Chronology of Data Breaches
Security Breaches 2005 - Present

Posted Date: April 20, 2005
Updated Date: December 31, 2013

Is this your first visit to our Chronology of Data Breaches?

  • Read our FAQ about what we define as a breached record, how we calculate the "total" records breached, our data sources, state breach notice laws, studies and other resources

  • Learn how to use our Chronology and take advantage of its sophisticated search and sort features

  • Get our RSS Feed to see when we add new breaches to the list

What would you like to do?


Click or unclick the boxes then select go.


Select features, then click GO.



Help Guide

Can't find the sort feature you're looking for? Click here to download a CSV file of the data breach list as it exisits today.
Breach Total
872,715,019 RECORDS BREACHED
(Please see explanation about this total.)
from 4,391 DATA BREACHES made public since 2005

Save or Print PDF of Entire Breach List including introduction.Save or Print a PDF of Entire Breach List (including introductory FAQ)

Filter breach list before saving or printing PDF. Conduct a search of the Chronology using its sorting features, and Save or Print a PDF of your search results (Select filters)

If you do not have access to PDF, you can print the Chronology in landscape view.

Date Made Public Name Entity Type
August 16, 2013 California Correctional Health Care Services
Sacramento, California
MED INSD

1,001 (No SSNs or financial information reported)

Missing dental information was discovered to have been removed by a staff member.  Patient names, dates of birth, dental treatment plans, and other information were exposed.  Dental records may have also been taken.  The documents were first discovered missing on June 19 and had not been recovered as of August 16.

UPDATE (08/28/2013): A total of 1,001 inmates were affected.

 
Information Source:
California Attorney General
records from this breach used in our total: 0

August 28, 2013 Washington Inventory Service
Merriam, Kansas
BSO PHYS

Unknown

A box of hundred of employee records was found in a publicly accessible recycling dumpster.  The box was later recovered by an employee, but the records were still left behind.  

 
Information Source:
PHIPrivacy.net
records from this breach used in our total: 0

August 16, 2013 California Department of Corrections and Rehabilitation, Centinela State Prison
Imperial, California
MED DISC

Unknown

A file containing staff names, Social Security numbers, and dates of birth was saved to a Centinela State Prison server that was accessible to all staff.  It was on the server between July 26 and July 29 before being removed.

 
Information Source:
California Attorney General
records from this breach used in our total: 0

August 28, 2013 Office of Janna Benkelman
Denver, Colorado
MED PORT

1,500 (No SSNs or financial information reported)

Patients with questions may call 303-805-7168.

An office burglary resulted in the exposure of patient information.  A laptop was stolen from the office of Janna Benkelman, a licensed professional counselor.  The laptop was password-protected. 

 
Information Source:
PHIPrivacy.net
records from this breach used in our total: 0

August 28, 2013 Brookdale University Hospital and Medical Center
Brooklyn, New York
MED PORT

2,700 (No SSNs or financial information reported)

The May 24 loss of a portable device resulted in the exposure of patient information.  

 
Information Source:
HHS via PHIPrivacy.net
records from this breach used in our total: 0

August 28, 2013 Standard Register, Brookdale University Hospital and Medical Center
Brooklyn, New York
MED PHYS

2,261 (No SSNs or financial information reported)

The exposure of patient paper records resulted in a breach that was reported in August 2012.

 
Information Source:
HHS via PHIPrivacy.net
records from this breach used in our total: 0

August 28, 2013 Health Plus Amerigroup, Brookdale University Hospital and Medical Center
Brooklyn, New York
MED DISC

28,187 (No SSNs or financial information reported)

An accidental exposure of protected health information affected patients. The information was accidentally disclosed to other facilities.  The breach was reported in September of 2012.

 
Information Source:
HHS via PHIPrivacy.net
records from this breach used in our total: 0

August 28, 2013 Young Family Medicine Inc.
Sidney, Ohio
MED PORT

2,045 (No SSNs or financial information reported)

The June 12 theft of a laptop resulted in the exposure of patient information.

