Chronology of Data Breaches
Security Breaches 2005 - Present

Posted Date: April 20, 2005
Updated Date: December 31, 2013

Is this your first visit to our Chronology of Data Breaches?

  • Read our FAQ about what we define as a breached record, how we calculate the "total" records breached, our data sources, state breach notice laws, studies and other resources

  • Learn how to use our Chronology and take advantage of its sophisticated search and sort features

  • Get our RSS Feed to see when we add new breaches to the list

What would you like to do?


Click or unclick the boxes then select go.


Select features, then click GO.



Help Guide

Can't find the sort feature you're looking for? Click here to download a CSV file of the data breach list as it exisits today.
Breach Total
930,642,074 RECORDS BREACHED
(Please see explanation about this total.)
from 4,404 DATA BREACHES made public since 2005

Save or Print PDF of Entire Breach List including introduction.Save or Print a PDF of Entire Breach List (including introductory FAQ)

Filter breach list before saving or printing PDF. Conduct a search of the Chronology using its sorting features, and Save or Print a PDF of your search results (Select filters)

If you do not have access to PDF, you can print the Chronology in landscape view.

Date Made Public Name Entity Type
July 11, 2013 Texas Health Harris Methodist Hospital Fort Worth, Shred-it
Fort Worth, Texas
MED PHYS

277,000 (Unknown number of SSNs)

People who may have been affected may call 1-877-216-3789 and use reference code 4537070513.

A concerned citizen alerted police to a situation on May 11.  Old microfiche records were discovered in a park even though they should have been destroyed by the Hospital's contractor Shred-it.  The records contained names, addresses, dates of birth, and health information and were from 1980 to 1990. Some records also contained Social Security numbers.  

 
Information Source:
Media
records from this breach used in our total: 0

July 11, 2013 Guildford County Schools, Page High School
Greensboro, North Carolina
EDU DISC

456 (No SSNs or financial information reported)

Parents with questions may call 336-332-0810.

A Guildford County Schools employee accidentally emailed a PDF file that contained Page High School student personal information.  Student names, addresses, phone numbers, course enrollments, grades, school district identification numbers, and other transcript data were in the PDF file. The information was emailed to a single guardian on July 2, 2013.

 
Information Source:
Media
records from this breach used in our total: 0

July 12, 2013 Long Beach Memorial Medical Center
Long Beach, California
MED INSD

2,864 (No SSNs reported)

Patients who received treatment between September 2012 to June 2013 may have had their information exposed by a breach related to an employee.  Names, sex, dates of birth, home addresses, phone numbers, account numbers, insurance information, and the reason for admission were exposed.  There is currently no reason to believe that the information was used in a malicious manner.

 
Information Source:
Media
records from this breach used in our total: 0

July 13, 2013 Cedars-Sinai Medical Center
Los Angeles, California
MED INSD

14 (No Social Security numbers or financial information reported)

Five medical workers were fired for their role in a hacking effort that targeted a celebrity.  A total of 14 patient records were breached between June 18 and June 24.  The employees misused the Hospital's information system to access patient records for curiousity or media purposes.  A volunteer also participated and was barred from working at the Hospital.

 
Information Source:
Media
records from this breach used in our total: 0

May 16, 2013 City of Akron
Akron, Ohio
GOV HACK

47,452 (Unknown number of Social Security numbers)

The City of Akron's website and internal systems were hacked by a foreign group.  Files with 47,452 entries were posted online.  Names, Social Security numbers, account numbers, credit card numbers, credit card expiration dates, addresses, and other information were in the files.  The hacking attack appears to be part of an organized international effort to hack into various U.S. government websites.

 
Information Source:
Media
records from this breach used in our total: 0

December 11, 2012 Jackson Health System, Jackson South Community Hospital
Miami, Florida
MED DISC

566 (No SSNs or financial information exposed)

Approximately 1,200 photo records of 566 patients were publicly posted on November 30.  The information was removed and two managers resigned as a result of the breach.

