Chronology of Data Breaches
Security Breaches 2005 - Present

Posted Date: April 20, 2005
Updated Date: December 31, 2013

Is this your first visit to our Chronology of Data Breaches?

  • Read our FAQ about what we define as a breached record, how we calculate the "total" records breached, our data sources, state breach notice laws, studies and other resources

  • Learn how to use our Chronology and take advantage of its sophisticated search and sort features

  • Get our RSS Feed to see when we add new breaches to the list

What would you like to do?


Click or unclick the boxes then select go.


Select features, then click GO.



Help Guide

Can't find the sort feature you're looking for? Click here to download a CSV file of the data breach list as it exisits today.
Breach Total
930,526,448 RECORDS BREACHED
(Please see explanation about this total.)
from 4,427 DATA BREACHES made public since 2005

Save or Print PDF of Entire Breach List including introduction.Save or Print a PDF of Entire Breach List (including introductory FAQ)

Filter breach list before saving or printing PDF. Conduct a search of the Chronology using its sorting features, and Save or Print a PDF of your search results (Select filters)

If you do not have access to PDF, you can print the Chronology in landscape view.

Date Made Public Name Entity Type
October 22, 2013 Aaron's
Atlanta, Georgia
BSR DISC

Unknown

The US Federal Trade Commission filed a complaint against Aaron's over their practice of monitoring customer activity through software called Detective Mode.  It was determined that customers who rented computers were put at risk for identity theft by Aaron's practice of recording customer keystroke activity, screen shots, and images taken from webcams.  Aaron's may only use tracking technology with the consent of the renter and may not use technology that captures keystrokes, screenshots, images, or sounds on the devices it rents.  

 
Information Source:
Media
records from this breach used in our total: 0

October 23, 2013 University of Southern Maine
Portland, Maine
EDU PHYS

Unknown

Someone broke into a University van and stole campus keys.  The keys could give them access to nearly 50 Portland and Gorham campus buildings.  The University is in the process of replacing locks of the affected buildings.  Student, personnel, and other records may be accessible.  Faculty, staff, and students were notified of the incident and encouraged to shut electronic devices down when leaving them unattended.  They were also advised to not leave sensitive information or belongings in campus buildings without additional locks.

 
Information Source:
Media
records from this breach used in our total: 0

September 30, 2013 The New Teacher Project
Brooklyn, New York
NGO PORT

Unknown

The July 27 or 28 office theft of an unencrypted laptop resulted in the exposure of current and former employee information.  Names, Social Security numbers, dates of birth, and employee ID numbers were exposed.

 
Information Source:
Databreaches.net
records from this breach used in our total: 0

September 30, 2013 Sentry Life Insurance, Department of Labor
Stevens Point, Wisconsin
BSF DISC

Unknown

Sentry Life Insurnace discovered that several forms sent to the Department of Labor contained an attachments with names, Social Security numbers, and in a few cases, 401k account balances.  The Department of Labor uploaded the forms to a public website before Sentry's discovery.  The discovery was made on July 2 and a letter was sent on July 11 to the Maryland Attorney General's Office on behalf of Sentry.

 
Information Source:
Databreaches.net
records from this breach used in our total: 0

October 13, 2013 PR Newswire
New York, New York
BSO HACK

Unknown

Customer usernames and encrypted passwords were accessed and taken by hackers on or after March 8, 2013.  Hackers may have had access to the news release services of companies that use PR Newswire.  The breach is related to the Adobe hack that was revealed in early October of 2013.  

 
Information Source:
Media
records from this breach used in our total: 0

October 23, 2013 The Fisherman's Restaurant, Radiant Systems
Fort Worth, Texas
BSR DISC

Unknown

Radiant Systems accidentally transmitted Fisherman's Restaurant employee information to another Radiant Systems restaurant customer.  The error occurred from May 3, 2013 through September 24, 2013.  Radiant Systems learned of the issue on September 23 and notifications were sent in early October.  Full names, Social Security numbers, dates of birth, gender, marital status and number of dependents, addresses, telephone numbers, and personnel information were exposed.

