Chronology of Data Breaches
Security Breaches 2005 - Present

Posted Date: April 20, 2005
Updated Date: December 31, 2013

Is this your first visit to our Chronology of Data Breaches?

  • Read our FAQ about what we define as a breached record, how we calculate the "total" records breached, our data sources, state breach notice laws, studies and other resources

  • Learn how to use our Chronology and take advantage of its sophisticated search and sort features

  • Get our RSS Feed to see when we add new breaches to the list

What would you like to do?


Click or unclick the boxes then select go.


Select features, then click GO.



Help Guide

Can't find the sort feature you're looking for? Click here to download a CSV file of the data breach list as it exisits today.
Breach Total
868,045,823 RECORDS BREACHED
(Please see explanation about this total.)
from 4,353 DATA BREACHES made public since 2005

Save or Print PDF of Entire Breach List including introduction.Save or Print a PDF of Entire Breach List (including introductory FAQ)

Filter breach list before saving or printing PDF. Conduct a search of the Chronology using its sorting features, and Save or Print a PDF of your search results (Select filters)

If you do not have access to PDF, you can print the Chronology in landscape view.

Date Made Public Name Entity Type
November 11, 2013 North Country Hospital and Health Center
Newport, Vermont
MED INSD

550 (No Social Security numbers or financial information reported)

Patients with questions may call (802) 334-3253.

A former employee refused to return a laptop that contained unspecified patient health information.  North County Hospital first learned of the issue on September 18.  The Newport Police Department was contacted and all administrator-level computer system user codes and passwords that the employee had access to were changed.  The laptop was also password-protected and will be remotely locked out if someone attempts to use it to access the Hospital systems.

 
Information Source:
HHS via PHIPrivacy.net
records from this breach used in our total: 0

November 11, 2013 St. Mary's Janesville Hospital, SSM Health Care
Janesville, Wisconsin
MED PORT

629 (No Social Security numbers or financial information exposed)

The August 27 car theft of an SSM Health Care employee's unencrypted laptop resulted in the exposure of patient information.  Patients who were treated in St. Mary's Janesville Hospital's emergency room between January 1 and August 26 of 2013 were affected.  Names, dates of birth, medical record numbers, account numbers, providers, departments of service, bed numbers, room numbers, dates and times of service, history of visits, complaints, diagnoses, procedures, test results, vaccines, and medications were exposed.

 
Information Source:
PHIPrivacy.net
records from this breach used in our total: 0

November 15, 2013 Office of Dr. Paul G. Klein, DPM
Wayne, New Jersey
MED PORT

2,500 (No Social Security numbers or financial information reported)

The October 1 theft of a laptop resulted in the exposure of patient information.

 
Information Source:
HHS via PHIPrivacy.net
records from this breach used in our total: 0

November 15, 2013 Hospital for Special Surgery
New York, New York
MED INSD

537 (No Social Security numbers or financial information reported)

A March 19 breach may have resulted in the exposure of patient information.  The breach may have involved the theft of computer equipment, the unauthorized access of information on a computer, and/or paper records.

UPDATE (12/20/2013): A dishonest employee accessed names, Social Security numbers, addresses, dates of birth, driver's license numbers, passport numbers, physician names, diagnosis information, medical billing codes, bank account and routing numbers, and payment party names and payment information.  Hospital for Special Surgery learned of the breach on May 31 and the dishonest employee was arrested in August.

 
Information Source:
HHS via PHIPrivacy.net
records from this breach used in our total: 0

November 15, 2013 Mount Sinai Medical Center
New York, New York
GOV PORT

610 (No Social Security numbers or financial information reported)

The August 1 theft or loss of a portable electronic device resulted in the exposure of patient information.

 
Information Source:
HHS via PHIPrivacy.net
records from this breach used in our total: 0

November 15, 2013 Mount Sinai Medical Center
New York, New York
MED PHYS

1,586 (No Social Security numbers or financial information reported)

Patient records were improperly disposed of on August 6.  