 
Information Source:
HHS via PHIPrivacy.net
records from this breach used in our total: 0

August 28, 2013 Hancock OB/GYN
Greenfield, Indiana
MED INSD

1,396 (No SSNs or financial information reported)

Those with questions may call 1-866-221-0150.

An employee was found to have accessed physician notes without a work-related reason.  The breach began on November 9, 2011 and lasted until June 17, 2013.  Names, dates of service, medical record numbers, clinical information were exposed.

 
Information Source:
HHS via PHIPrivacy.net
records from this breach used in our total: 0

September 19, 2013 DiscountMugs.com (BEL USA LLC)
Medley, Florida
BSR HACK

Unknown

Customers who placed an order online or by phone between March 1, 2013 and July 15, 2013 may have had their information exposed.  Customer names, debit and credit card numbers, addresses, phone numbers, expieration dates and CVV codes may have been accessed by hackers.

 
Information Source:
Media
records from this breach used in our total: 0

September 18, 2013 Logan Community Resources, Inc.
South Bend, Indiana
MED UNKN

2,900 (No SSNs or financial information reported)

An August 24, 2012 breach resulted in the exposure of patient information.

 
Information Source:
HHS via PHIPrivacy.net
records from this breach used in our total: 0

September 18, 2013 Minne-Tohe Health Center/Elbowoods Memorial Health Center
New Town, North Dakota
MED UNKN

10,000 (No SSNs or financial information reported)

An October 1, 2011 breach resulted in the exposure of protected health information.

 
Information Source:
HHS via PHIPrivacy.net
records from this breach used in our total: 0

September 18, 2013 St. Francis Health Network, Advantage Health Solutions
Indianapolis, Indiana
MED UNKN

2,575 (No SSNs or financial information reported)

Advantage Health Solutions and St. Francis Health Network (Franciscan Alliance ACO) were affected by a breach.

 
Information Source:
HHS via PHIPrivacy.net
records from this breach used in our total: 0

October 11, 2013 Google Chrome
Mountain View, California
BSO DISC

Unknown

A data management firm discovered that Chrome browser users may have had their personal information stored on the hard drives of their computers without their knowledge or consent.  Google Chrome regularly stores names, street addresses, email addresses, phone numbers, bank account numbers, credit card numbers, and Social Security numbers in web browsers for later use.  It was not known that Chrome's cache also stores the information in plain text.

 
Information Source:
Media
records from this breach used in our total: 0

October 10, 2013 Nordstrom
Aventura, Florida
BSR CARD

Unknown

Six skimmers were found on registers in one Nordstrom store in Aventura.  Six people were seen tending to the devices on the afternoon of October 5. They came in groups of three and distracted sales people while tampering with the registers, twice.  Skimmers and tiny cameras were installed to collect credit card information.  The information can be used to make fraudulent credit cards.

 
Information Source:
Media
records from this breach used in our total: 0

October 9, 2013 Minnesota Counties Insurance Trust
St. Paul, Minnesota
BSF INSD

3,000 (No Social Security numbers or financial information reported)

An employee working as a child support officer is accused of making more than 4,000 queries without legitimate cause in a driver and vehicle services database between 2010 and 2011.  Photographs, addresses, and driving records may have been exposed.

UPDATE (10/04/2013): A $2 million settlement has been proposed to end a class action lawsuit.  An insurance trust representing Minnesota counties will pay $500 to the named plaintiffs who initially brought the suit and those who had their information viewed for illegitimate purposes will receive a share of the money "based on the number of times they were illegitimately searched."

 
Information Source:
Media
records from this breach used in our total: 0

October 9, 2013 University of California San Francisco Medical Center (UCSF)
San Francisco, California
MED PORT

3,541 (Unknown number of Social Security numbers exposed)

A total of 3,541 patients were affected by the September 10 theft of an unencrypted laptop from an employee's vehicle.  A subset of the 3,541 patients who were affected had their Social Security numbers exposed.

UPDATE (10/08/2013): Paper documents with patient names, Social Security numbers, dates of birth, and medical information were also stolen.