 
Information Source:
California Attorney General
records from this breach used in our total: 0

October 25, 2013 Yusen Logistics (Americas) Inc.
Secaucus, New Jersey
BSO PORT

Unknown

An unencrypted laptop was stolen from an employee's vehicle sometime around September 23.  It contained a spreadsheet with payroll deduction information for former and current Yusen Logistics Americas employees.  It contained names, Social Security numbers, addresses, and payroll benefit deduction amounts from the period of July 2013 to September 2013.

 
Information Source:
California Attorney General
records from this breach used in our total: 0

October 28, 2013 Dun & Bradstreet
Suwanee, Georgia
BSO HACK

Unknown

A cyber attack occurred during the period between March and April 2013.  Dun & Bradstreet hold information for business marketing and other businesses may have been affected. 

 
Information Source:
California Attorney General
records from this breach used in our total: 0

October 30, 2013 Children's Healthcare of Atlanta
Atlanta, Georgia
MED INSD

500 (No Social Security numbers or financial information exposed)

Children's Healthcare of Atlanta fired and sued an executive for allegedly taking proprietary information that included patient health information, state license numbers for more than 500 health care providers, and other health care provider information.  The executive announced her resignation on October 16 and on October 18 the Hospital discovered that she had emailed sensitive information to her personal email account.  The executive had planned to leave on December 20 but was fired for exposing the Hospital's sensitive information.

 
Information Source:
PHIPrivacy.net
records from this breach used in our total: 0

October 30, 2013 Emerald Garden, Tampa General Hospital
Clearwater, Florida
MED INSD

Unknown

An investigation uncovered sensitive information from Emerald Garden and Tampa General Hospital patients.  A dishonest Emerald Garden employee was arrested in May and sentenced to 37 months in prison for conspiring to misuse the information to file tax refunds.  A contact at Tampa General Hospital also supplied patient information.  

 
Information Source:
PHIPrivacy.net
records from this breach used in our total: 0

November 4, 2013 Phoenix Medical Group
Laurel, New Jersey
MED INSD

Unknown

A dishonest employee accessed and misused patient information sometime between January of 2009 and March of 2012.  Social Security numbers and dates of birth were taken to file fraudulent tax returns. The former employee pleaded guilty to one count of theft of government property and one count of aggravated identity theft.

 
Information Source:
PHIPrivacy.net
records from this breach used in our total: 0

November 4, 2013 University Hospitals
Cleveland, Ohio
MED STAT

7,100 (Unknown number of Social Security numbers)

An unnamed contractor misplaced a University Hospitals hard drive after taking it for a computer system upgrade.  The hard drive was stolen from the car of an employee of the contractor on August 8.  It contained patient information such as names, birth dates, addresses, medical record numbers, insurance provider information, and health information.  

 
Information Source:
PHIPrivacy.net
records from this breach used in our total: 0

October 25, 2013 Mount Sinai Medical Center
Miami Beach, Florida
MED INSD

Unknown

An employee who was working at Mt. Sinani Medical Center through a temp agency was found with patient information during a traffic stop.  Police uncovered a bag that contained over 100 printouts with patient names, Social Security numbers, addresses, and dates of birth.  Photocopies of checks that had been written to Mt. Sinai Medical Center and corresponding billing statements were also found during the February 27, 2013 traffic stop.  Additional information that could be used for fraud was also found at the temporary employee's residence.

The dishonest employee was convicted for involvement in the identity theft and tax refund scheme. It was later discovered that the temp agency gave Mt. Sinai Medical Center false background information about the temporary employee.  Mt. Sinai Medical Center no longer does business with the staffing agency.

 
Information Source:
PHIPrivacy.net
records from this breach used in our total: 0

November 8, 2013 Standard Insurance Company
Portland, Oregon
BSF DISC

Unknown

One of Standard Insurance Company's vendors accessed a file that was inadvertently disclosed on the vendor's system.  Names, Social Security numbers, addresses, and dates of birth could have been accessed between October 7 and October 18.  The issue was discovered when an insurance policyholder noticed they had access to the information and contacted Standard Insurance Company.

 
Information Source:
Media
records from this breach used in our total: 0

November 8, 2013 North Carolina Department of Health and Human Services
Raleigh, North Carolina
GOV DISC

1,300 (No Social Security numbers or financial information was involved)

Over 1,300 people who received payment from state hospitals had their information exposed online.  Names, addresses, payment dates, name of facilities that made the payments, and dollar amounts paid were posted on North Carolina Department of Health and Human Services' transparency website "NC OpenBook."  The error was discovered when an individual complained.  The information had been available for years.