 
Information Source:
HHS via PHIPrivacy.net
records from this breach used in our total: 0

November 15, 2013 Superior HealthPlan, Inc.
Austin, Texas
MED DISC

6,284 (No Social Security numbers or financial information reported)

New Health and Human Services Commission ID numbers were sent on Superior ID cards to CHIP members on October 4.  It was discovered that a computer error caused some Superior CHIP ID cards to be sent to incorrect addresses. Names, CHIP ID numbers, and doctors' names and phone numbers were exposed.  All members who were affected were notified.

 
Information Source:
HHS via PHIPrivacy.net
records from this breach used in our total: 0

November 15, 2013 Group Health Cooperative
Seattle, Washington
NGO DISC

1,015 (No Social Security numbers or financial information reported)

Group Health member identification numbers and chronic conditions were accidentally printed on the outside of letters that were mailed on September 16.  The issue was discovered on September 23.

 
Information Source:
HHS via PHIPrivacy.net
records from this breach used in our total: 0

November 15, 2013 Rose Medical Center
Denver, Colorado
MED PHYS

606 (No Social Security numbers or financial information exposed)

Patient records were improperly disposed of sometime between June 28 of 2013 and July 16 of 2013.

 
Information Source:
HHS via PHIPrivacy.net
records from this breach used in our total: 0

November 8, 2013 ICS Collection Services, Inc, University of Chicago Physicians Group
Tinley Park, Illinois
MED DISC

1,344 (Unknown number of Social Security numbers)

University of Chicago Physicians Group's former contractor ICS Collection Services discovered that website users were able to view sensitive information of other users.  At least one user was able to view the names, addresses, dates of birth, insurance payments and dates, insurance company names, insurance policy numbers, procedures, diagnosis codes and descriptions, dates of service, treating physician names, and sometimes even Social Security numbers associated with University of Chicago Physicians Group patients.  ICS Collection Services learned of the issue on July 9.

 
Information Source:
HHS via PHIPrivacy.net
records from this breach used in our total: 0

November 8, 2013 Texas Health Presbyterian Dallas Hospital
Dallas, Texas
MED STAT

949 (No Social Security numbers or financial information reported)

The August 22 office theft of a computer resulted in the exposure of patient information.  Names, dates of birth, age, gender, radiology images, radiation therapy dose planning, diagnoses, and Texas Health Presbyterian medical record numbers were on the computer.

 
Information Source:
HHS via PHIPrivacy.net
records from this breach used in our total: 0

November 8, 2013 Comprehensive Podiatry LLC
Independence, Ohio
MED PORT

1,360 (No Social Security numbers or financial information reported)

The August 3 theft of a laptop resulted in the exposure of patient information.

 
Information Source:
HHS via PHIPrivacy.net
records from this breach used in our total: 0

November 8, 2013 Access Counseling, LLC
Los Angeles, California
MED PORT

566 (Partial Social Security numbers involved)

A briefcase was stolen from an employee's car sometime between the evening of August 22 and the morning of August 23.  The case files of seven clients were inside of the briefcase. Additionally, the briefcase contained a computer with files that included names, partial Social Security numbers, dates of birth, addresses, and clinical notes related to all clients.

 
Information Source:
HHS via PHIPrivacy.net
records from this breach used in our total: 0

November 8, 2013 BriovaRx
Chicago, Illinois
MED UNKN

1,067 (No Social Security numbers or financial information reported)

A breach of patient records occurred between July 3 and July 11 of 2013.  In a breach that may be related, a former employee was sued for stealing confidential health information and trade secrets in October.

 
Information Source:
HHS via PHIPrivacy.net
records from this breach used in our total: 0

November 8, 2013 Region Ten Community Services Board
Charlottesville, Virginia
MED HACK

10,228 (No Social Security numbers or financial information exposed)

A hacker obtained the passwords to several employees' emails on July 29.  The email accounts may have contained the health information of patients.

 
Information Source:
HHS via PHIPrivacy.net
records from this breach used in our total: 0

November 8, 2013 Schuylkill Health System
Pottsville, Pennsylvania
MED PORT

2,810 (No Social Security numbers or financial information reported)

The August 7 theft of a laptop resulted in the exposure of patient information.  

 
Information Source:
HHS via PHIPrivacy.net
records from this breach used in our total: 0

November 8, 2013 Littleton Podiatry
Littleton, Colorado
MED PORT

3,512 (No Social Security numbers or financial information exposed)

The August 27 theft of a laptop resulted in the exposure of patient information.

