source:
Databreaches.net
records from this breach used in our total: 0

November 7, 2009 Renal Treatment Centers Southeast, DaVita Inc.
Denver, Colorado
MED STAT

Unknown

Multiple desktop computers were stolen from a facility in Dallas.  The computers contained the names, addresses, Social Security numbers, insurance numbers, and other personal information of patients.

 
Information Source:
PHIPrivacy.net
records from this breach used in our total: 0

February 27, 2010 Ameripath
Palm Beach Gardens, Florida
MED PORT

Unknown

A laptop containing sensitive information was stolen from an employee. The data included names, Social Security numbers, and addresses for patients, employees, or both.

 
Information Source:
PHIPrivacy.net
records from this breach used in our total: 0

February 25, 2010 Logic World Medical
Houston, Texas
MED INSD

Unknown

The owner and operator of Logic World Medical used the names, addresses, and account numbers of Medicaid beneficiaries to file false claims for payment of services and goods that he never provided.  Approximately $1,101,865.37 was fraudulently claimed between April of 2004 and August of 2006.

 
Information Source:
PHIPrivacy.net
records from this breach used in our total: 0

February 4, 2010 HyCentral Medical Supplies and Equipment
Derry, New Hampshire
MED INSD

Unknown

The owner of the business used Medicare client information to obtain approximately $1.6 million worth of fraudulent claims.

 
Information Source:
PHIPrivacy.net
records from this breach used in our total: 0

March 29, 2010 Griffin Hospital
Derby, Connecticut
MED INSD

957 (0 SSNs and financial documents reported)

A former employee appears to have continued accessing patient names, medical information, dates of birth and medical record numbers.  Patients received soliciting phone calls from a physician at another hospital.

UPDATE (06/212012): The physician and radiologist responsible for the breach has been fined $20,000 for downloading patient information and using it to promote radiology services at Advanced Mobile Imaging Radiology.

 
Information Source:
PHIPrivacy.net
records from this breach used in our total: 0

March 8, 2010 Huntington Place Senior Community
Chalmette, Louisiana
MED DISC

Unknown

Personal documents were found in the abandoned nursing home. The documents included names, Social Security numbers, medical records and dates of birth of patients.

 
Information Source:
PHIPrivacy.net
records from this breach used in our total: 0

March 4, 2010 Courage to Change
Houston, Texas
MED INSD

Unknown

The owner of the business used patient Medicaid information to fraudulently claim $968,583 from Medicaid between January of 2003 and September of 2006.

 
Information Source:
PHIPrivacy.net
records from this breach used in our total: 0

March 2, 2010 Family Health Center
Reston, Virginia
MED DISC

Unknown

Boxes containing patient information ended up in a dump.  The easily accessible information included health history, surgeries performed, test results, pictures, insurance cards, bank account information and addresses.  The boxes were traced back to Family Health Center on Town Center Parkway.

 
Information Source:
PHIPrivacy.net
records from this breach used in our total: 0

May 15, 2010 Los Angeles Firemen's Credit Union
Los Angeles, California
BSF DISC

Unknown

An "extremely small percentage" of member files were not properly moved when the CU relocated from an old location. The data that could have been compromised included members names, addresses, phone numbers, account numbers, Social Security numbers and other identifiers. The CU sought to reassure members that it did not believe any of their information had been compromised and that the CU had “state of the art protocols” available to validate member identifies. The CU also arranged for CU members who chose to do so to be able to enroll in a credit monitoring service for the next two years at no cost to them.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

March 19, 2010 National Realty and Investment Advisors, LLC
Hoboken, New Jersey
BSF HACK

Unknown

Certain consumer information was accessed without proper authorization on March 9, 2010. Names and addresses were accessed, as well as additional information that may have included Social Security numbers, dates of birth and/or account numbers.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

April 26, 2010 South Carolina Department of Health and Environmental Control
Columbia, South Carolina
GOV PHYS

1,824 (0 SSNs and financial information reported)

Over 1,824 people's information was found in a dumpster. It is not known what kind of personal information was included in the documents.

 
Information Source:
NAID
records from this breach used in our total: 0

May 18, 2010 The Vine Tavern and Eatery
Tempe, Arizona
BSR PHYS

Unknown

Personal documents including applicant names, Social Security numbers, and dates of birth were found in a dumpster. Customer checks with banking information and credit card receipts were also found. Reports indicate that thousands of pages of information were located.

