Chronology of Data Breaches
Security Breaches 2005 - Present

Posted Date: April 20, 2005
Updated Date: December 31, 2013

Is this your first visit to our Chronology of Data Breaches?

  • Read our FAQ about what we define as a breached record, how we calculate the "total" records breached, our data sources, state breach notice laws, studies and other resources

  • Learn how to use our Chronology and take advantage of its sophisticated search and sort features

  • Get our RSS Feed to see when we add new breaches to the list

What would you like to do?


Click or unclick the boxes then select go.


Select features, then click GO.



Help Guide

Can't find the sort feature you're looking for? Click here to download a CSV file of the data breach list as it exisits today.
Breach Total
931,357,921 RECORDS BREACHED
(Please see explanation about this total.)
from 4,449 DATA BREACHES made public since 2005

Save or Print PDF of Entire Breach List including introduction.Save or Print a PDF of Entire Breach List (including introductory FAQ)

Filter breach list before saving or printing PDF. Conduct a search of the Chronology using its sorting features, and Save or Print a PDF of your search results (Select filters)

If you do not have access to PDF, you can print the Chronology in landscape view.

Date Made Public Name Entity Type
September 3, 2013 St. Anthony
St. Louis, Missouri
MED PORT

2,600 (No SSNs or financial information reported)

Patients with questions may call 800-524-7262 extension 1575.  

The July 29 car burglary of a laptop computer and flash drive resulted in the exposure of patient information.  Patient names, dates of birth, and other information contained in medical records were exposed.

 
Information Source:
Media
records from this breach used in our total: 0

September 6, 2013 Office of Dr. Hankyu Chung
San Jose, California
MED PORT

2,182 (No Social Security numbers or financial information reported)

A June 17 office burglary resulted in the theft of two laptops.  One of the laptops contained names, telephone numbers, dates of birth, visit dates, health complaints, physical examination notes, diagnoses, testing information, medication information, and other medical record information.  The thief or thieves were able to get into the office by opening an unlocked door.  No identity theft protection services are being offered to affected patients.

UPDATE (11/08/2013): HHS received a report stating that 2,182 patients were affected by the breach.

 
Information Source:
California Attorney General
records from this breach used in our total: 0

September 5, 2013 Boston Public School (BPS), Plastic Card Systems
Boston, Massachusetts
GOV PORT

20,000 (No SSNs or financial information reported)

Boston Public School students across 36 schools may have had their information compromised by the loss of a flash drive.  The flash drive was misplaced sometime around August 9 by BPS's ID card vendor Plastic Card Systems.

 
Information Source:
Media
records from this breach used in our total: 0

September 10, 2013 Outdoor Network, LLC, Boats.net, Partzilla.com
Lake Placid, Florida
BSR HACK

Unknown

Those with questions may call (888) 829-6550.

A website breach exposed an unspecified number of customer names, addresses, credit card numbers, credit card expiration dates, and CVV codes.  Hackers put malware on Outdoor Network's Boats.net and Partzilla.com websites and were able to access information from credit card transactions between December 2012 and July 2013.

 
Information Source:
Media
records from this breach used in our total: 0

September 15, 2013 International SOS Assistance, Inc.
Philadelphia, Pennsylvania
GOV HACK

Unknown

An unauthorized user or users accessed at least one U.S. system that hosts traveler information.  The type of information that may have been accessed was not reported and International SOS is still investigating the incident.

UPDATE (10/23/2013): The breach occurred on August 24 and was confirmed on August 28.  Names and passport numbers were exposed.  Some travelers also had their Social Security numbers exposed.

 
Information Source:
Media
records from this breach used in our total: 0

September 13, 2013 Argotec
Greenfield, Massachusetts
BSR UNKN

Unknown

An unspecified incident occurred on or around July 26 that may have exposed the confidential information of current and former employees.  Names, Social Security numbers, and bank account information may have been exposed.  Current employees were sent notification on August 6.