 
Information Source:
HHS via PHIPrivacy.net
records from this breach used in our total: 0

November 8, 2013 Sierra View District Hospital
Porterville, California
MED INSD

1,009 (No Social Security numbers or financial information reported)

A routine security audit at Sierra View District Hospital revealed that an employee had inappropriately accessed protected health information.  An investigation revealed that the information was not disclosed externally.  The breach occurred between July 1 and August 2.  

 
Information Source:
HHS via PHIPrivacy.net
records from this breach used in our total: 0

October 21, 2013 RGV DME (Durable Medical Equipment)
McAllen, Texas
MED INSD

Unknown

Three people were sentenced to prison for their roles in a scheme to defraud Medicare and Medicaid.  Two of the people owned RGV DME and a third worked for them.  Between early 2004 and late 2011, the three submitted fraudulent claims to Medicare and Texas Medicaid for DME supplies.

 
Information Source:
PHIPrivacy.net
records from this breach used in our total: 0

September 28, 2013 Virginia Polytechnic Institute and State University (Virginia Tech)
Blacksburg, Virginia
EDU HACK

144,963 (No Social Security numbers or financial information reported)

The University's statement can be found here: http://www.vtnews.vt.edu/articles/2013/09/092413-hr-hrserver.html

The computer server of Virginia Tech's Department of Human Resources was accessed on August 28.  The information of people who applied online to Virginia Tech between 2003 and 2013 may have been accessed.  No Social Security numbers or financial information was exposed. A total of 16,642 job applicants had their driver's license numbers exposed.  The remaining job applicants had not submitted this information.

 
Information Source:
Media
records from this breach used in our total: 0

November 17, 2013 CME Group, CME ClearPort
Chicago, Illinois
BSF HACK

Unknown

A July cyberattack resulted in the exposure of customer information.  Customers were required to change their log in credentials.  It is unclear what kind of customer information was exposed.

 
Information Source:
Media
records from this breach used in our total: 0

November 20, 2013 GitHub
San Francisco, California
BSO HACK

Unknown

A hacker or hackers compromised some of the user accounts of GitHub.  The hackers used a brute force attack to expose passwords.  GitHub reset the passwords of users who were affected.

 
Information Source:
Media
records from this breach used in our total: 0

November 19, 2013 Sachem Central School District
Lake Ronkonkoma, New York
EDU HACK

15,000

Sachem's notice can be found here: http://www.sachem.edu/home/pdf/QAData11192013.pdf

Two breaches in the summer of 2013 and November of 2013 resulted in the exposure of student information.  The sensitive information that was exposed in July may have been accidentally exposed through an administrative error.  

A second breach was discovered on November 8 when the Superintendent learned that student information had been posted on a publicly accessible webpage.  The investigation of the November breach is ongoing.  Student names and ID numbers were the primary types of data that were exposed in both incidents.

UPDATE (11/23/2013): A student of Sachem North High School pleaded not guilty to computer trespass and was released without bail.  The student may have also accessed information in 2012.  A list of 15,000 students' information that dated back to the early 2000s was discovered online. A list of 130 students who received instructional services in an alternative setting in the 2010-2011 school year was also discovered online.

 
Information Source:
Security Breach Letter
records from this breach used in our total: 0

September 26, 2013 LexisNexis, Dun & Bradstreet, Kroll Background America
Short Hills, New Jersey
BSO HACK

Unknown

Hackers were able to access an underground database of stolen consumer information.  It was discovered that the network was set up to receive information from internal systems at several large data brokers.  LexisNexis was one of the data brokers that was affected and discovered that their networks may have been compromised for at least five months.  Dun & Bradstreet discovered that their systems had been compromised as far back as March 27, 2013.  The breach of Kroll Background America, Inc. had began as far back as June 2013.

UPDATE (11/26/2013): Kroll Background America informed California that 548 California residents were affected by the breach.

 
Information Source:
Media
records from this breach used in our total: 0

September 28, 2013 ICG America (Amazing Clubs, Games2U, Flying Noodle, Monster Brew, Texas Irons, California Reds)
Austin, Texas
BSO HACK

Unknown

ICG America Learned that its payment processing system was the target of a cyber attack.  The attack began on January 2, 2013 and continued until August 2, 2013.  Customers who made purchases from companies operated by ICG America may have had their names, credit card and debit card numbers, expiration dates, CVV codes, addresses, and email addresses exposed.