 
Information Source:
Media
records from this breach used in our total: 0

September 10, 2013 TrendNet
Torrance, California
BSR HACK

700 (No Social Security numbers or financial information exposed)

The FTC case can be found herehttp://www.ftc.gov/os/caselist/1223090/130903trendnetorder.pdf

FTC fined TrendNet for having inadequate security practices and marketing their products to consumers as secure.  TrendNet's website was breached by a hacker or hackers.  This allowed them to bypass users' login credentials and access wireless camera feeds.  At least 700 people who purchased TrendNet security cameras had their live camera feeds hacked. Some of their feeds were published online by hackers.

 
Information Source:
Media
records from this breach used in our total: 0

November 15, 2013 Greencastle Community School Corporation
Greencastle, Indiana
EDU HACK

Unknown

Greencastle Community School Corporation notified parents of a security issue involving improprer access by students.  Several students from Greencastle High School found a list of student network passwords and were able to access a limited amount of confidential student files on the school network.  Students in grades three through 12 may have had breakfast or lunch expenses falsely charged to their names and students with unauthorized access may have been able to access the network under other students' accounts.

 
Information Source:
Media
records from this breach used in our total: 0

November 11, 2013 North Country Hospital and Health Center
Newport, Vermont
MED INSD

550 (No Social Security numbers or financial information reported)

Patients with questions may call (802) 334-3253.

A former employee refused to return a laptop that contained unspecified patient health information.  North County Hospital first learned of the issue on September 18.  The Newport Police Department was contacted and all administrator-level computer system user codes and passwords that the employee had access to were changed.  The laptop was also password-protected and will be remotely locked out if someone attempts to use it to access the Hospital systems.

 
Information Source:
HHS via PHIPrivacy.net
records from this breach used in our total: 0

November 11, 2013 St. Mary's Janesville Hospital, SSM Health Care
Janesville, Wisconsin
MED PORT

629 (No Social Security numbers or financial information exposed)

The August 27 car theft of an SSM Health Care employee's unencrypted laptop resulted in the exposure of patient information.  Patients who were treated in St. Mary's Janesville Hospital's emergency room between January 1 and August 26 of 2013 were affected.  Names, dates of birth, medical record numbers, account numbers, providers, departments of service, bed numbers, room numbers, dates and times of service, history of visits, complaints, diagnoses, procedures, test results, vaccines, and medications were exposed.

 
Information Source:
PHIPrivacy.net
records from this breach used in our total: 0

November 15, 2013 Office of Dr. Paul G. Klein, DPM
Wayne, New Jersey
MED PORT

2,500 (No Social Security numbers or financial information reported)

The October 1 theft of a laptop resulted in the exposure of patient information.

 
Information Source:
HHS via PHIPrivacy.net
records from this breach used in our total: 0

November 15, 2013 Hospital for Special Surgery
New York, New York
MED INSD

537 (No Social Security numbers or financial information reported)

A March 19 breach may have resulted in the exposure of patient information.  The breach may have involved the theft of computer equipment, the unauthorized access of information on a computer, and/or paper records.

UPDATE (12/20/2013): A dishonest employee accessed names, Social Security numbers, addresses, dates of birth, driver's license numbers, passport numbers, physician names, diagnosis information, medical billing codes, bank account and routing numbers, and payment party names and payment information.  Hospital for Special Surgery learned of the breach on May 31 and the dishonest employee was arrested in August.

 
Information Source:
HHS via PHIPrivacy.net
records from this breach used in our total: 0

November 15, 2013 Mount Sinai Medical Center
New York, New York
GOV PORT

610 (No Social Security numbers or financial information reported)

The August 1 theft or loss of a portable electronic device resulted in the exposure of patient information.

 
Information Source:
HHS via PHIPrivacy.net
records from this breach used in our total: 0

November 15, 2013 Mount Sinai Medical Center
New York, New York
MED PHYS

1,586 (No Social Security numbers or financial information reported)

Patient records were improperly disposed of on August 6.  