 
Information Source:
Media
records from this breach used in our total: 0

July 22, 2013 Apple Inc.
Cupertino, California
BSR HACK

Unknown

Apple's website for developers was accessed by unauthorized parties.  Registered developer names, mailing addresses, and email addresses may have been accessed on Thursday, July 18.  Encrypted customer information was not affected.

 
Information Source:
Media
records from this breach used in our total: 0

July 18, 2013 NASDAQ.com
New York, New York
BSO HACK

Unknown

Hackers were able to steal passwords from a NASDAQ Community forum.  It is likely that only passwords  and non-financial inforimation was stolen.  NASDAQ alerted users to the issue and took the website offline to upgrade its security.  There is concern that the hackers will use the email and password information to send phishing messages and obtain access to various financial accounts.

 
Information Source:
Media
records from this breach used in our total: 0

July 23, 2013 Henry Ford Health System
Detroit, Michigan
MED PHYS

15,417 (No SSNs or financial information reported)

A warehouse that was not owned by Henry Ford Health System was raided for old X-rays.  X-rays can be stripped for silver and these medical X-rays also contained the names, addresses, and dates of birth of patients of Henry Ford Health System.  The X-rays dated between 1996 and 2003.  Henry Ford Health System learned about the issue on May 24.

 
Information Source:
Media
records from this breach used in our total: 0

July 26, 2013 NASDAQ OMX Group Inc.
New York, New York
BSF INSD

Unknown

Malware was installed on servers between November of 2008 and October of 2010.  This allowed one or more hackers to execut commands to delte, change, and steal data from the computers used by NASDAQ.  A total of five foreign hackers were charged for involvement in a series of financial incidents.  They were all collaborating in a scheme to target major corporate networks and were able to steal more than 160 million credit card numbers across corporations.

 
Information Source:
Media
records from this breach used in our total: 0

July 24, 2013 Tinder
West Hollywood, California
BSO DISC

Unknown

Tinder advertises to users that their physical location information is never shown to other users.  An outside engineer discovered an issue with the Tinder app that allowed the locations of users to be available for at least two weeks.  Last known locations, Facebook IDs, dates of birth, gender, and names were available.  

 
Information Source:
Media
records from this breach used in our total: 0

July 24, 2013 Tinder
West Hollywood, California
BSO DISC

Unknown

Tinder advertises to users that their physical location information is never shown to other users.  An outside engineer discovered an issue with the Tinder app that allowed the locations of users to be available for at least two weeks.  Last known locations, Facebook IDs, dates of birth, gender, and names were available.  

 
Information Source:
Media
records from this breach used in our total: 0

July 29, 2013 Fairfax County Public Schools
Falls Church, Virginia
MED PORT

2,000 (No Social Security numbers or financial information reported)

Brookfield, Fairfax Villa, and Navy elementary schools were affected.  Lanier and Rocky Run middle schools were affected. Chantilly High School and Chantilly Academy were also affected.

The July 15 theft of a laptop resulted in the exposure of student information.  The laptop was stolen from the car of a school nurse and contained school, health and other confidential information.  Student names, school identification numbers, allergies, and other medical conditions were on a spreadsheet on the health-department-issued laptop.

 
Information Source:
Media
records from this breach used in our total: 0

July 29, 2013 Wal-Mart
, Oklahoma
BSR CARD

Unknown

Multiple locations in Oklahoma were affected.

Two men were indicted for their role in a skimming plot.  They are accused of fraudulently obtaining $400,000 by placing skimming devices at gas pumps at Wal-Mart stores for up to two months at a time.  The then created counterfeit cards by using hte legitimate card information obtained through skimming.  The skimming ring ran from April 2012 through January 2013.

 
Information Source:
Media
records from this breach used in our total: 0

July 26, 2013 Stanford University
Stanford, California
EDU HACK

Unknown

People who used Stanford University's computer network have been asked to reset their passwords. Stanford released few details but stated that it does not appear that Social Security numbers and financilai nformation were accessed or exposed.

