Chronology of Data Breaches
Security Breaches 2005 - Present

Posted Date: April 20, 2005
Updated Date: December 31, 2013

Is this your first visit to our Chronology of Data Breaches?

  • Read our FAQ about what we define as a breached record, how we calculate the "total" records breached, our data sources, state breach notice laws, studies and other resources

  • Learn how to use our Chronology and take advantage of its sophisticated search and sort features

  • Get our RSS Feed to see when we add new breaches to the list

What would you like to do?


Click or unclick the boxes then select go.


Select features, then click GO.



Help Guide

Can't find the sort feature you're looking for? Click here to download a CSV file of the data breach list as it exisits today.
Breach Total
868,045,823 RECORDS BREACHED
(Please see explanation about this total.)
from 4,347 DATA BREACHES made public since 2005

Save or Print PDF of Entire Breach List including introduction.Save or Print a PDF of Entire Breach List (including introductory FAQ)

Filter breach list before saving or printing PDF. Conduct a search of the Chronology using its sorting features, and Save or Print a PDF of your search results (Select filters)

If you do not have access to PDF, you can print the Chronology in landscape view.

Date Made Public Name Entity Type
July 25, 2013 Securities and Exchange Commission (SEC)
Washington, District Of Columbia
BSF DISC

Unknown

A July 8 letter warned current and former employees that SEC employee data had been found on the networks of another federal agency.  The outside federal agency was not named. It appears that a former SEC employee inadvertently and unknowingly downloaded the names, Social Security numbers, and dates of birth of SEC employees onto a thumb drive and then transferred them to another agency.  The employee wanted a template of the document rather than the actual employee data that it contained.  The accidental upload of sensitive information occured in April of 2012 and again in June of either 2012 or 2013.  Employees who were with SEC before October of 2009 were affected. The breach lasted for 10 months before being noticed. The SEC confiscated the flash drive when the breach was uncovered.

 
Information Source:
Media
records from this breach used in our total: 0

August 2, 2013 Clark Memorial Hospital
Jeffersonville, Indiana
MED DISC

1,087 (No SSNs or financial information reported)

A third-party mailing error resulted in the exposure of patient health information.  Billing statements with names, dates of service, insurance information, billing information, and financial status were mailed to incorect addresses.

 
Information Source:
Media
records from this breach used in our total: 0

August 7, 2013 Retinal Consultants Medical Group (Vitreo-Retinal Medical Group)
Sacramento, California
MED PORT

1,837 (No SSNs or financial information reported)

The theft of a laptop resulted in the exposure of patient information.  The laptop was stolen from the medical group's offices sometime between June 5 and June 6.  Patient names, dates of birth, gender, race, and medical images were exposed.  

UPDATE (08/28/2013): The breach affected 1,837 patients.

 
Information Source:
Media
records from this breach used in our total: 0

August 9, 2013 Smartphone Experts
Inverness, Florida
BSR HACK

Unknown

A hacker was able to access the computer system Smartphone Experts used to process online payments on June 13.  Customer names, addresses, credit and debit card account numbers, CVV codes, and payment card experiation dates were accessed.  The credit card information was encrypted, but the hacker may have used a decryption feature within the online payment processing system to access customer information.

UPDATE (09/06/2013): The breach occurred on June 13.  This entry originally listed it as having occurred on July 12.

 
Information Source:
California Attorney General
records from this breach used in our total: 0

August 9, 2013 Auburn University - School of Forestry and Wildlife Sciences
Auburn, Alabama
EDU DISC

Unknown

Spreadsheets with donor and alumni information were accidentally uploaded to a publicly accessible server after an administrative error.  The error was discovered on June 19 and Auburn's IT office removed the information.  Names, Social Security numbers, maiden names, mailing addresses, first year at Auburn, graduation year, alumni status, email addresses, and phone numbers were exposed.