 
Information Source:
NAID
records from this breach used in our total: 0

May 25, 2010 AT&T/Ferrell Communication
Jacksonville, Florida
BSO DISC

Unknown

A woman got quite a surprise when she looked in her recycle bin. Someone had dumped hundreds of files of people's personal information. The manila folders that were found contained personal information of AT&T cell phone customers, including credit card numbers, driver's licenses and Social Security numbers. It appears the information was collected by another company called Ferrell Communication, which was located in a strip mall. It's no longer there, and the phone number listed isn't valid. The information is contracts for AT&T wireless service customers dating back to 1999 or 2000. The information is old, but could still be valid.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

June 3, 2010 Safe Harbor Med
Santa Cruz, California
MED PORT

Unknown

Burglars stole client records, a suitcase and two bags of cookies from a medicinal marijuana referral office. Burglars also stole a computer hard drive that contained a client database, including Social Security numbers, ID numbers and other sensitive information. The burglars apparently cut power to the building — so the alarm didn't go off — and shattered a window to get into the office.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

June 7, 2010 New York City Department of Education
New York, New York
EDU HACK

Unknown

The New York City’s Special Commissioner Office revealed a hacker stole more than $640,000 from the Department of Education’s petty cash account at JP Morgan Chase and distributed the codes to others to use to pay for student loans, gas bills and other purchases. The hacker allowed individuals to pay personal bills through EFTs and, in turn, he was given cash. The scam was discovered when an unidentified woman informed Chase someone was trying to pay bills using the account.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

June 8, 2010 Bank of America
Sun City, Florida
BSF INSD

Unknown

An employee in one of Bank of America's customer call centers has admitted he stole sensitive account information and tried to sell it for cash. The man met with two individuals whom he later learned were undercover FBI agents and offered to sell them names, dates of birth, telephonic passwords, and other details for Bank of America customers, according to court records. He was looking for accomplices who knew how to milk the accounts by establishing phony credit cards in the customers' names or through other means.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

June 9, 2010 Apple Inc., AT&T
Cupertino, California
BSR HACK

120,000 (No SSNs or financial information involved)

A security breach has exposed iPad owner information. Dozens of CEOs, military officials, and top politicians may have been affected. They—and every other buyer of the cellular-enabled tablet—could be vulnerable to spam marketing and malicious hacking. The breach exposed the most exclusive email list on the planet, a collection of early-adopter iPad 3G subscribers that includes thousands of A-listers in finance, politics and media, from New York Times Co. CEO Janet Robinson to Diane Sawyer of ABC News to film mogul Harvey Weinstein to Mayor Michael Bloomberg. It even appears that White House Chief of Staff Rahm Emanuel's information was compromised. It doesn't stop there. According to the data given by the web security group that exploited vulnerabilities on the AT&T network, 114,000 user accounts have been compromised, although it's possible that confidential information about every iPad 3G owner in the U.S. has been exposed.

UPDATE (01/18/2011): Chat logs of the accused iPad hackers were turned over to investigators.  It appears that two men used an "account slurper" to conduct a "brute force" attack that lasted five days and extracted data from iPad users who accessed the Internet through AT&T's 3G network.  Each of the two men were charged with one count of conspiracy to access a computer without authorization and one count of fraud.

UPDATE (06/23/2011): One of the people responsible for writing the malicious code used to breach AT&T's computer servers pleaded guilty to his part in the attack.

UPDATE (11/20/2012): The second person responsible for discovering and exploiting a security weakness was found guilty.  AT&T iPad subscribers had their emails exposed because of the security issue.

UPDATE (03/19/2013): One of the conspirators was sentenced to 41 months in prison for identity theft and conspiracy to gain unauthorized access to computers.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

June 10, 2010 City of Springfield
Springfield, Illinois
GOV DISC

Unknown

The city of Springfield put documents online that contained sensitive information such as Social Security numbers, driver’s license numbers, home and work telephone numbers, bank account numbers and the name of someone who called the state anonymously to report suspected child abuse. The documents were posted on the city’s website in response to Freedom of Information Act requests as part of an initiative to make public information available to anyone with a computer. But personal information such as home phone numbers, Social Security numbers and driver’s license numbers are exempt from disclosure under state law.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

May 20, 2010 Strong Memorial Hospital
Rochester, New York
MED DISC

1250 (0 SSNs and credit cards involved)

Around half of all patient medical bills were sent to the wrong address. The billing statements included patient names, name and address of the person responsible for paying the bill, description of services received and the dates of services, dollar amount owed, health insurance plan and subscriber number. Around 1,250 patients were affected.

 
Information Source:
Databreaches.net
records from this breach used in our total: 0

May 22, 2010 Staff Jennings Boats
Portland, Oregon
BSR DISC

Unknown

Sales documents dating back 20 years were found in a dumpster. The personal financial information of customers included Social Security numbers and information on purchases. Staff Jennings went out of business in April of 2010.

 
Information Source:
Databreaches.net
records from this breach used in our total: 0

May 24, 2010 Cheesecake Factory
Washington, District Of Columbia
BSR INSD

Unknown

Three servers from a Cheesecake Factory restaurant were charged with using skimming devices to make over $117,000 in fraudulent charges to customer credit card accounts.