 
Information Source:
Media
records from this breach used in our total: 0

October 10, 2013 Petrochem Insulation, ASRC Energy Services
San Francisco, California
BSO PORT

Unknown

The July 18 theft of a laptop from an employee's car resulted in the exposure of employee information.  The laptop contained personnel spreadsheets with employee names, Social Security numbers, and employee identification numbers.

 
Information Source:
Media
records from this breach used in our total: 0

October 2, 2013 Santa Clara Valley Medical Center
San Jose, California
MED PORT

571 (No Social Security numbers were exposed)

The theft of an unencrypted laptop from the audiology department of Santa Clara Valley Medical Center resulted in the exposure of patient names, medical record numbers, dates of birth, ages, sex, dates of service, and brainwave tests.  The theft was discovered on September 16.

 
Information Source:
Media
records from this breach used in our total: 0

October 6, 2013 CaroMont Health
Gastonia, North Carolina
MED DISC

1,310 (No Social Security numbers of financial information reported)

An email with patient information was sent to an unauthorized person.  Names, dates of birth, addresses, diagnoses, and medications were exposed.

 
Information Source:
Media
records from this breach used in our total: 0

October 10, 2013 NHC Healthcare
Oak Ridge, Tennessee
MED PORT

Unknown

Those with questions may call (888) 568-8578.

An unencrypted backup tape was discovered missing. It contained the names, Social Security numbers, dates of birth, home addresses, and medical information of patients.

 
Information Source:
Databreaches.net
records from this breach used in our total: 0

September 23, 2013 Stanford University
Stanford, California
EDU HACK

Unknown

Stanford University ID holders (SUNet) users had their account passwords and other information exposed.  The breach occurred sometime during the summer of 2013 and continued into the fall.  The full extent of the breach was not revealed.  SUNet users were instructured to change their passwords before accessing the system again.

 
Information Source:
Media
records from this breach used in our total: 0

September 20, 2013 Murphy USA
Little Rock, Arkansas
BSR CARD

Unknown

Murphy USA stations in Conway Arkansas and Durant, Oklahoma were also affected.  It is unclear if this is related to the breach that occurred at Murphy USA gas stations in 2011 in Virginia.

Two men pleaded guilty to one count each of conspiracy to commit wire fraud.  They placed skimming devices on gas pumps at Murphy USA station in Conway and Little Rock, Arkansas as well as Durant, Oklahoma.  This allowed them to collect credit card information and create fraudulent credit cards.  The breach occurred between April 2012 and January 2013 and led to fraudulent charges of about $400,000. It's estimated that between 50 and 500 people were affected.

 
Information Source:
Media
records from this breach used in our total: 0

October 8, 2013 Rothman Institute (Reconstructive Orthopaedic Associates)
Philadelphia, Pennsylvania
MED INSD

2,350 (No Social Security numbers or financial information involved)

A former employee removed paper copies of daily patient schedules from Rothman Institute on August 11.  The paper copies were taken without permission and were not used for malicious purposes.  Patients who were seen between March 18 and May 10 may have had their names, telephone numbers, dates of birth, locations, staff or physician seen, codes for insurance companies, copay amounts, dates and times of appointments, reasons for visits, and internal-use chart, and code numbers exposed.  Social Security numbers and credit card information were not exposed. The information was not shared with unauthorized parties.

UPDATE (11/08/2013): A total of 2,350 patients were affected.

 
Information Source:
Media
records from this breach used in our total: 0

June 24, 2010 University of Oklahoma
Norman, Oklahoma
EDU HACK

Unknown

The University of Oklahoma began warning students of a security breach after its IT department noticed unusual internet activity on a laptop associated with its network.  The laptop was infected with a virus and it contained student names and Social Security numbers.  Students were advised to check bills and credit card transactions to make sure that no fraud had occurred.  

 
Information Source:
Media
records from this breach used in our total: 0

October 7, 2013 PayJunction
Santa Barbara, California
BSF HACK

Unknown

A number of sales agents were affected when a data backup of PayJunction's internal business system was inappropriately accessed.  The unauthorized access occurred in July and was discovered in late September.  