 
Information Source:
HHS via PHIPrivacy.net
records from this breach used in our total: 0

November 15, 2013 Superior HealthPlan, Inc.
Austin, Texas
MED DISC

6,284 (No Social Security numbers or financial information reported)

New Health and Human Services Commission ID numbers were sent on Superior ID cards to CHIP members on October 4.  It was discovered that a computer error caused some Superior CHIP ID cards to be sent to incorrect addresses. Names, CHIP ID numbers, and doctors' names and phone numbers were exposed.  All members who were affected were notified.

 
Information Source:
HHS via PHIPrivacy.net
records from this breach used in our total: 0

November 15, 2013 Group Health Cooperative
Seattle, Washington
NGO DISC

1,015 (No Social Security numbers or financial information reported)

Group Health member identification numbers and chronic conditions were accidentally printed on the outside of letters that were mailed on September 16.  The issue was discovered on September 23.

 
Information Source:
HHS via PHIPrivacy.net
records from this breach used in our total: 0

November 15, 2013 Rose Medical Center
Denver, Colorado
MED PHYS

606 (No Social Security numbers or financial information exposed)

Patient records were improperly disposed of sometime between June 28 of 2013 and July 16 of 2013.

 
Information Source:
HHS via PHIPrivacy.net
records from this breach used in our total: 0

November 8, 2013 ICS Collection Services, Inc, University of Chicago Physicians Group
Tinley Park, Illinois
MED DISC

1,344 (Unknown number of Social Security numbers)

University of Chicago Physicians Group's former contractor ICS Collection Services discovered that website users were able to view sensitive information of other users.  At least one user was able to view the names, addresses, dates of birth, insurance payments and dates, insurance company names, insurance policy numbers, procedures, diagnosis codes and descriptions, dates of service, treating physician names, and sometimes even Social Security numbers associated with University of Chicago Physicians Group patients.  ICS Collection Services learned of the issue on July 9.

 
Information Source:
HHS via PHIPrivacy.net
records from this breach used in our total: 0

November 8, 2013 Texas Health Presbyterian Dallas Hospital
Dallas, Texas
MED STAT

949 (No Social Security numbers or financial information reported)

The August 22 office theft of a computer resulted in the exposure of patient information.  Names, dates of birth, age, gender, radiology images, radiation therapy dose planning, diagnoses, and Texas Health Presbyterian medical record numbers were on the computer.

 
Information Source:
HHS via PHIPrivacy.net
records from this breach used in our total: 0

November 8, 2013 Comprehensive Podiatry LLC
Independence, Ohio
MED PORT

1,360 (No Social Security numbers or financial information reported)

The August 3 theft of a laptop resulted in the exposure of patient information.

 
Information Source:
HHS via PHIPrivacy.net
records from this breach used in our total: 0

November 8, 2013 Access Counseling, LLC
Los Angeles, California
MED PORT

566 (Partial Social Security numbers involved)

A briefcase was stolen from an employee's car sometime between the evening of August 22 and the morning of August 23.  The case files of seven clients were inside of the briefcase. Additionally, the briefcase contained a computer with files that included names, partial Social Security numbers, dates of birth, addresses, and clinical notes related to all clients.

 
Information Source:
HHS via PHIPrivacy.net
records from this breach used in our total: 0

November 8, 2013 BriovaRx
Chicago, Illinois
MED UNKN

1,067 (No Social Security numbers or financial information reported)

A breach of patient records occurred between July 3 and July 11 of 2013.  In a breach that may be related, a former employee was sued for stealing confidential health information and trade secrets in October.

 
Information Source:
HHS via PHIPrivacy.net
records from this breach used in our total: 0

November 8, 2013 Region Ten Community Services Board
Charlottesville, Virginia
MED HACK

10,228 (No Social Security numbers or financial information exposed)

A hacker obtained the passwords to several employees' emails on July 29.  The email accounts may have contained the health information of patients.

 
Information Source:
HHS via PHIPrivacy.net
records from this breach used in our total: 0

November 8, 2013 Schuylkill Health System
Pottsville, Pennsylvania
MED PORT

2,810 (No Social Security numbers or financial information reported)

The August 7 theft of a laptop resulted in the exposure of patient information.  