 
Information Source:
Media
records from this breach used in our total: 0

August 1, 2013 Bridgewater Associates, LP, Ceridian
Westport, Connecticut
BSF DISC

Unknown

An unauthorized individual accessed a database of employee information used for COBRA.  Names, Social Security numbers, dates of birth, addresses, and other benefit plan information of employees and their dependents may have been accessed on the Ceridian database.  The breach was discovered when a Bridgewater consultant reported that their password for the Ceridian database had been changed and someone else had used the credentials to access the database on three separate occassions.  The breach occurred sometime before April 12, 2013.

 
Information Source:
PHIPrivacy.net
records from this breach used in our total: 0

September 11, 2013 Edgewood Partners Insurance Center (EPIC)
San Mateo, California
BSF PORT

Unknown

Five laptops were stolen during a July 16 office burglary.  The laptops contained confidential information and were password-protected but unencrypted.  Current and former employees and their beneficiaries and dependents, contractors, and job applicants were affected. Names, Social Security numbers, addresses, dates of birth, drivers' license numbers, benefits information, bank account information, and health information were exposed.

 
Information Source:
Media
records from this breach used in our total: 0

September 7, 2013 Rockland Federal Credit Union
Rockland, Massachusetts
BSF HACK

Unknown

Those with questions may call 781-878-0232.

Rockland Federal Credit Union is sending customers new debit cards with new PINs as a result of a merchant who discovered a breach in their computer system.  All old debit cards will be deactivated on September 26.

 
Information Source:
Media
records from this breach used in our total: 0

September 6, 2013 Illinois Department of Healthcare and Family Services
Springfield, Illinois
MED DISC

3,100 (No Social Security numbers or financial information reported)

A contractor sent Family Health Network ID cards to the wrong addresses in July of 2013.  A total of 3,100 clients had their names, Medicaid numbers, and dates of birth exposed.

 
Information Source:
Media
records from this breach used in our total: 0

September 11, 2013 Kaiser Permanente
Oakland, California
MED DISC

Unknown

Participants in a Wellness Screening competition pilot may have had their information exposed.  A Kaiser Permanente employee accidentally included confidential information in an email sent to a member of the pilot planning team. In addition to a summary of the competition, it included names, Kaiser Permanente medical record numbers, phone numbers, email addresses, names of employers, department names, and dates and times of health screenings.  The pilot planning team member was not authorized to receive the confidential information.

 
Information Source:
California Attorney General
records from this breach used in our total: 0

September 11, 2013 FSV Payment Systems, Paymast'r Services
Boulder, Colorado
BSF HACK

Unknown

Between July 22 and July 28, an unauthoried party accessed a website that contained sensitive information.  Names, Social Security numbers, addresses, drivers' license numbers, and Payroll Card numbers may have been accessed.  The website was shutdown once the breach was discovered. Paymast'rServices, PaycheckPLUS! Payroll cards issued by MetaBank were affected.

 
Information Source:
California Attorney General
records from this breach used in our total: 0

August 22, 2013 United Shore Financial Services, Shore Mortgage
Troy, Michigan
BSF HACK

Unknown

The servers of an unnamed Shore Mortgage vendor were affected by a computer intrusion.  The incident may have began on June 2 and client information was accessed on August 15.  Names, Social Security numbers, contact information, dates of birth, drivers' license information, and financial account information were accessed.

 
Information Source:
California Attorney General
records from this breach used in our total: 0

August 16, 2013 California Correctional Health Care Services
Sacramento, California
MED INSD

1,001 (No SSNs or financial information reported)

Missing dental information was discovered to have been removed by a staff member.  Patient names, dates of birth, dental treatment plans, and other information were exposed.  Dental records may have also been taken.  The documents were first discovered missing on June 19 and had not been recovered as of August 16.

UPDATE (08/28/2013): A total of 1,001 inmates were affected.

 
Information Source:
California Attorney General
records from this breach used in our total: 0

August 28, 2013 Washington Inventory Service
Merriam, Kansas
BSO PHYS

Unknown

A box of hundred of employee records was found in a publicly accessible recycling dumpster.  The box was later recovered by an employee, but the records were still left behind.  

