Chronology of Data Breaches
Security Breaches 2005 - Present

Posted Date: April 20, 2005
Updated Date: December 31, 2013

Is this your first visit to our Chronology of Data Breaches?

  • Read our FAQ about what we define as a breached record, how we calculate the "total" records breached, our data sources, state breach notice laws, studies and other resources

  • Learn how to use our Chronology and take advantage of its sophisticated search and sort features

  • Get our RSS Feed to see when we add new breaches to the list

What would you like to do?


Click or unclick the boxes then select go.


Select features, then click GO.



Help Guide

Can't find the sort feature you're looking for? Click here to download a CSV file of the data breach list as it exisits today.
Breach Total
868,045,823 RECORDS BREACHED
(Please see explanation about this total.)
from 4,353 DATA BREACHES made public since 2005

Save or Print PDF of Entire Breach List including introduction.Save or Print a PDF of Entire Breach List (including introductory FAQ)

Filter breach list before saving or printing PDF. Conduct a search of the Chronology using its sorting features, and Save or Print a PDF of your search results (Select filters)

If you do not have access to PDF, you can print the Chronology in landscape view.

Date Made Public Name Entity Type
December 12, 2013 inSync, Cottage Hospital, Cottage Health System
Santa Barbara, California
MED DISC

32,755 (No Social Security numbers or financial information exposed)

A Cottage Hospital vendor removed an electronic security device without notifying Cottage Hospital.  The removal may have exposed patient information.  Patients treated at centers in Goleta, Santa Ynez, and Santa Barbara between September 29, 2009 and December 2, 2013 may have had their lab results, procedures performed, and other medical details relating to diagnosis exposed.

UPDATE (12/13/2013): Patient names, dates of birth, addresses, and health information may have been exposed.

UPDATE (12/15/2013): Cottage Hospital's vendor was inSync.

 
Information Source:
Media
records from this breach used in our total: 0

December 11, 2013 University of Iowa
Iowa City, Iowa
EDU HACK

Unknown

An employee called the University of Iowa's help desk after clicking a suspicious link in an email.  It was discovered that the personal information and direct deposit information of over a dozen University of Iowa employees may have been exposed through compromised employee computers and accounts.  At least two employees had an unspecified, but large amount of money stolen from their November paychecks.  Two sets of phishing emails were sent to nearly 2,000 University of Iowa employees and the scam has been contained. 

 
Information Source:
Media
records from this breach used in our total: 0

December 13, 2013 The University of Connecticut (UConn) Health Center
Storrs, Connecticut
MED INSD

164 (No Social Security numbers or financial information exposed)

An employee accessed patient information without cause.  The employee's actions did not appear to be malicious and the employee was placed on administrative leave.  The incident or incidents were discovered on November 4.

 
Information Source:
Media
records from this breach used in our total: 0

December 11, 2013 Los Angeles Gay & Lesbian Center
Los Angeles, California
NGO HACK

59,000 (Unknown number of Social Security numbers)

A cyber attack caused the information of clients associated with the L.A. Gay and Lesbian Center to be affected between September 17, 2013 and November 8, 2013.  Names, Social Security numbers, credit card information, dates of birth, contact information, medical information, and health insurance account numbers may have been exposed.

 
Information Source:
Media
records from this breach used in our total: 0

December 20, 2013 Tennova Cardiology
Nashville, Tennessee
MED PORT

2,777

Those with questions may call (866) 369-0422.

The October 22 theft of a laptop from a transcription contractor working with Tennova Cardiology resulted in the exposure of patient information.  The laptop was not encrypted and included names, dates of birth, physician names, and health information (No Social Security numbers or financial information reported).

 
Information Source:
Media
records from this breach used in our total: 0

December 18, 2013 Washington Post
Washington, District Of Columbia
BSO HACK

Unknown

Hackers were able to access Washington Post employee usernames and passwords through an attack on the paper's servers.  The attack began through access to a server used by the Washington Post's foreign staff and then spread to more Washington Post servers.  The Washington Post and several other national papers were attacked in 2011 as well.