 
Information Source:
Databreaches.net
records from this breach used in our total: 0

October 10, 2013 Legal Aid Society of San Mateo County
Redwood City, California
NGO PORT

Unknown

The August 12 office burglary of 10 laptops resulted in the exposure of client information.  The laptops were used by Legal Aid Society attorneys to assist individuals in getting services.  Names, Social Security numbers, dates of birth, medical information, and health information may have been exposed.

 
Information Source:
California Attorney General
records from this breach used in our total: 0

October 11, 2013 Monterey County Department of Social Services
Salinas, California
GOV HACK

Unknown

A Monterey County computer was compromised during the evening of March 17.  It was connected to the California State Network and contained the information of individuals who received public assistance benefits through Monterey County Department of Social Services between 2002 and 2009.  First and last names, Social Security numbers, addresses, phone numbers, and dates of birth were exposed.  

 
Information Source:
Media
records from this breach used in our total: 0

October 7, 2013 Walgreens
Anaheim, California
BSR STAT

Unknown

A breach at a Walgreens in Anaheim resulted in the exposure of customer information.  Thieves stole a computer and paper records in December of 2012.  The theft was discovered on December 31 and occurred on December 28.  The burglary occurred in Crescent's billing center.  Names, Social Security numbers, addresses, phone numbers, health insurance information, dates of birth, and medical information were exposed.  

 
Information Source:
Media
records from this breach used in our total: 0

October 17, 2013 Datapak Services Corporation
Howell, Michigan
BSO HACK

Unknown

Those with questions may call (855) 398-6434

Datapak Services discovered that its online systems had been infected by malware since March 5, 2013.  Customer names, addresses, payment card numbers, expiration dates, and CVV codes may have been accessed by an unauthorized party. 

 
Information Source:
Databreaches.net
records from this breach used in our total: 0

October 18, 2013 Broward Health Medical Center
Fort Lauderdale, Florida
MED INSD

960 (Last four digits of Social Security numbers exposed)

Federal and local officials discovered a breach that involved the records of 960 patients treated at Broward Health between October of 2012 and December of 2012.  The patients were treated at 1600 S. Andrews Ave. Their names, addresses, dates of birth, insurance policy numbers, and reasons for visits were exposed when an employee took patient documents out of the medical facility.  The last four digits of patients' Social Security numbers are recorded at Broward Health for insurance purposes and were also exposed. 

 
Information Source:
Media
records from this breach used in our total: 0

October 19, 2013 Hospice of the Chesapeake
Pasadena, Maryland
MED INSD

7,035 (No Social Security numbers or financial information exposed)

An employee emailed spreadsheets with sensitive patient information to a personal account in order to work from home.  Names, ages, dates of service, diagnoses, and medical record numbers were in the spreadsheets.  The breach was discovered on August 8 and initially suspected to have been caused by a computer intrusion.  Hospice of the Chesapeake investigated the breach for two months before revealing it to patients.

UPDATE (11/08/2013): Hospice of the Chesapeake notified HHS and stated that 7,035 patients were affected.

 
Information Source:
Media
records from this breach used in our total: 0

October 16, 2013 Memorial Hospital of Lafayette County, Healthcare Management System
Darlington, Wisconsin
MED DISC

6,000 (No Social Security numbers or financial information exposed)

Memorial Hospital of Lafayette learned on August 6 that some patients had their financial statements sent to other people.  The mistake was caused by an error in the settings of an unnamed third-party billing vendor's system.  Patients who were seen at the hospital as far back as 2001 may have had their information sent to the wrong address. Patient names, addresses, identificaiton numbers, account numbers, dates of services, and the charges associated with services received were exposed.

UPDATE (11/08/2013): The billing vendor was Healthcare Management System.