 
Information Source:
PHIPrivacy.net
records from this breach used in our total: 0

August 16, 2013 California Department of Corrections and Rehabilitation, Centinela State Prison
Imperial, California
MED DISC

Unknown

A file containing staff names, Social Security numbers, and dates of birth was saved to a Centinela State Prison server that was accessible to all staff.  It was on the server between July 26 and July 29 before being removed.

 
Information Source:
California Attorney General
records from this breach used in our total: 0

August 28, 2013 Office of Janna Benkelman
Denver, Colorado
MED PORT

1,500 (No SSNs or financial information reported)

Patients with questions may call 303-805-7168.

An office burglary resulted in the exposure of patient information.  A laptop was stolen from the office of Janna Benkelman, a licensed professional counselor.  The laptop was password-protected. 

 
Information Source:
PHIPrivacy.net
records from this breach used in our total: 0

August 28, 2013 Brookdale University Hospital and Medical Center
Brooklyn, New York
MED PORT

2,700 (No SSNs or financial information reported)

The May 24 loss of a portable device resulted in the exposure of patient information.  

 
Information Source:
HHS via PHIPrivacy.net
records from this breach used in our total: 0

August 28, 2013 Standard Register, Brookdale University Hospital and Medical Center
Brooklyn, New York
MED PHYS

2,261 (No SSNs or financial information reported)

The exposure of patient paper records resulted in a breach that was reported in August 2012.

 
Information Source:
HHS via PHIPrivacy.net
records from this breach used in our total: 0

August 28, 2013 Health Plus Amerigroup, Brookdale University Hospital and Medical Center
Brooklyn, New York
MED DISC

28,187 (No SSNs or financial information reported)

An accidental exposure of protected health information affected patients. The information was accidentally disclosed to other facilities.  The breach was reported in September of 2012.

 
Information Source:
HHS via PHIPrivacy.net
records from this breach used in our total: 0

August 28, 2013 Young Family Medicine Inc.
Sidney, Ohio
MED PORT

2,045 (No SSNs or financial information reported)

The June 12 theft of a laptop resulted in the exposure of patient information.

 
Information Source:
HHS via PHIPrivacy.net
records from this breach used in our total: 0

August 28, 2013 Hancock OB/GYN
Greenfield, Indiana
MED INSD

1,396 (No SSNs or financial information reported)

Those with questions may call 1-866-221-0150.

An employee was found to have accessed physician notes without a work-related reason.  The breach began on November 9, 2011 and lasted until June 17, 2013.  Names, dates of service, medical record numbers, clinical information were exposed.

 
Information Source:
HHS via PHIPrivacy.net
records from this breach used in our total: 0

September 19, 2013 DiscountMugs.com (BEL USA LLC)
Medley, Florida
BSR HACK

Unknown

Customers who placed an order online or by phone between March 1, 2013 and July 15, 2013 may have had their information exposed.  Customer names, debit and credit card numbers, addresses, phone numbers, expieration dates and CVV codes may have been accessed by hackers.

 
Information Source:
Media
records from this breach used in our total: 0

September 18, 2013 Logan Community Resources, Inc.
South Bend, Indiana
MED UNKN

2,900 (No SSNs or financial information reported)

An August 24, 2012 breach resulted in the exposure of patient information.

 
Information Source:
HHS via PHIPrivacy.net
records from this breach used in our total: 0

September 18, 2013 Minne-Tohe Health Center/Elbowoods Memorial Health Center
New Town, North Dakota
MED UNKN

10,000 (No SSNs or financial information reported)

An October 1, 2011 breach resulted in the exposure of protected health information.

 
Information Source:
HHS via PHIPrivacy.net
records from this breach used in our total: 0

September 18, 2013 St. Francis Health Network, Advantage Health Solutions
Indianapolis, Indiana
MED UNKN

2,575 (No SSNs or financial information reported)

Advantage Health Solutions and St. Francis Health Network (Franciscan Alliance ACO) were affected by a breach.