 
Information Source:
Media
records from this breach used in our total: 0

December 17, 2013 U.S. Federal Election Commission (FEC)
Washington, District Of Columbia
GOV HACK

Unknown

The U.S. Federal Election Commission's computer system was accessed by unauthorized parties sometime in October of 2013 during the government shutdown.  The system appears to have been infiltrated by hackers located in China.  The attack occurred at a time when no staff members were on duty to identify the issue.

 
Information Source:
Media
records from this breach used in our total: 0

December 21, 2013 Affinity Gaming
Las Vegas, Nevada
BSO HACK

Unknown

Facilities owned by Affinity Gaming may have been exposed to a cyber attack between March 14 and October 16.  Customer information associated with credit and debit cards may have been taken.  Affinity Gaming owns Silver Sevens Hotel & Casino, Rail City Casino, Buffalo Bill's Resort & Casino, Primm Valley Resort & Casino, Whiskey Pete's Hotel & Casino, Golden Mardi Gras Casino, Golden Gates Casino, Golden Gulch Casino, Mark Twain Casino & RV Park, Lakeside Hotel & Casino, and St. Jo Frontier Casino.

 
Information Source:
Media
records from this breach used in our total: 0

December 24, 2013 Lakes Liquor
Detroit Lakes, Minnesota
BSR UNKN

Unknown

Hundreds of debit and credit cards were compromised after customers used them at Lakes Liquor between October 27 and November 25.  Customer names, payment card numbers, expiration dates, and security codes may have been accessed for fraudulent purposes.  It is unclear how the information was obtained from Lakes Liquor.

 
Information Source:
Media
records from this breach used in our total: 0

December 21, 2013 DeLoach & Williamson, South Carolina Health Insurance Pool
Columbia, South Carolina
MED PORT

Unknown

The October 16, 2013 theft of a laptop from a DeLoach & Williamson employee's car may have resulted in the exposure of an unspecified number of South Carolina Health Insurance Pool patients' information.  Full names with middle initials, Social Security numbers, dates of service, and provider identification numbers may have been exposed.

 
Information Source:
Media
records from this breach used in our total: 0

December 16, 2013 Massachusetts Mutual Life Insurance Company
Springfield, Massachusetts
BSF DISC

Unknown

A MassMutual account manager accidentally included information about retirement plans in an email that was sent to an individual at a MassMutual retirement services client.  The client representative confirmed that the email was deleted. It contained an unspecified number of client information that included names, Social Security numbers, addresses, dates of birth, retirement plan names, and group numbers.  The incident occurred on December 3.

 
Information Source:
California Attorney General
records from this breach used in our total: 0

December 18, 2013 CITGO Petroleum Corporation
Houston, Texas
BSO DISC

Unknown

A folder with personal information was discovered in a location that made it accessible on CITGO's intranet to unauthorized employees.  The issue was discovered on October 9.  Social Security numbers, financial information, and other personal information could have been accessed.

 
Information Source:
California Attorney General
records from this breach used in our total: 0

December 20, 2013 Discover Financial Services
Riverwoods, Illinois
BSF UNKN

Unknown

An unspecified number of Discover customers had their account numbers changed and were issued a new card.  It is unclear what type of security breach prompted the notification and when it may have occurred.  Several customers in California received the notification letter; residents of other states may have been notified as well.

 
Information Source:
California Attorney General
records from this breach used in our total: 0

December 20, 2013 Techmedia Network
Ogden, Utah
BSO HACK

Unknown

An unauthorized person or persons gained access to Techmedia Network's systems.  Customer names, credit card numbers, expiration dates, CVV security codes, mailing addresses, email addresses, and phone numbers may have been exposed.  The breach was discovered on November 20.