 
Information Source:
Databreaches.net
records from this breach used in our total: 0

May 25, 2010 Local Coffee
San Antonio, Texas
BSR HACK

Unknown

Hackers may have gained access to credit and debit card information by exploiting Aloha software weaknesses. After a purchase at Local Coffee, a customer's debit card was canceled. This prompted Local Coffee to temporarily stop using Aloha.  Another San Antonio eating establishment, Aldaco, also encountered hacking problems while using Aloha software.

 
Information Source:
Databreaches.net
records from this breach used in our total: 0

May 21, 2010 Aldaco's Mexican Cuisine
San Antonio, Texas
BSR HACK

Unknown

Aldaco's Mexican Cuisine at Stone Oak had a data security breach.  Customers were notified of fraudulent charges; some were from places outside of the U.S. Aldaco urged customers who had used their credit cards at the restaurant to cancel them.

 
Information Source:
Databreaches.net
records from this breach used in our total: 0

May 14, 2010 Principal Financial Group
Des Moines, Iowa
BSF HACK

Unknown

An unauthorized person using a valid employer password and user name accessed group contract number, member name, Social Security number, age and employment status of certain individuals with a connection to Principal Life Insurance.

 
Information Source:
Databreaches.net
records from this breach used in our total: 0

May 18, 2010 Capitol One
McLean, Virginia
BSF UNKN

Unknown

A fraud ring may have accessed customer information. The information included names, addresses, Social Security numbers, and other personal information. It is not known how the information was obtained or how many customers were affected. The information may have been accessed sometime between December of 2009 and February of 2010.

 
Information Source:
Databreaches.net
records from this breach used in our total: 0

May 25, 2010 Lincoln Financial Group
Radnor, Pennsylvania
BSF DISC

1,286 (0 SSNs reported)

In 2002, 2008, and 2010 records of correspondence between agents and clients were misplaced. Technical errors caused the names, addresses, policies or contract numbers, account values, trade and transaction activities, and dates of birth of the clients to be accessible.

 
Information Source:
Databreaches.net
records from this breach used in our total: 0

May 24, 2010 Lake Ridge Middle School
Woodbridge, Virginia
EDU PORT

1,200 (0 SSNs reported)

A USB drive containing student names, identification numbers, phone numbers, and medical information was stolen from the unlocked car of a school administrator at the employee's home. Over 1,200 students were affected.

 
Information Source:
Databreaches.net
records from this breach used in our total: 0

May 28, 2010 Cincinnati Children's Hospital Medical Center
Cincinnati, Ohio
MED PORT

61,000 (0 SSNs and financial information reported)

A laptop containing the names, medical record numbers, and medical services provided of patients was stolen from an employee's car while it was parked at his or her home. As a precaution, no additional laptops will be allowed outside the hospital unless they are encrypted.

 
Information Source:
Databreaches.net
records from this breach used in our total: 0

June 2, 2010 Avalon Center
Cheektowaga, New York
MED DISC

Unknown

Sensitive medical information was dumped outside of a DMV office. The medical information came from a eating disorder clinic that had recently closed. Patient information such as medical treatment and Social Security number was exposed. It is unknown how the information ended up in the dumpster.

 
Information Source:
Databreaches.net
records from this breach used in our total: 0

June 5, 2010 National Highway Traffic Safety Administration (NHTSA)
Washington, District Of Columbia
GOV DISC

Unknown

A limited search of NHTSA's public complaint database uncovered Social Security numbers, names, birth dates, addresses, VINs, and drivers' license numbers. Public access to the database of 792,000 complaint cases was temporarily ended.

 
Information Source:
Databreaches.net
records from this breach used in our total: 0

May 26, 2010 Inovis
Alpharetta, Georgia
BSO PORT

Unknown

On May 4th a laptop containing employee information was stolen from an employee of GXS who was helping with their merger. A letter notified an unknown number of Inovis employees that their addresses, Social Security numbers, names and salary information were on the laptop.

 
Information Source:
Databreaches.net
records from this breach used in our total: 0

June 17, 2010 Quantum Corporation
Bellevue, Washington
BSR PORT

Unknown

Laptops were stolen on June 13th. One of the laptops was password protected and contained sensitive employee information such as Social Security numbers, addresses, and names.

 
Information Source:
Databreaches.net
records from this breach used in our total: 0

May 28, 2010 Interior National Business Center
Denver, Colorado
GOV PORT

7,500 (0 SSNs reported)

A disc containing employee information was lost or stolen.  The Interior Department reported that it was encrypted and password-protected personally identifiable federal employee information.

 
Information Source:
Databreaches.net
records from this breach used in our total: 0

Breach Total
873,642,074 RECORDS BREACHED
(Please see explanation about this total.)
from 4,400 DATA BREACHES made public since 2005
Showing 401-450 of 4400 results


X

Sign In!

Loading