 
Information Source:
HHS via PHIPrivacy.net
records from this breach used in our total: 0

October 11, 2013 Google Chrome
Mountain View, California
BSO DISC

Unknown

A data management firm discovered that Chrome browser users may have had their personal information stored on the hard drives of their computers without their knowledge or consent.  Google Chrome regularly stores names, street addresses, email addresses, phone numbers, bank account numbers, credit card numbers, and Social Security numbers in web browsers for later use.  It was not known that Chrome's cache also stores the information in plain text.

 
Information Source:
Media
records from this breach used in our total: 0

October 10, 2013 Nordstrom
Aventura, Florida
BSR CARD

Unknown

Six skimmers were found on registers in one Nordstrom store in Aventura.  Six people were seen tending to the devices on the afternoon of October 5. They came in groups of three and distracted sales people while tampering with the registers, twice.  Skimmers and tiny cameras were installed to collect credit card information.  The information can be used to make fraudulent credit cards.

 
Information Source:
Media
records from this breach used in our total: 0

October 9, 2013 Minnesota Counties Insurance Trust
St. Paul, Minnesota
BSF INSD

3,000 (No Social Security numbers or financial information reported)

An employee working as a child support officer is accused of making more than 4,000 queries without legitimate cause in a driver and vehicle services database between 2010 and 2011.  Photographs, addresses, and driving records may have been exposed.

UPDATE (10/04/2013): A $2 million settlement has been proposed to end a class action lawsuit.  An insurance trust representing Minnesota counties will pay $500 to the named plaintiffs who initially brought the suit and those who had their information viewed for illegitimate purposes will receive a share of the money "based on the number of times they were illegitimately searched."

 
Information Source:
Media
records from this breach used in our total: 0

October 9, 2013 University of California San Francisco Medical Center (UCSF)
San Francisco, California
MED PORT

3,541 (Unknown number of Social Security numbers exposed)

A total of 3,541 patients were affected by the September 10 theft of an unencrypted laptop from an employee's vehicle.  A subset of the 3,541 patients who were affected had their Social Security numbers exposed.

UPDATE (10/08/2013): Paper documents with patient names, Social Security numbers, dates of birth, and medical information were also stolen.

 
Information Source:
Media
records from this breach used in our total: 0

October 10, 2013 Petrochem Insulation, ASRC Energy Services
San Francisco, California
BSO PORT

Unknown

The July 18 theft of a laptop from an employee's car resulted in the exposure of employee information.  The laptop contained personnel spreadsheets with employee names, Social Security numbers, and employee identification numbers.

 
Information Source:
Media
records from this breach used in our total: 0

October 2, 2013 Santa Clara Valley Medical Center
San Jose, California
MED PORT

571 (No Social Security numbers were exposed)

The theft of an unencrypted laptop from the audiology department of Santa Clara Valley Medical Center resulted in the exposure of patient names, medical record numbers, dates of birth, ages, sex, dates of service, and brainwave tests.  The theft was discovered on September 16.

 
Information Source:
Media
records from this breach used in our total: 0

October 6, 2013 CaroMont Health
Gastonia, North Carolina
MED DISC

1,310 (No Social Security numbers of financial information reported)

An email with patient information was sent to an unauthorized person.  Names, dates of birth, addresses, diagnoses, and medications were exposed.

 
Information Source:
Media
records from this breach used in our total: 0

October 10, 2013 NHC Healthcare
Oak Ridge, Tennessee
MED PORT

Unknown

Those with questions may call (888) 568-8578.

An unencrypted backup tape was discovered missing. It contained the names, Social Security numbers, dates of birth, home addresses, and medical information of patients.

 
Information Source:
Databreaches.net
records from this breach used in our total: 0

September 23, 2013 Stanford University
Stanford, California
EDU HACK

Unknown

Stanford University ID holders (SUNet) users had their account passwords and other information exposed.  The breach occurred sometime during the summer of 2013 and continued into the fall.  The full extent of the breach was not revealed.  SUNet users were instructured to change their passwords before accessing the system again.