 
Information Source:
PHIPrivacy.net
records from this breach used in our total: 0

October 17, 2013 Ouidad
Danbury, Connecticut
BSR HACK

Unknown

Hackers were able to access Ouidad's customer database between June 30 and July 4 of 2013.  Ouidad account information, names, credit card numbers, credit card security codes and expiration dates, billing addresses, email addresses, and phone numbers were exposed. 

 
Information Source:
Media
records from this breach used in our total: 0

October 17, 2013 Eagleton School, Castro School, Munroe School
Morrison, Colorado
MED PORT

100 (No Social Security numbers or financial information reported)

The theft of a nurse's suitcase resulted in the exposure of student medical information.  The suitcase contained a thumb drive.  The theft occurred on October 5 and about 100 parents received notification of the breach.  Medications and other health-related information were on the thumb drive.  Addresses and Social Security numbers were not included in the compromised data.

 
Information Source:
PHIPrivacy.net
records from this breach used in our total: 0

October 18, 2013 Long Island Rail Road
Long Island, New York
BSR CARD

Unknown

Ticket vending machines associated with Long Island Rail Road were discovered to have been compromised.  Customers who used their debit and credit cards at the machines may have had their information recorded and used to create fraudulent payment cards.  Tiny cameras were placed on the machines and hidden in thin black strips.  A total of seven machines in Bayside, Garden City, Great Neck, Greenvale, and Merillon Avenue were compromised.

 
Information Source:
Media
records from this breach used in our total: 0

October 28, 2013 Allina Health
Minneapolis, Minnesota
MED INSD

3,800 (No Social Security numbers reported)

Roughly 3,800 patients were affected by a breach that involved a former employee at the Inver Grove Heights clinic.  The employee worked as a certified medical assistant and viewed patient records without permission between February of 2010 and September of 2013.  Patients who were seen at any location within Allina Health's system may have had their demographic, clinical, and health insurance information viewed.  The employee also had access to the last four digits of patients' Social Security numbers.  

 
Information Source:
Media
records from this breach used in our total: 0

October 25, 2013 NBC Sports Group
Stamford, Connecticut
BSO PORT

Unknown

Those with questions may call (203) 356-2720.

The August 24 theft of two laptops resulted in the exposure of personal information.  The laptops were stolen in Northern California and it is unclear whether employees, clients, or general consumers were affected.  Names, Social Security numbers, driver's licence numbers, and dates of birth were exposed.

 
Information Source:
Databreaches.net
records from this breach used in our total: 0

October 28, 2013 HealthFitness, Gerdau
Minneapolis, Minnesota
MED PORT

Unknown

Those who may have been affected may call (877) 371-7902.

HealthFitness informed Gerdau of a laptop theft that exposed the information of Gerdau employees and employee dependents.  HealthFitness administors Gerdau's health management and wellness program.  The laptop contained Social Security numbers, employee names, spouse names, dates of birth, and health plan elections.

 
Information Source:
PHIPrivacy.net
records from this breach used in our total: 0

October 25, 2013 Michigan State University
East Lansing, Michigan
EDU HACK

Unknown

Michigan State University provided a notification herehttp://police.msu.edu/crimealert10202013.asp

An unauthorized user was able to modify employee banking information.  The breach was discovered on October 18 when two employees reported receiving email confirmations of changes to their direct-deposit designations.  The unauthorized user may have obtained valid payroll credentials by using a phishing attack.  The HR/Payroll systems were taken offline on Friday, October 18 and were expected to become active again on October 21.

 
Information Source:
Media
records from this breach used in our total: 0

December 10, 2012 Michigan State University
East Lansing, Michigan
EDU HACK

1,500 (No Social Security numbers exposed)

A hacker published approximately 1,500 Michigan State University names, email addresses, user IDs, encrypted passwords, and mailing addresses.

 
Information Source:
Media
records from this breach used in our total: 0

October 29, 2013 MongoHQ
Mountain View, California
BSO HACK

Unknown

MongoHQ's internal system was compromised.  The system allowed certain administrative users to appear as other users.  MongoHQ reset all employee accounts and will enable devices, email, and internal applications after a credential reset and audit.  