 
Information Source:
Media
records from this breach used in our total: 0

September 28, 2013 Unique Vintage
Burbank, California
BSR HACK

Unknown

A breach letter can be found herehttps://oag.ca.gov/system/files/Customer%20Notification%20Letter%20%2892312rv%292_0.pdf?

Unique Vintage's website was accessed by malware between January of 2012 and September 14, 2013.  Customer names, emails, credit card numbers, and phone numbers may have been accessed.

 
Information Source:
California Attorney General
records from this breach used in our total: 0

October 1, 2013 McHenry County College, Ellucian
Crystal Lake, Illinois
EDU DISC

Unknown

McHenry County College's software vendor Ellucian accidentally sent the personal information of current and former McHenry County College students and staff to three other junior colleges.  Social Security numbers and other information were sent to Morton, Prairie State, and Triton.

 
Information Source:
Media
records from this breach used in our total: 0

October 1, 2013 JP Morgan Chase
New York, New York
BSF DISC

Unknown

JP Morgan Chase customers received a privacy notification in early September. A labeling error caused the Social Security numbers of customers to be printed on the outside of the notification letter.  A lawsuit was filed against JP Morgan Chase on behalf of affected customers.  The lawsuit claims that JP Morgan did not immediately notify its customers and should have prevented the breach from happening.  The case is Alexander Furman et al v JP Morgan Chase & Co et al, No. 13-cv-06749, U.S. District Court, Northern District of Illinois.

 
Information Source:
Media
records from this breach used in our total: 0

October 3, 2013 Mercy Health Systems, Allscripts
Baltimore, Maryland
MED STAT

25 (No Social Security numbers or financial information reported)

An unencrypted hard drive was discovered missing on January 14, 2013.  It held the names, health plan beneficiary numbers, diagnoses, medical record numbers, and account numbers of 25 Mercy Health Systems patients.  The hard drive was last seen by Mercy Health Systems' transcription contractor, Allscripts. Mercy Health Systems learned of the issue on February 14, 2013.

 
Information Source:
PHIPrivacy.net
records from this breach used in our total: 0

October 4, 2013 Buckeye Check Cashing
Dublin, Ohio
BSF PORT

Unknown

The June 27 car theft of a laptop resulted in the exposure of customer information.  Names, Social Security numbers, addresses, and bank account information were exposed.

 
Information Source:
California Attorney General
records from this breach used in our total: 0

October 4, 2013 NHC Healthcare Oak Ridge
Oak Ridge, Tennessee
MED PORT

Unknown

An unencrypted backup tape was discovered missing.  It contained patient names, Social Security numbers, dates of birth, home addresses, and medical information.

 
Information Source:
Media
records from this breach used in our total: 0

October 4, 2013 PLS Financial Services
Chicago, Illinois
BSF DISC

Unknown

A programming error that occurred on July 11, 2013 allowed 34 visitors to PLS Financial Services' website to view the names, Social Security numbers, addresses, and email addresses of PLS Financial Services customers.  The error was discovered on July 26 and quickly fixed.

 
Information Source:
Media
records from this breach used in our total: 0

October 4, 2013 Bell Helicopter
Hurst, Texas
BSO HACK

Unknown

On July 3, Bell Helicopter learned that some people who attended Bell Helicopter Training Academy were receiving phishing emails from a source claiming to be Bell. It appears that Bell's database of attendee information was accessed by a cyber intruder.  Attendees may have had their email addresses and credit card numbers exposed.

 
Information Source:
Media
records from this breach used in our total: 0

November 13, 2013 USI Insurance Services LLC
Columbus, Ohio
BSF HACK

Unknown

Malicious software was installed on the USI website on or around October 2, 2013.  A hacker may have been able to view information stored in the USI system.  Client names, usernames, passwords, and mailing addresses were exposed.

 
Information Source:
California Attorney General
records from this breach used in our total: 0

November 28, 2013 The Flamingo Resort and Spa
Santa Rosa, California
BSO HACK

Unknown

Employees with questions may call 1-(800)-848-8300.