 
Information Source:
Databreaches.net
records from this breach used in our total: 0

July 2, 2013 Health Net, CalViva Health
Suwanee, Georgia
MED DISC

Unknown

A number of member identification cards were mailed to incorrect addresses.  The problem occurred because of a programming error.  The member identification cards contained names, dates of enrollment, addresses, telephone numbers of primary care physicians, issue dates of cards, and Medi-Cal client identification numbers.  

 
Information Source:
California Attorney General
records from this breach used in our total: 0

July 31, 2013 South Central Los Angeles Regional Center
Los Angeles, California
MED PORT

Unknown

The July 6 theft of an employee's vehicle resulted in the exposure of client information.  The stolen car contained an Ipad with client names and UCI numbers.  

 
Information Source:
California Attorney General
records from this breach used in our total: 0

July 31, 2013 Fidelity Investments, Oracle
Redwood, California
BSF DISC

Unknown

Current and former Oracle employees may have had their 401(k) information viewed by a plan administrator at the firm of another Fidelity client.  Names, Social Security numbers, compensation, and other 401(k) savings and investmant plan information was briefly viewed by accident.  The issue was discovered on July 10, 2013.  

 
Information Source:
California Attorney General
records from this breach used in our total: 0

July 30, 2013 California Correctional Health Care Services
Sacramento, California
MED PHYS

Unknown

An employee lost dental records while outside of California Correctional Health Care Services on June 19, 2013.  The records contained patient names, CDCR numbers, dates of birth, and dental treatment plan information.

 
Information Source:
California Attorney General
records from this breach used in our total: 0

July 2, 2013 Quayside Publishing Group
Minneapolis, Minnesota
BSO CARD

Unknown

Qbookshop.com, Qbookshop.net, Motorbooks.com, and WalterFoster.com were affected.

A credit card breach resulted in the exposure of information. Customers who made online purchases at Quayside Publishing Group had their information exposed sometime around April 29.  Names, addresses, and credit card numbers were exposed until June 17.

 
Information Source:
California Attorney General
records from this breach used in our total: 0

August 12, 2013 Income and Capital Growth Strategies Inc.
Van Nuys, California
BSF HACK

Unknown

An employee was the target of a computer network intrustion sometime between July 12 and July 15.  Information about clients and their dependents may have also been exposed.  Names, Social Security numbers, addresses, dates of birth, drivers' license numbers, and bank account information may have been accessed.  

 
Information Source:
California Attorney General
records from this breach used in our total: 0

August 16, 2013 Exelixis
San Francisco, California
BSR PORT

Unknown

The theft of one or more pieces of company electronic equipment exposed client information.  The theft was discovered on July 30 and names, Social Security numbers, financial account numbers, addresses, and dates of birth may have been exposed.

 
Information Source:
California Attorney General
records from this breach used in our total: 0

October 11, 2011 Indiana University School of Optometry
Bloomington, Indiana
MED DISC

757 (No Social Security numbers or financial information reported)

Health information stored on a computer server was accidentally made available to the public online between August and September of 2011.  Patients who were seen by a former faculty member of the school were affected because of a configuration error that occurred on August 12.  The issue was discovered on September 9 and had been corrected by September 10.  Patients seen by a certain doctor between January of 2007 and June of 2011 at clinics in Carmel and Indianapolis, Indiana were affected.  Some hospital inpatients seen between August 2007 and August 2008 were also affected.

 
Information Source:
Media
records from this breach used in our total: 0

July 25, 2013 Baltimore City
Baltimore, Maryland
GOV PHYS

Unknown

Thousands of current and former Baltimore City employees are at risk after a box was found with Baltimore City personnel information.  Records been discarded in a publicly accessible place for trash.  Names, Social Security numbers, dates of birth, drivers' license information, and other vital and personal employee information was contained in the records. The Department of Public Works obtained the box of information and is attempting to contact people based on lists of class attendants that were among the records.