 
Information Source:
Media
records from this breach used in our total: 0

September 20, 2013 Murphy USA
Little Rock, Arkansas
BSR CARD

Unknown

Murphy USA stations in Conway Arkansas and Durant, Oklahoma were also affected.  It is unclear if this is related to the breach that occurred at Murphy USA gas stations in 2011 in Virginia.

Two men pleaded guilty to one count each of conspiracy to commit wire fraud.  They placed skimming devices on gas pumps at Murphy USA station in Conway and Little Rock, Arkansas as well as Durant, Oklahoma.  This allowed them to collect credit card information and create fraudulent credit cards.  The breach occurred between April 2012 and January 2013 and led to fraudulent charges of about $400,000. It's estimated that between 50 and 500 people were affected.

 
Information Source:
Media
records from this breach used in our total: 0

October 8, 2013 Rothman Institute (Reconstructive Orthopaedic Associates)
Philadelphia, Pennsylvania
MED INSD

2,350 (No Social Security numbers or financial information involved)

A former employee removed paper copies of daily patient schedules from Rothman Institute on August 11.  The paper copies were taken without permission and were not used for malicious purposes.  Patients who were seen between March 18 and May 10 may have had their names, telephone numbers, dates of birth, locations, staff or physician seen, codes for insurance companies, copay amounts, dates and times of appointments, reasons for visits, and internal-use chart, and code numbers exposed.  Social Security numbers and credit card information were not exposed. The information was not shared with unauthorized parties.

UPDATE (11/08/2013): A total of 2,350 patients were affected.

 
Information Source:
Media
records from this breach used in our total: 0

June 24, 2010 University of Oklahoma
Norman, Oklahoma
EDU HACK

Unknown

The University of Oklahoma began warning students of a security breach after its IT department noticed unusual internet activity on a laptop associated with its network.  The laptop was infected with a virus and it contained student names and Social Security numbers.  Students were advised to check bills and credit card transactions to make sure that no fraud had occurred.  

 
Information Source:
Media
records from this breach used in our total: 0

October 7, 2013 PayJunction
Santa Barbara, California
BSF HACK

Unknown

A number of sales agents were affected when a data backup of PayJunction's internal business system was inappropriately accessed.  The unauthorized access occurred in July and was discovered in late September.  

 
Information Source:
Databreaches.net
records from this breach used in our total: 0

October 10, 2013 Legal Aid Society of San Mateo County
Redwood City, California
NGO PORT

Unknown

The August 12 office burglary of 10 laptops resulted in the exposure of client information.  The laptops were used by Legal Aid Society attorneys to assist individuals in getting services.  Names, Social Security numbers, dates of birth, medical information, and health information may have been exposed.

 
Information Source:
California Attorney General
records from this breach used in our total: 0

October 11, 2013 Monterey County Department of Social Services
Salinas, California
GOV HACK

Unknown

A Monterey County computer was compromised during the evening of March 17.  It was connected to the California State Network and contained the information of individuals who received public assistance benefits through Monterey County Department of Social Services between 2002 and 2009.  First and last names, Social Security numbers, addresses, phone numbers, and dates of birth were exposed.  

 
Information Source:
Media
records from this breach used in our total: 0

October 7, 2013 Walgreens
Anaheim, California
BSR STAT

Unknown

A breach at a Walgreens in Anaheim resulted in the exposure of customer information.  Thieves stole a computer and paper records in December of 2012.  The theft was discovered on December 31 and occurred on December 28.  The burglary occurred in Crescent's billing center.  Names, Social Security numbers, addresses, phone numbers, health insurance information, dates of birth, and medical information were exposed.  

 
Information Source:
Media
records from this breach used in our total: 0

October 17, 2013 Datapak Services Corporation
Howell, Michigan
BSO HACK

Unknown

Those with questions may call (855) 398-6434

Datapak Services discovered that its online systems had been infected by malware since March 5, 2013.  Customer names, addresses, payment card numbers, expiration dates, and CVV codes may have been accessed by an unauthorized party. 