 
Information Source:
HHS via PHIPrivacy.net
records from this breach used in our total: 0

November 8, 2013 Littleton Podiatry
Littleton, Colorado
MED PORT

3,512 (No Social Security numbers or financial information exposed)

The August 27 theft of a laptop resulted in the exposure of patient information.

 
Information Source:
HHS via PHIPrivacy.net
records from this breach used in our total: 0

November 8, 2013 Sierra View District Hospital
Porterville, California
MED INSD

1,009 (No Social Security numbers or financial information reported)

A routine security audit at Sierra View District Hospital revealed that an employee had inappropriately accessed protected health information.  An investigation revealed that the information was not disclosed externally.  The breach occurred between July 1 and August 2.  

 
Information Source:
HHS via PHIPrivacy.net
records from this breach used in our total: 0

October 21, 2013 RGV DME (Durable Medical Equipment)
McAllen, Texas
MED INSD

Unknown

Three people were sentenced to prison for their roles in a scheme to defraud Medicare and Medicaid.  Two of the people owned RGV DME and a third worked for them.  Between early 2004 and late 2011, the three submitted fraudulent claims to Medicare and Texas Medicaid for DME supplies.

 
Information Source:
PHIPrivacy.net
records from this breach used in our total: 0

September 28, 2013 Virginia Polytechnic Institute and State University (Virginia Tech)
Blacksburg, Virginia
EDU HACK

144,963 (No Social Security numbers or financial information reported)

The University's statement can be found here: http://www.vtnews.vt.edu/articles/2013/09/092413-hr-hrserver.html

The computer server of Virginia Tech's Department of Human Resources was accessed on August 28.  The information of people who applied online to Virginia Tech between 2003 and 2013 may have been accessed.  No Social Security numbers or financial information was exposed. A total of 16,642 job applicants had their driver's license numbers exposed.  The remaining job applicants had not submitted this information.

 
Information Source:
Media
records from this breach used in our total: 0

November 17, 2013 CME Group, CME ClearPort
Chicago, Illinois
BSF HACK

Unknown

A July cyberattack resulted in the exposure of customer information.  Customers were required to change their log in credentials.  It is unclear what kind of customer information was exposed.

 
Information Source:
Media
records from this breach used in our total: 0

November 20, 2013 GitHub
San Francisco, California
BSO HACK

Unknown

A hacker or hackers compromised some of the user accounts of GitHub.  The hackers used a brute force attack to expose passwords.  GitHub reset the passwords of users who were affected.

 
Information Source:
Media
records from this breach used in our total: 0

November 19, 2013 Sachem Central School District
Lake Ronkonkoma, New York
EDU HACK

15,000

Sachem's notice can be found here: http://www.sachem.edu/home/pdf/QAData11192013.pdf

Two breaches in the summer of 2013 and November of 2013 resulted in the exposure of student information.  The sensitive information that was exposed in July may have been accidentally exposed through an administrative error.  

A second breach was discovered on November 8 when the Superintendent learned that student information had been posted on a publicly accessible webpage.  The investigation of the November breach is ongoing.  Student names and ID numbers were the primary types of data that were exposed in both incidents.

UPDATE (11/23/2013): A student of Sachem North High School pleaded not guilty to computer trespass and was released without bail.  The student may have also accessed information in 2012.  A list of 15,000 students' information that dated back to the early 2000s was discovered online. A list of 130 students who received instructional services in an alternative setting in the 2010-2011 school year was also discovered online.

 
Information Source:
Security Breach Letter
records from this breach used in our total: 0

September 26, 2013 LexisNexis, Dun & Bradstreet, Kroll Background America
Short Hills, New Jersey
BSO HACK

Unknown

Hackers were able to access an underground database of stolen consumer information.  It was discovered that the network was set up to receive information from internal systems at several large data brokers.  LexisNexis was one of the data brokers that was affected and discovered that their networks may have been compromised for at least five months.  Dun & Bradstreet discovered that their systems had been compromised as far back as March 27, 2013.  The breach of Kroll Background America, Inc. had began as far back as June 2013.

UPDATE (11/26/2013): Kroll Background America informed California that 548 California residents were affected by the breach.