 
Information Source:
Media
records from this breach used in our total: 0

July 29, 2013 Oregon Health & Science University (OHSU)
Portland, Oregon
MED DISC

3,000 (No SSNs or financial information reported)

Patient data could have been accessed due to a storage error.  The information of patients admitted between January 2011 and July 3 of 2013 was placed on Google's cloud computing system.  The information was password-protected, but could have still been used for promotional and other purposes because OHSU does not have a contract with Google.  OSHU removed the information from the cloud.

 
Information Source:
Media
records from this breach used in our total: 0

July 25, 2013 Securities and Exchange Commission (SEC)
Washington, District Of Columbia
BSF DISC

Unknown

A July 8 letter warned current and former employees that SEC employee data had been found on the networks of another federal agency.  The outside federal agency was not named. It appears that a former SEC employee inadvertently and unknowingly downloaded the names, Social Security numbers, and dates of birth of SEC employees onto a thumb drive and then transferred them to another agency.  The employee wanted a template of the document rather than the actual employee data that it contained.  The accidental upload of sensitive information occured in April of 2012 and again in June of either 2012 or 2013.  Employees who were with SEC before October of 2009 were affected. The breach lasted for 10 months before being noticed. The SEC confiscated the flash drive when the breach was uncovered.

 
Information Source:
Media
records from this breach used in our total: 0

August 2, 2013 Clark Memorial Hospital
Jeffersonville, Indiana
MED DISC

1,087 (No SSNs or financial information reported)

A third-party mailing error resulted in the exposure of patient health information.  Billing statements with names, dates of service, insurance information, billing information, and financial status were mailed to incorect addresses.

 
Information Source:
Media
records from this breach used in our total: 0

August 7, 2013 Retinal Consultants Medical Group (Vitreo-Retinal Medical Group)
Sacramento, California
MED PORT

1,837 (No SSNs or financial information reported)

The theft of a laptop resulted in the exposure of patient information.  The laptop was stolen from the medical group's offices sometime between June 5 and June 6.  Patient names, dates of birth, gender, race, and medical images were exposed.  

UPDATE (08/28/2013): The breach affected 1,837 patients.

 
Information Source:
Media
records from this breach used in our total: 0

August 9, 2013 Smartphone Experts
Inverness, Florida
BSR HACK

Unknown

A hacker was able to access the computer system Smartphone Experts used to process online payments on June 13.  Customer names, addresses, credit and debit card account numbers, CVV codes, and payment card experiation dates were accessed.  The credit card information was encrypted, but the hacker may have used a decryption feature within the online payment processing system to access customer information.

UPDATE (09/06/2013): The breach occurred on June 13.  This entry originally listed it as having occurred on July 12.

 
Information Source:
California Attorney General
records from this breach used in our total: 0

August 9, 2013 Auburn University - School of Forestry and Wildlife Sciences
Auburn, Alabama
EDU DISC

Unknown

Spreadsheets with donor and alumni information were accidentally uploaded to a publicly accessible server after an administrative error.  The error was discovered on June 19 and Auburn's IT office removed the information.  Names, Social Security numbers, maiden names, mailing addresses, first year at Auburn, graduation year, alumni status, email addresses, and phone numbers were exposed.

 
Information Source:
Databreaches.net
records from this breach used in our total: 0

July 2, 2013 Health Net, CalViva Health
Suwanee, Georgia
MED DISC

Unknown

A number of member identification cards were mailed to incorrect addresses.  The problem occurred because of a programming error.  The member identification cards contained names, dates of enrollment, addresses, telephone numbers of primary care physicians, issue dates of cards, and Medi-Cal client identification numbers.  

 
Information Source:
California Attorney General
records from this breach used in our total: 0

July 31, 2013 South Central Los Angeles Regional Center
Los Angeles, California
MED PORT

Unknown

The July 6 theft of an employee's vehicle resulted in the exposure of client information.  The stolen car contained an Ipad with client names and UCI numbers.  

 
Information Source:
California Attorney General
records from this breach used in our total: 0

July 31, 2013 Fidelity Investments, Oracle
Redwood, California
BSF DISC

Unknown

Current and former Oracle employees may have had their 401(k) information viewed by a plan administrator at the firm of another Fidelity client.  Names, Social Security numbers, compensation, and other 401(k) savings and investmant plan information was briefly viewed by accident.  The issue was discovered on July 10, 2013.  