 
Information Source:
Databreaches.net
records from this breach used in our total: 0

August 21, 2013 Hope Community Resources (HCR)
Anchorage, Alaska
MED DISC

3,700 (No Social Security numbers or financial information reported)

The health information of disabled patients was accidnetally released in an email on the night of August 19.  A survey was sent via email to supporters of HCR. The email also contained names, dates of birth, guardians and parents, addresses, and other patient information.

 
Information Source:
Media
records from this breach used in our total: 0

August 21, 2013 Emory University
Atlanta, Georgia
EDU HACK

Unknown

Anyone with an Emory University netID/username is being advised to change their account password due to a breach.  Emory University stated that it appears the attack on their information technology infrastructure is similar to attacks that similar organizations have seen in the past few months.  Emory University also stated that it does not appear that sensitive information was accessed.  

 
Information Source:
Media
records from this breach used in our total: 0

August 30, 2013 Osprey Packs
Cortez, Colorado
BSR HACK

Unknown

Customer information may have been exposed when Osprey Packs' Pro Deal website was hacked.  Customer names, phone numbers, email addresses, billing and shipping addresses, and credit card information may have been exposed.  Osprey Packs learned of the issue on August 7, 2013 when a customer discovered unauthorized activity on their credit card and connected it to Osprey Packs.  Other customers have also noticed fraudulent charges.  The attack may have happened as early as July 9, 2013.

 
Information Source:
Media
records from this breach used in our total: 0

August 31, 2013 John F. Kennedy International Airport
New York, New York
BSO INSD

Unknown

Seven contract baggage handlers were arrested for stealing valuables from customer luggage.  The thefts were caught on camera between April 1 and August 28.  Items such as iPads, iPhones, cash, and jewelrey were discovered in the defendants' homes and cars.

 
Information Source:
Media
records from this breach used in our total: 0

August 29, 2013 University of Texas, Texas Health Science Center at Houston Medical School
Houston, Texas
MED PORT

596 (No SSNs or financial information reported)

An unencrypted laptop that was housed in a locked closet was discovered missing on August 2.  The computer contained names, dates of birth, medical record numbers, and hand and arm image data taken between February 2010 and July 13.  The laptop had not been used since July 19.

 
Information Source:
Media
records from this breach used in our total: 0

August 27, 2013 The New York Times, Melbourne IT
New York, New York
BSO HACK

Unknown

A domain or domains belonging to The New York Times was attacked after activist hackers found a way to access the login credentials of service provider Melbourne IT.  Melbourne IT is an Australian domain name registrar that provides hosting and data services for The New York Times and other media sites.  The New York Times website was shutdown for approximately six hours.

 
Information Source:
Media
records from this breach used in our total: 0

August 29, 2013 Midwest Supplies
Roseville, Minnesota
BSR HACK

Unknown

Customer names, addresses, email addresses, phone numbers, credit card numbers, expiration dates, and security codes may have been exposed after Midwest Supplies' website was hacked.  All affected customers were offered a $25 coupon for future purchases.

 
Information Source:
Media
records from this breach used in our total: 0

August 22, 2013 San Francisco State University - College of Extended Learning
San Francisco, California
EDU HACK

Unknown

A server that contained the personal information of students was breached on March 25, 2013.  Federal law enforcement notified San Francisco State University of the breach on June 11.  The College of Extended Learning notified students of the issue on August 12.  An unspecified number of names, Social Security numbers, and other personal information was exposed.

 
Information Source:
Media
records from this breach used in our total: 0

August 13, 2013 Caledonia Home Health and Hospice
Saint Johnsbury, Vermont
MED PORT

Unknown

The theft of an employee's Netbook on July 20 resulted in the exposure of patient information.  The Netbook was stolen from the employee's home and contained Social Security numbers and other protected patient information. 

 
Information Source:
Media
records from this breach used in our total: 0

July 16, 2013 Calvert Internal Medicine Group
Prince Frederick, Maryland
MED DISC

Unknown

A finance department employee contacted ADP for troubleshooting and an ADP representative removed the firewall of Calvert Internal Medicine Group during the service call.  The firewall was not restored after the call and employees began receiving spam emails from the finance department employee's email account.  Malware was also detected in the spam inbox of the employee's computer.  Names, Social Security numbers, addresses, and other payroll information of current and former employees may have been exposed.