A virus was discovered on The Flamingo Resort and Spa payroll computer.  Employee names, Social Security numbers, bank routing numbers for those who used direct deposit, dates of birth, phone numbers, and home addresses may have been exposed.

 
Information Source:
Media
records from this breach used in our total: 0

November 28, 2013 Orange County Anaheim Medical Center, Kaiser Foundation Hospital
Anaheim, California
MED PORT

Unknown

Patients with questions may contact Kaiser Permanente at 1(800)-443-0815.

A flash drive that contained patient information was discovered missing on September 25, 2013.  It contained names, dates of birth, and medical record numbers.  

 
Information Source:
PHIPrivacy.net
records from this breach used in our total: 0

November 27, 2013 California Employment Development Department
Sacramento, California
GOV DISC

Unknown

Unemployment claim filing notices were sent to employers that contained information of people who had never been employed with them.  An undisclosed number of people had their names and Social Security numbers mistakenly exposed.  The issue was discovered when several employers notified EDD that some of the names and Social Security numbers did not match their records.

UPDATE (11/22/2013): The erroneous mailings occurred between September 14, 2013 and October 9, 2013.

 
Information Source:
Media
records from this breach used in our total: 0

November 25, 2013 Crown Castle International Corp
Canonsburg, Pennsylvania
BSO HACK

Unknown

Crown Castle determined on October 31 that their payroll information may have been accessed by hackers.  Employee names, Social Security numbers, and compensation may have been exposed.

 
Information Source:
Media
records from this breach used in our total: 0

November 26, 2013 URM Stores
Spokane, Washington
BSR HACK

Unknown

URM Stores is the wholesaler that processes electronic payments made by customers of Yoke's Fresh Market, Rosauers, Super 1 Foods, Family Foods, Harvest Foods, CenterPlace Market, and Trading Co. Stores.

Customers with questions may call URM's call center at 877-237-7408.

Washington banks and credit unions noticed fraudulent activity on the debit and credit cards of grocery store customers.  The breach was traced to Yoke's Fresh Markets, Rosauers stores, and other grocery stores associated with URM stores.  The hacking incident occurred sometime between September and October.  Customers were encouraged to use cash, check, or an alternative form of payment card processing to pay in stores until the breach was resolved.

UPDATE (12/03/2013): Over 24 stores in Montana and an unspecified number of stores in Oregon were also affected.  URM believes the breach that allowed fraudulent copies of customer payment cards to be created has been contained.  Customers were encouraged to check their bank statements after URM allowed normal payment card purchases to resume.

 
Information Source:
Media
records from this breach used in our total: 0

November 22, 2013 Redwood Memorial Hospital
Fortuna, California
MED PORT

1,039 (No Social Security numbers or financial information reported)

Patients with questions may call 1 (707)-269-3685.

An unencrypted flash drive from Redwood Memorial Hospital's Cardiopumlonary Services Department was discovered missing on November 8.  The flash drive had been missing since at least November 6 and contained patient names, report ID numbers, test indications, ages, heights, weights, test recording and analysis dates and times, facility and address where services were rendered, and clinical summaries of test findings.  Some patients who were seen at Redwood Memorial Hospital between 2001 and 2013 may have had their information exposed.  

 
Information Source:
Media
records from this breach used in our total: 0

November 21, 2013 Clarity Media Group
Denver, Colorado
BSO PORT

Unknown

The October 12 theft of a laptop resulted in the exposure of current and former employee information.  Current and former employees of Clarity Media Group's subsidiaries and of Freedom Communications were also affected.  Names, Social Security numbers, mailing addresses, email addresses, phone numbers, dates of birth, salaries, and 401(k) balances were on the laptop.  The dependents of employees may have also had their information exposed.

 
Information Source:
Media
records from this breach used in our total: 0

December 3, 2013 Chicago Public Schools
Chicago, Illinois
EDU DISC

2,000 (No Social Security numbers or financial information reported)

The vision exam dates, diagnoses, dates of birth, genders, identification numbers, and school names of students were accidentally made available to the public online between June 18 and July 31, 2013.  The breach was discovered on October 7 and the Chicago vision exam program information was removed.  The information was viewed by 14 people during that time.  All cached and archived versions of the information were also removed from the Internet.