 
Information Source:
California Attorney General
records from this breach used in our total: 0

July 30, 2013 California Correctional Health Care Services
Sacramento, California
MED PHYS

Unknown

An employee lost dental records while outside of California Correctional Health Care Services on June 19, 2013.  The records contained patient names, CDCR numbers, dates of birth, and dental treatment plan information.

 
Information Source:
California Attorney General
records from this breach used in our total: 0

July 2, 2013 Quayside Publishing Group
Minneapolis, Minnesota
BSO CARD

Unknown

Qbookshop.com, Qbookshop.net, Motorbooks.com, and WalterFoster.com were affected.

A credit card breach resulted in the exposure of information. Customers who made online purchases at Quayside Publishing Group had their information exposed sometime around April 29.  Names, addresses, and credit card numbers were exposed until June 17.

 
Information Source:
California Attorney General
records from this breach used in our total: 0

August 12, 2013 Income and Capital Growth Strategies Inc.
Van Nuys, California
BSF HACK

Unknown

An employee was the target of a computer network intrustion sometime between July 12 and July 15.  Information about clients and their dependents may have also been exposed.  Names, Social Security numbers, addresses, dates of birth, drivers' license numbers, and bank account information may have been accessed.  

 
Information Source:
California Attorney General
records from this breach used in our total: 0

August 16, 2013 Exelixis
San Francisco, California
BSR PORT

Unknown

The theft of one or more pieces of company electronic equipment exposed client information.  The theft was discovered on July 30 and names, Social Security numbers, financial account numbers, addresses, and dates of birth may have been exposed.

 
Information Source:
California Attorney General
records from this breach used in our total: 0

October 11, 2011 Indiana University School of Optometry
Bloomington, Indiana
MED DISC

757 (No Social Security numbers or financial information reported)

Health information stored on a computer server was accidentally made available to the public online between August and September of 2011.  Patients who were seen by a former faculty member of the school were affected because of a configuration error that occurred on August 12.  The issue was discovered on September 9 and had been corrected by September 10.  Patients seen by a certain doctor between January of 2007 and June of 2011 at clinics in Carmel and Indianapolis, Indiana were affected.  Some hospital inpatients seen between August 2007 and August 2008 were also affected.

 
Information Source:
Media
records from this breach used in our total: 0

July 25, 2013 Baltimore City
Baltimore, Maryland
GOV PHYS

Unknown

Thousands of current and former Baltimore City employees are at risk after a box was found with Baltimore City personnel information.  Records been discarded in a publicly accessible place for trash.  Names, Social Security numbers, dates of birth, drivers' license information, and other vital and personal employee information was contained in the records. The Department of Public Works obtained the box of information and is attempting to contact people based on lists of class attendants that were among the records.

 
Information Source:
Databreaches.net
records from this breach used in our total: 0

August 21, 2013 Hope Community Resources (HCR)
Anchorage, Alaska
MED DISC

3,700 (No Social Security numbers or financial information reported)

The health information of disabled patients was accidnetally released in an email on the night of August 19.  A survey was sent via email to supporters of HCR. The email also contained names, dates of birth, guardians and parents, addresses, and other patient information.

 
Information Source:
Media
records from this breach used in our total: 0

August 21, 2013 Emory University
Atlanta, Georgia
EDU HACK

Unknown

Anyone with an Emory University netID/username is being advised to change their account password due to a breach.  Emory University stated that it appears the attack on their information technology infrastructure is similar to attacks that similar organizations have seen in the past few months.  Emory University also stated that it does not appear that sensitive information was accessed.  

 
Information Source:
Media
records from this breach used in our total: 0

August 30, 2013 Osprey Packs
Cortez, Colorado
BSR HACK

Unknown

Customer information may have been exposed when Osprey Packs' Pro Deal website was hacked.  Customer names, phone numbers, email addresses, billing and shipping addresses, and credit card information may have been exposed.  Osprey Packs learned of the issue on August 7, 2013 when a customer discovered unauthorized activity on their credit card and connected it to Osprey Packs.  Other customers have also noticed fraudulent charges.  The attack may have happened as early as July 9, 2013.