 
Information Source:
Media
records from this breach used in our total: 0

July 16, 2013 Academy Studios
Novato, California
BSO PHYS

Unknown

Personnel records were discarded in a public dumpster after Academy Studios. The non-profit closed in April and many of its assets were sold in an online auction on May 21.  The personnel paperwork included names, Social Security numbers, dates of birth, copies of passports, copies of drivers' licenses, I-9 forms, and other employee information.

 
Information Source:
Media
records from this breach used in our total: 0

May 30, 2013 Utah Division of Motor Vehicles (DMV)
Salt Lake City, Utah
GOV INSD

Unknown

An employee of the Utah Division of Motor Vehicles was fired in March for releasing confidential, personal information from DMV databases.  The former employee was a customer service clerk who had worked for the division for 14 years.  Investigators also took the former employee's work hard drive, computer, printer, and other items that might have contained sensitive data.  The items will be investigated in a forensics lab.

 
Information Source:
Media
records from this breach used in our total: 0

September 3, 2013 InterContinental Mark Hopkins San Francisco
San Francisco, California
BSO PORT

Unknown

A July 4 burglary resulted in the exposure of guest information.  The names, addresses, email addresses, phone numbers, and credit and debit card numbers of guests were on a computer hard drive that was stolen.  The hotel learned of the possibility of a breach of guest data on July 14 and alerted guests around August 8.

 
Information Source:
Media
records from this breach used in our total: 0

September 3, 2013 St. Anthony
St. Louis, Missouri
MED PORT

2,600 (No SSNs or financial information reported)

Patients with questions may call 800-524-7262 extension 1575.  

The July 29 car burglary of a laptop computer and flash drive resulted in the exposure of patient information.  Patient names, dates of birth, and other information contained in medical records were exposed.

 
Information Source:
Media
records from this breach used in our total: 0

September 6, 2013 Office of Dr. Hankyu Chung
San Jose, California
MED PORT

2,182 (No Social Security numbers or financial information reported)

A June 17 office burglary resulted in the theft of two laptops.  One of the laptops contained names, telephone numbers, dates of birth, visit dates, health complaints, physical examination notes, diagnoses, testing information, medication information, and other medical record information.  The thief or thieves were able to get into the office by opening an unlocked door.  No identity theft protection services are being offered to affected patients.

UPDATE (11/08/2013): HHS received a report stating that 2,182 patients were affected by the breach.

 
Information Source:
California Attorney General
records from this breach used in our total: 0

September 5, 2013 Boston Public School (BPS), Plastic Card Systems
Boston, Massachusetts
GOV PORT

20,000 (No SSNs or financial information reported)

Boston Public School students across 36 schools may have had their information compromised by the loss of a flash drive.  The flash drive was misplaced sometime around August 9 by BPS's ID card vendor Plastic Card Systems.

 
Information Source:
Media
records from this breach used in our total: 0

September 10, 2013 Outdoor Network, LLC, Boats.net, Partzilla.com
Lake Placid, Florida
BSR HACK

Unknown

Those with questions may call (888) 829-6550.

A website breach exposed an unspecified number of customer names, addresses, credit card numbers, credit card expiration dates, and CVV codes.  Hackers put malware on Outdoor Network's Boats.net and Partzilla.com websites and were able to access information from credit card transactions between December 2012 and July 2013.

 
Information Source:
Media
records from this breach used in our total: 0

September 15, 2013 International SOS Assistance, Inc.
Philadelphia, Pennsylvania
GOV HACK

Unknown

An unauthorized user or users accessed at least one U.S. system that hosts traveler information.  The type of information that may have been accessed was not reported and International SOS is still investigating the incident.