 
Information Source:
Databreaches.net
records from this breach used in our total: 0

December 4, 2013 ADP, Facebook, Gmail, LinkedIn, Twitter, Yahoo, YouTube
,
BSO HACK

2 million (No Social Security numbers or financial information reported)

There is no specific location for this breach.

A breach that involved keylogging software affected at least 93,000 websites.  The virus may have originated on a server located in the Netherlands.  It first started collecting passwords and usernames on October 21. Approximately 860 computers in the United States were affected. More than 99% of the computers that were affected were outside of the United States.

 
Information Source:
Media
records from this breach used in our total: 0

December 6, 2013 B&G Foods North America, Inc., Maple Grove Farms
St. Johnsbury, Vermont
BSR HACK

Unknown

Those with questions may call 1-888-887-3268 between 8:00 a.m. and 4:30 p.m., Eastern Time, Monday through Friday.

On November, 16, B&G Foods North America, Inc. discovered that an unauthorized party accessed Maple Grove Farms' website.  Customers who made online purchases may have had their names, addresses, telephone numbers, and payment card numbers exposed.  

 
Information Source:
California Attorney General
records from this breach used in our total: 0

November 15, 2013 Lincoln Credit Center, National Debt Defense, SmartPath
San Diego, California
BSF UNKN

Unknown

Personal information related to client accounts may have been compromised at a physical location.  The breach occurred sometime between October 20 and November 15. Lincoln Credit Center is monitoring client accounts for suspicious activity.

 
Information Source:
California Attorney General
records from this breach used in our total: 0

November 11, 2013 Discover Financial Services
Riverwoods, Illinois
BSF UNKN

Unknown

An unspecified number of Discover customers had their account numbers changed and were issued a new card.  It is unclear what type of security breach prompted the notification and when it may have occurred. Several customers in California received the notification letter; residents of other states may have been notified as well.

 
Information Source:
California Attorney General
records from this breach used in our total: 0

November 20, 2013 Office of Dr. Kathleen Whisman
Sebastopol, California
MED STAT

Unknown

Sometime around April 11, 2013, Dr. Whisman learned of a breach that involved patient information on a computer recovered during an identity theft ring investigation.  The patient information included full names, Social Security numbers, addresses, telephone numbers, dates of birth, and insurance plan information for patients who were seen in 1998 and 1999.  The information likely came from a stolen computer and Dr. Whisman was encouraged to delay notification until the investigation was completed.

 
Information Source:
California Attorney General
records from this breach used in our total: 0

December 2, 2013 Board of Barbering and Cosmetology
Sacramento, California
GOV STAT

Unknown

Those with questions may call 1-(866)-968-7797.

The August 23 office burglary of a desktop computer resulted in the exposure of sensitive information.  Individuals who participated as models during cosmetology, barbering, manicure, esthetician, or electrology exams may have had their names, dates of birth, and California drivers' license or identification card numbers exposed.

 
Information Source:
California Attorney General
records from this breach used in our total: 0

November 17, 2013 MacRumors, vBulletin
,
BSO HACK

860,000 (No Social Security numbers or financial information exposed)

A group of hackers claimed responsibility for compromising usernames, emails, and passwords associated with MacRumors and vBulletin Forum.  The hackers used a Zero Day exploit.  A total of 860,000 MacRumors users were affected. It is unclear how many vBulletin Forum users were affected.

 
Information Source:
Media
records from this breach used in our total: 0

December 9, 2013 Southern Illinois University (SIU) HealthCare
Springfield, Illinois
MED PORT

1,891 (No Social Security numbers or financial information reported)

The loss or theft of a former SIU orthopedic surgeon's computer resulted in the exposure of patient information.  The loss or theft was discovered on October 15.  Information included patient names, dates of birth, admission dates, medical record numbers, diagnoses, procedural codes, and other health information from patients treated by Dr. Mark P. McAndrew.

 
Information Source:
Media
records from this breach used in our total: 0

Breach Total
868,045,823 RECORDS BREACHED
(Please see explanation about this total.)
from 4,353 DATA BREACHES made public since 2005
Showing 4101-4150 of 4353 results


X

Sign In!

Loading