 
Information Source:
Media
records from this breach used in our total: 0

October 22, 2013 Aaron's
Atlanta, Georgia
BSR DISC

Unknown

The US Federal Trade Commission filed a complaint against Aaron's over their practice of monitoring customer activity through software called Detective Mode.  It was determined that customers who rented computers were put at risk for identity theft by Aaron's practice of recording customer keystroke activity, screen shots, and images taken from webcams.  Aaron's may only use tracking technology with the consent of the renter and may not use technology that captures keystrokes, screenshots, images, or sounds on the devices it rents.  

 
Information Source:
Media
records from this breach used in our total: 0

October 23, 2013 University of Southern Maine
Portland, Maine
EDU PHYS

Unknown

Someone broke into a University van and stole campus keys.  The keys could give them access to nearly 50 Portland and Gorham campus buildings.  The University is in the process of replacing locks of the affected buildings.  Student, personnel, and other records may be accessible.  Faculty, staff, and students were notified of the incident and encouraged to shut electronic devices down when leaving them unattended.  They were also advised to not leave sensitive information or belongings in campus buildings without additional locks.

 
Information Source:
Media
records from this breach used in our total: 0

September 30, 2013 The New Teacher Project
Brooklyn, New York
NGO PORT

Unknown

The July 27 or 28 office theft of an unencrypted laptop resulted in the exposure of current and former employee information.  Names, Social Security numbers, dates of birth, and employee ID numbers were exposed.

 
Information Source:
Databreaches.net
records from this breach used in our total: 0

September 30, 2013 Sentry Life Insurance, Department of Labor
Stevens Point, Wisconsin
BSF DISC

Unknown

Sentry Life Insurnace discovered that several forms sent to the Department of Labor contained an attachments with names, Social Security numbers, and in a few cases, 401k account balances.  The Department of Labor uploaded the forms to a public website before Sentry's discovery.  The discovery was made on July 2 and a letter was sent on July 11 to the Maryland Attorney General's Office on behalf of Sentry.

 
Information Source:
Databreaches.net
records from this breach used in our total: 0

October 13, 2013 PR Newswire
New York, New York
BSO HACK

Unknown

Customer usernames and encrypted passwords were accessed and taken by hackers on or after March 8, 2013.  Hackers may have had access to the news release services of companies that use PR Newswire.  The breach is related to the Adobe hack that was revealed in early October of 2013.  

 
Information Source:
Media
records from this breach used in our total: 0

October 23, 2013 The Fisherman's Restaurant, Radiant Systems
Fort Worth, Texas
BSR DISC

Unknown

Radiant Systems accidentally transmitted Fisherman's Restaurant employee information to another Radiant Systems restaurant customer.  The error occurred from May 3, 2013 through September 24, 2013.  Radiant Systems learned of the issue on September 23 and notifications were sent in early October.  Full names, Social Security numbers, dates of birth, gender, marital status and number of dependents, addresses, telephone numbers, and personnel information were exposed.

 
Information Source:
California Attorney General
records from this breach used in our total: 0

October 25, 2013 Yusen Logistics (Americas) Inc.
Secaucus, New Jersey
BSO PORT

Unknown

An unencrypted laptop was stolen from an employee's vehicle sometime around September 23.  It contained a spreadsheet with payroll deduction information for former and current Yusen Logistics Americas employees.  It contained names, Social Security numbers, addresses, and payroll benefit deduction amounts from the period of July 2013 to September 2013.

 
Information Source:
California Attorney General
records from this breach used in our total: 0

October 28, 2013 Dun & Bradstreet
Suwanee, Georgia
BSO HACK

Unknown

A cyber attack occurred during the period between March and April 2013.  Dun & Bradstreet hold information for business marketing and other businesses may have been affected. 

 
Information Source:
California Attorney General
records from this breach used in our total: 0

Breach Total
872,715,019 RECORDS BREACHED
(Please see explanation about this total.)
from 4,391 DATA BREACHES made public since 2005
Showing 4051-4100 of 4391 results


X

Sign In!

Loading