UPDATE (10/23/2013): The breach occurred on August 24 and was confirmed on August 28.  Names and passport numbers were exposed.  Some travelers also had their Social Security numbers exposed.

 
Information Source:
Media
records from this breach used in our total: 0

September 13, 2013 Argotec
Greenfield, Massachusetts
BSR UNKN

Unknown

An unspecified incident occurred on or around July 26 that may have exposed the confidential information of current and former employees.  Names, Social Security numbers, and bank account information may have been exposed.  Current employees were sent notification on August 6.

 
Information Source:
Media
records from this breach used in our total: 0

August 1, 2013 Bridgewater Associates, LP, Ceridian
Westport, Connecticut
BSF DISC

Unknown

An unauthorized individual accessed a database of employee information used for COBRA.  Names, Social Security numbers, dates of birth, addresses, and other benefit plan information of employees and their dependents may have been accessed on the Ceridian database.  The breach was discovered when a Bridgewater consultant reported that their password for the Ceridian database had been changed and someone else had used the credentials to access the database on three separate occassions.  The breach occurred sometime before April 12, 2013.

 
Information Source:
PHIPrivacy.net
records from this breach used in our total: 0

September 11, 2013 Edgewood Partners Insurance Center (EPIC)
San Mateo, California
BSF PORT

Unknown

Five laptops were stolen during a July 16 office burglary.  The laptops contained confidential information and were password-protected but unencrypted.  Current and former employees and their beneficiaries and dependents, contractors, and job applicants were affected. Names, Social Security numbers, addresses, dates of birth, drivers' license numbers, benefits information, bank account information, and health information were exposed.

 
Information Source:
Media
records from this breach used in our total: 0

September 7, 2013 Rockland Federal Credit Union
Rockland, Massachusetts
BSF HACK

Unknown

Those with questions may call 781-878-0232.

Rockland Federal Credit Union is sending customers new debit cards with new PINs as a result of a merchant who discovered a breach in their computer system.  All old debit cards will be deactivated on September 26.

 
Information Source:
Media
records from this breach used in our total: 0

September 6, 2013 Illinois Department of Healthcare and Family Services
Springfield, Illinois
MED DISC

3,100 (No Social Security numbers or financial information reported)

A contractor sent Family Health Network ID cards to the wrong addresses in July of 2013.  A total of 3,100 clients had their names, Medicaid numbers, and dates of birth exposed.

 
Information Source:
Media
records from this breach used in our total: 0

September 11, 2013 Kaiser Permanente
Oakland, California
MED DISC

Unknown

Participants in a Wellness Screening competition pilot may have had their information exposed.  A Kaiser Permanente employee accidentally included confidential information in an email sent to a member of the pilot planning team. In addition to a summary of the competition, it included names, Kaiser Permanente medical record numbers, phone numbers, email addresses, names of employers, department names, and dates and times of health screenings.  The pilot planning team member was not authorized to receive the confidential information.

 
Information Source:
California Attorney General
records from this breach used in our total: 0

September 11, 2013 FSV Payment Systems, Paymast'r Services
Boulder, Colorado
BSF HACK

Unknown

Between July 22 and July 28, an unauthoried party accessed a website that contained sensitive information.  Names, Social Security numbers, addresses, drivers' license numbers, and Payroll Card numbers may have been accessed.  The website was shutdown once the breach was discovered. Paymast'rServices, PaycheckPLUS! Payroll cards issued by MetaBank were affected.

 
Information Source:
California Attorney General
records from this breach used in our total: 0

August 22, 2013 United Shore Financial Services, Shore Mortgage
Troy, Michigan
BSF HACK

Unknown

The servers of an unnamed Shore Mortgage vendor were affected by a computer intrusion.  The incident may have began on June 2 and client information was accessed on August 15.  Names, Social Security numbers, contact information, dates of birth, drivers' license information, and financial account information were accessed.