 
Information Source:
Media
records from this breach used in our total: 0

August 31, 2013 John F. Kennedy International Airport
New York, New York
BSO INSD

Unknown

Seven contract baggage handlers were arrested for stealing valuables from customer luggage.  The thefts were caught on camera between April 1 and August 28.  Items such as iPads, iPhones, cash, and jewelrey were discovered in the defendants' homes and cars.

 
Information Source:
Media
records from this breach used in our total: 0

August 29, 2013 University of Texas, Texas Health Science Center at Houston Medical School
Houston, Texas
MED PORT

596 (No SSNs or financial information reported)

An unencrypted laptop that was housed in a locked closet was discovered missing on August 2.  The computer contained names, dates of birth, medical record numbers, and hand and arm image data taken between February 2010 and July 13.  The laptop had not been used since July 19.

 
Information Source:
Media
records from this breach used in our total: 0

August 27, 2013 The New York Times, Melbourne IT
New York, New York
BSO HACK

Unknown

A domain or domains belonging to The New York Times was attacked after activist hackers found a way to access the login credentials of service provider Melbourne IT.  Melbourne IT is an Australian domain name registrar that provides hosting and data services for The New York Times and other media sites.  The New York Times website was shutdown for approximately six hours.

 
Information Source:
Media
records from this breach used in our total: 0

August 29, 2013 Midwest Supplies
Roseville, Minnesota
BSR HACK

Unknown

Customer names, addresses, email addresses, phone numbers, credit card numbers, expiration dates, and security codes may have been exposed after Midwest Supplies' website was hacked.  All affected customers were offered a $25 coupon for future purchases.

 
Information Source:
Media
records from this breach used in our total: 0

August 22, 2013 San Francisco State University - College of Extended Learning
San Francisco, California
EDU HACK

Unknown

A server that contained the personal information of students was breached on March 25, 2013.  Federal law enforcement notified San Francisco State University of the breach on June 11.  The College of Extended Learning notified students of the issue on August 12.  An unspecified number of names, Social Security numbers, and other personal information was exposed.

 
Information Source:
Media
records from this breach used in our total: 0

August 13, 2013 Caledonia Home Health and Hospice
Saint Johnsbury, Vermont
MED PORT

Unknown

The theft of an employee's Netbook on July 20 resulted in the exposure of patient information.  The Netbook was stolen from the employee's home and contained Social Security numbers and other protected patient information. 

 
Information Source:
Media
records from this breach used in our total: 0

July 16, 2013 Calvert Internal Medicine Group
Prince Frederick, Maryland
MED DISC

Unknown

A finance department employee contacted ADP for troubleshooting and an ADP representative removed the firewall of Calvert Internal Medicine Group during the service call.  The firewall was not restored after the call and employees began receiving spam emails from the finance department employee's email account.  Malware was also detected in the spam inbox of the employee's computer.  Names, Social Security numbers, addresses, and other payroll information of current and former employees may have been exposed.

 
Information Source:
Media
records from this breach used in our total: 0

July 16, 2013 Academy Studios
Novato, California
BSO PHYS

Unknown

Personnel records were discarded in a public dumpster after Academy Studios. The non-profit closed in April and many of its assets were sold in an online auction on May 21.  The personnel paperwork included names, Social Security numbers, dates of birth, copies of passports, copies of drivers' licenses, I-9 forms, and other employee information.

 
Information Source:
Media
records from this breach used in our total: 0

May 30, 2013 Utah Division of Motor Vehicles (DMV)
Salt Lake City, Utah
GOV INSD

Unknown

An employee of the Utah Division of Motor Vehicles was fired in March for releasing confidential, personal information from DMV databases.  The former employee was a customer service clerk who had worked for the division for 14 years.  Investigators also took the former employee's work hard drive, computer, printer, and other items that might have contained sensitive data.  The items will be investigated in a forensics lab.