 
Information Source:
Media
records from this breach used in our total: 0

September 28, 2013 ICG America (Amazing Clubs, Games2U, Flying Noodle, Monster Brew, Texas Irons, California Reds)
Austin, Texas
BSO HACK

Unknown

ICG America Learned that its payment processing system was the target of a cyber attack.  The attack began on January 2, 2013 and continued until August 2, 2013.  Customers who made purchases from companies operated by ICG America may have had their names, credit card and debit card numbers, expiration dates, CVV codes, addresses, and email addresses exposed.

 
Information Source:
Media
records from this breach used in our total: 0

September 28, 2013 Unique Vintage
Burbank, California
BSR HACK

Unknown

A breach letter can be found herehttps://oag.ca.gov/system/files/Customer%20Notification%20Letter%20%2892312rv%292_0.pdf?

Unique Vintage's website was accessed by malware between January of 2012 and September 14, 2013.  Customer names, emails, credit card numbers, and phone numbers may have been accessed.

 
Information Source:
California Attorney General
records from this breach used in our total: 0

October 1, 2013 McHenry County College, Ellucian
Crystal Lake, Illinois
EDU DISC

Unknown

McHenry County College's software vendor Ellucian accidentally sent the personal information of current and former McHenry County College students and staff to three other junior colleges.  Social Security numbers and other information were sent to Morton, Prairie State, and Triton.

 
Information Source:
Media
records from this breach used in our total: 0

October 1, 2013 JP Morgan Chase
New York, New York
BSF DISC

Unknown

JP Morgan Chase customers received a privacy notification in early September. A labeling error caused the Social Security numbers of customers to be printed on the outside of the notification letter.  A lawsuit was filed against JP Morgan Chase on behalf of affected customers.  The lawsuit claims that JP Morgan did not immediately notify its customers and should have prevented the breach from happening.  The case is Alexander Furman et al v JP Morgan Chase & Co et al, No. 13-cv-06749, U.S. District Court, Northern District of Illinois.

 
Information Source:
Media
records from this breach used in our total: 0

October 3, 2013 Mercy Health Systems, Allscripts
Baltimore, Maryland
MED STAT

25 (No Social Security numbers or financial information reported)

An unencrypted hard drive was discovered missing on January 14, 2013.  It held the names, health plan beneficiary numbers, diagnoses, medical record numbers, and account numbers of 25 Mercy Health Systems patients.  The hard drive was last seen by Mercy Health Systems' transcription contractor, Allscripts. Mercy Health Systems learned of the issue on February 14, 2013.

 
Information Source:
PHIPrivacy.net
records from this breach used in our total: 0

October 4, 2013 Buckeye Check Cashing
Dublin, Ohio
BSF PORT

Unknown

The June 27 car theft of a laptop resulted in the exposure of customer information.  Names, Social Security numbers, addresses, and bank account information were exposed.

 
Information Source:
California Attorney General
records from this breach used in our total: 0

October 4, 2013 NHC Healthcare Oak Ridge
Oak Ridge, Tennessee
MED PORT

Unknown

An unencrypted backup tape was discovered missing.  It contained patient names, Social Security numbers, dates of birth, home addresses, and medical information.

 
Information Source:
Media
records from this breach used in our total: 0

October 4, 2013 PLS Financial Services
Chicago, Illinois
BSF DISC

Unknown

A programming error that occurred on July 11, 2013 allowed 34 visitors to PLS Financial Services' website to view the names, Social Security numbers, addresses, and email addresses of PLS Financial Services customers.  The error was discovered on July 26 and quickly fixed.

 
Information Source:
Media
records from this breach used in our total: 0

October 4, 2013 Bell Helicopter
Hurst, Texas
BSO HACK

Unknown

On July 3, Bell Helicopter learned that some people who attended Bell Helicopter Training Academy were receiving phishing emails from a source claiming to be Bell. It appears that Bell's database of attendee information was accessed by a cyber intruder.  Attendees may have had their email addresses and credit card numbers exposed.

 
Information Source:
Media
records from this breach used in our total: 0

Breach Total
930,526,448 RECORDS BREACHED
(Please see explanation about this total.)
from 4,427 DATA BREACHES made public since 2005
Showing 4101-4150 of 4427 results


X

Sign In!

Loading