 
Information Source:
California Attorney General
records from this breach used in our total: 0

August 16, 2013 California Correctional Health Care Services
Sacramento, California
MED INSD

1,001 (No SSNs or financial information reported)

Missing dental information was discovered to have been removed by a staff member.  Patient names, dates of birth, dental treatment plans, and other information were exposed.  Dental records may have also been taken.  The documents were first discovered missing on June 19 and had not been recovered as of August 16.

UPDATE (08/28/2013): A total of 1,001 inmates were affected.

 
Information Source:
California Attorney General
records from this breach used in our total: 0

August 28, 2013 Washington Inventory Service
Merriam, Kansas
BSO PHYS

Unknown

A box of hundred of employee records was found in a publicly accessible recycling dumpster.  The box was later recovered by an employee, but the records were still left behind.  

 
Information Source:
PHIPrivacy.net
records from this breach used in our total: 0

August 16, 2013 California Department of Corrections and Rehabilitation, Centinela State Prison
Imperial, California
MED DISC

Unknown

A file containing staff names, Social Security numbers, and dates of birth was saved to a Centinela State Prison server that was accessible to all staff.  It was on the server between July 26 and July 29 before being removed.

 
Information Source:
California Attorney General
records from this breach used in our total: 0

August 28, 2013 Office of Janna Benkelman
Denver, Colorado
MED PORT

1,500 (No SSNs or financial information reported)

Patients with questions may call 303-805-7168.

An office burglary resulted in the exposure of patient information.  A laptop was stolen from the office of Janna Benkelman, a licensed professional counselor.  The laptop was password-protected. 

 
Information Source:
PHIPrivacy.net
records from this breach used in our total: 0

August 28, 2013 Brookdale University Hospital and Medical Center
Brooklyn, New York
MED PORT

2,700 (No SSNs or financial information reported)

The May 24 loss of a portable device resulted in the exposure of patient information.  

 
Information Source:
HHS via PHIPrivacy.net
records from this breach used in our total: 0

August 28, 2013 Standard Register, Brookdale University Hospital and Medical Center
Brooklyn, New York
MED PHYS

2,261 (No SSNs or financial information reported)

The exposure of patient paper records resulted in a breach that was reported in August 2012.

 
Information Source:
HHS via PHIPrivacy.net
records from this breach used in our total: 0

August 28, 2013 Health Plus Amerigroup, Brookdale University Hospital and Medical Center
Brooklyn, New York
MED DISC

28,187 (No SSNs or financial information reported)

An accidental exposure of protected health information affected patients. The information was accidentally disclosed to other facilities.  The breach was reported in September of 2012.

 
Information Source:
HHS via PHIPrivacy.net
records from this breach used in our total: 0

August 28, 2013 Young Family Medicine Inc.
Sidney, Ohio
MED PORT

2,045 (No SSNs or financial information reported)

The June 12 theft of a laptop resulted in the exposure of patient information.

 
Information Source:
HHS via PHIPrivacy.net
records from this breach used in our total: 0

August 28, 2013 Hancock OB/GYN
Greenfield, Indiana
MED INSD

1,396 (No SSNs or financial information reported)

Those with questions may call 1-866-221-0150.

An employee was found to have accessed physician notes without a work-related reason.  The breach began on November 9, 2011 and lasted until June 17, 2013.  Names, dates of service, medical record numbers, clinical information were exposed.

 
Information Source:
HHS via PHIPrivacy.net
records from this breach used in our total: 0

September 19, 2013 DiscountMugs.com (BEL USA LLC)
Medley, Florida
BSR HACK

Unknown

Customers who placed an order online or by phone between March 1, 2013 and July 15, 2013 may have had their information exposed.  Customer names, debit and credit card numbers, addresses, phone numbers, expieration dates and CVV codes may have been accessed by hackers.

 
Information Source:
Media
records from this breach used in our total: 0

Breach Total
868,045,823 RECORDS BREACHED
(Please see explanation about this total.)
from 4,347 DATA BREACHES made public since 2005
Showing 4001-4050 of 4347 results


X

Sign In!

Loading