 
Information Source:
Databreaches.net
records from this breach used in our total: 0

October 18, 2013 Broward Health Medical Center
Fort Lauderdale, Florida
MED INSD

960 (Last four digits of Social Security numbers exposed)

Federal and local officials discovered a breach that involved the records of 960 patients treated at Broward Health between October of 2012 and December of 2012.  The patients were treated at 1600 S. Andrews Ave. Their names, addresses, dates of birth, insurance policy numbers, and reasons for visits were exposed when an employee took patient documents out of the medical facility.  The last four digits of patients' Social Security numbers are recorded at Broward Health for insurance purposes and were also exposed. 

 
Information Source:
Media
records from this breach used in our total: 0

October 19, 2013 Hospice of the Chesapeake
Pasadena, Maryland
MED INSD

7,035 (No Social Security numbers or financial information exposed)

An employee emailed spreadsheets with sensitive patient information to a personal account in order to work from home.  Names, ages, dates of service, diagnoses, and medical record numbers were in the spreadsheets.  The breach was discovered on August 8 and initially suspected to have been caused by a computer intrusion.  Hospice of the Chesapeake investigated the breach for two months before revealing it to patients.

UPDATE (11/08/2013): Hospice of the Chesapeake notified HHS and stated that 7,035 patients were affected.

 
Information Source:
Media
records from this breach used in our total: 0

October 16, 2013 Memorial Hospital of Lafayette County, Healthcare Management System
Darlington, Wisconsin
MED DISC

6,000 (No Social Security numbers or financial information exposed)

Memorial Hospital of Lafayette learned on August 6 that some patients had their financial statements sent to other people.  The mistake was caused by an error in the settings of an unnamed third-party billing vendor's system.  Patients who were seen at the hospital as far back as 2001 may have had their information sent to the wrong address. Patient names, addresses, identificaiton numbers, account numbers, dates of services, and the charges associated with services received were exposed.

UPDATE (11/08/2013): The billing vendor was Healthcare Management System.

 
Information Source:
PHIPrivacy.net
records from this breach used in our total: 0

October 17, 2013 Ouidad
Danbury, Connecticut
BSR HACK

Unknown

Hackers were able to access Ouidad's customer database between June 30 and July 4 of 2013.  Ouidad account information, names, credit card numbers, credit card security codes and expiration dates, billing addresses, email addresses, and phone numbers were exposed. 

 
Information Source:
Media
records from this breach used in our total: 0

October 17, 2013 Eagleton School, Castro School, Munroe School
Morrison, Colorado
MED PORT

100 (No Social Security numbers or financial information reported)

The theft of a nurse's suitcase resulted in the exposure of student medical information.  The suitcase contained a thumb drive.  The theft occurred on October 5 and about 100 parents received notification of the breach.  Medications and other health-related information were on the thumb drive.  Addresses and Social Security numbers were not included in the compromised data.

 
Information Source:
PHIPrivacy.net
records from this breach used in our total: 0

October 18, 2013 Long Island Rail Road
Long Island, New York
BSR CARD

Unknown

Ticket vending machines associated with Long Island Rail Road were discovered to have been compromised.  Customers who used their debit and credit cards at the machines may have had their information recorded and used to create fraudulent payment cards.  Tiny cameras were placed on the machines and hidden in thin black strips.  A total of seven machines in Bayside, Garden City, Great Neck, Greenvale, and Merillon Avenue were compromised.

 
Information Source:
Media
records from this breach used in our total: 0

October 28, 2013 Allina Health
Minneapolis, Minnesota
MED INSD

3,800 (No Social Security numbers reported)

Roughly 3,800 patients were affected by a breach that involved a former employee at the Inver Grove Heights clinic.  The employee worked as a certified medical assistant and viewed patient records without permission between February of 2010 and September of 2013.  Patients who were seen at any location within Allina Health's system may have had their demographic, clinical, and health insurance information viewed.  The employee also had access to the last four digits of patients' Social Security numbers.  

 
Information Source:
Media
records from this breach used in our total: 0

Breach Total
931,357,921 RECORDS BREACHED
(Please see explanation about this total.)
from 4,449 DATA BREACHES made public since 2005
Showing 4051-4100 of 4449 results


X

Sign In!

Loading