 
Information Source:
Media
records from this breach used in our total: 0

September 3, 2013 InterContinental Mark Hopkins San Francisco
San Francisco, California
BSO PORT

Unknown

A July 4 burglary resulted in the exposure of guest information.  The names, addresses, email addresses, phone numbers, and credit and debit card numbers of guests were on a computer hard drive that was stolen.  The hotel learned of the possibility of a breach of guest data on July 14 and alerted guests around August 8.

 
Information Source:
Media
records from this breach used in our total: 0

September 3, 2013 St. Anthony
St. Louis, Missouri
MED PORT

2,600 (No SSNs or financial information reported)

Patients with questions may call 800-524-7262 extension 1575.  

The July 29 car burglary of a laptop computer and flash drive resulted in the exposure of patient information.  Patient names, dates of birth, and other information contained in medical records were exposed.

 
Information Source:
Media
records from this breach used in our total: 0

September 6, 2013 Office of Dr. Hankyu Chung
San Jose, California
MED PORT

2,182 (No Social Security numbers or financial information reported)

A June 17 office burglary resulted in the theft of two laptops.  One of the laptops contained names, telephone numbers, dates of birth, visit dates, health complaints, physical examination notes, diagnoses, testing information, medication information, and other medical record information.  The thief or thieves were able to get into the office by opening an unlocked door.  No identity theft protection services are being offered to affected patients.

UPDATE (11/08/2013): HHS received a report stating that 2,182 patients were affected by the breach.

 
Information Source:
California Attorney General
records from this breach used in our total: 0

September 5, 2013 Boston Public School (BPS), Plastic Card Systems
Boston, Massachusetts
GOV PORT

20,000 (No SSNs or financial information reported)

Boston Public School students across 36 schools may have had their information compromised by the loss of a flash drive.  The flash drive was misplaced sometime around August 9 by BPS's ID card vendor Plastic Card Systems.

 
Information Source:
Media
records from this breach used in our total: 0

September 10, 2013 Outdoor Network, LLC, Boats.net, Partzilla.com
Lake Placid, Florida
BSR HACK

Unknown

Those with questions may call (888) 829-6550.

A website breach exposed an unspecified number of customer names, addresses, credit card numbers, credit card expiration dates, and CVV codes.  Hackers put malware on Outdoor Network's Boats.net and Partzilla.com websites and were able to access information from credit card transactions between December 2012 and July 2013.

 
Information Source:
Media
records from this breach used in our total: 0

September 15, 2013 International SOS Assistance, Inc.
Philadelphia, Pennsylvania
GOV HACK

Unknown

An unauthorized user or users accessed at least one U.S. system that hosts traveler information.  The type of information that may have been accessed was not reported and International SOS is still investigating the incident.

UPDATE (10/23/2013): The breach occurred on August 24 and was confirmed on August 28.  Names and passport numbers were exposed.  Some travelers also had their Social Security numbers exposed.

 
Information Source:
Media
records from this breach used in our total: 0

September 13, 2013 Argotec
Greenfield, Massachusetts
BSR UNKN

Unknown

An unspecified incident occurred on or around July 26 that may have exposed the confidential information of current and former employees.  Names, Social Security numbers, and bank account information may have been exposed.  Current employees were sent notification on August 6.

 
Information Source:
Media
records from this breach used in our total: 0

August 1, 2013 Bridgewater Associates, LP, Ceridian
Westport, Connecticut
BSF DISC

Unknown

An unauthorized individual accessed a database of employee information used for COBRA.  Names, Social Security numbers, dates of birth, addresses, and other benefit plan information of employees and their dependents may have been accessed on the Ceridian database.  The breach was discovered when a Bridgewater consultant reported that their password for the Ceridian database had been changed and someone else had used the credentials to access the database on three separate occassions.  The breach occurred sometime before April 12, 2013.

 
Information Source:
PHIPrivacy.net
records from this breach used in our total: 0

Breach Total
930,642,074 RECORDS BREACHED
(Please see explanation about this total.)
from 4,404 DATA BREACHES made public since 2005
Showing 4001-4050 of 4404 results


X

Sign In!

Loading