 
Information Source:
California Attorney General
records from this breach used in our total: 0

December 20, 2013 W.J. Bradley Mortgage Capital, LLC
Centennial, Colorado
BSF INSD

Unknown

A former loan officer took files from WJB's computer systems while she was still employed.  The loan officer then left WJB and another mortgage company ended up with the information in late July and early August of 2013.  Client names, Social Security numbers, credit reports, bank account information, tax information, and other sensitive information related to loan applications was taken.  The information was eventually retrieved and removed from the systems of the unnamed mortage company.

 
Information Source:
California Attorney General
records from this breach used in our total: 0

December 22, 2013 Office of Dr. Rob Meaglia, DDS
Rocklin, California
MED STAT

Unknown

The December 15 office burglary of a computer resulted in the exposure of patient information.  Medical records, dental insurance information, and Social Security numbers may have been exposed. The computer was encrypted and password-protected.

 
Information Source:
California Attorney General
records from this breach used in our total: 0

December 25, 2013 Inspira Medical Center Vineland
Vineland, New Jersey
MED STAT

Unknown

The December 23 theft of a computer from the radiology department of Inspira Medical Center Vineland may have resulted in the exposure of patient information.  The computer was kept in an unsecured filing room.

 
Information Source:
PHIPrivacy.net
records from this breach used in our total: 0

December 17, 2013 Comprehensive Psychological Services LLC
Columbia, South Carolina
MED PORT

3,500 (No Social Security numbers or financial information reported)

The October 28 office theft of a laptop resulted in the exposure of patient information.  The laptop was password-protected and the patient files on it were not encrypted.  Neuropsychological testing, educational testing, custody evaluations, and other assessments and evaluations may have been exposed.

 
Information Source:
HHS via PHIPrivacy.net
records from this breach used in our total: 0

December 17, 2013 UniHealth SOURCE
Austell, Georgia
MED PORT

2,500 (No Social Security numbers or financial information reported)

The October 8 theft of an employee's laptop resulted in the exposure of current and former client information.  The laptop was taken from the employee's car while it was parked at home.  Full names and potential diagnoses may have been exposed.

 
Information Source:
PHIPrivacy.net
records from this breach used in our total: 0

December 16, 2013 Colorado Health & Wellness, Inc.
Colorado Springs, Colorado
MED INSD

651 (No Social Security numbers or financial information exposed)

Those with questions may call 1 (719)-576-2225.

A former doctor took patient information after ending his practice at Colorado Health & Wellness, Inc.  The breach was discovered on September 4, 2013 and involved patient names, addresses, telephone numbers, and email addresses. A notice was sent by Colorado Health & Wellness in November.

 
Information Source:
HHS via PHIPrivacy.net
records from this breach used in our total: 0

December 16, 2013 Dr. Martin Luther King Jr. Health Center, Bahoo.net, Professional Transcription Company
Bronx, New York
MED DISC

37,000 (No Social Security numbers or financial information exposed)

Those with questions may call 1-(877)-451-9361.

Dr. Martin Luther King Jr. Health Center learned that a transcription vendor named Professional Transcription Company hired a subcontractor named Bahoo.net to work on data transcription.  Bahoo.net inadvertently made patient information viewable through public internet search engines.  The breach occurred in 2009. Patient names, treatments, procedures, diagnosis information, and dates of services may have been accessed.  Bahoo closed its website and destroyed the hard drive so that the public could no longer view the personal information.  It is unclear what types of data were on the hard drive and when it was posted because the hard drive was destroyed.

 
Information Source:
HHS via PHIPrivacy.net
records from this breach used in our total: 0

December 16, 2013 Greater Dallas Orthopaedics, PLLC
Dallas, Texas
MED STAT

5,840 (No Social Security numbers or financial information reported)

Patients of Dr. Allaaddin Mollabashy and Dr. Nathan F. Gilbert may have had their information exposed by the September 1 office theft of two computers.  Patient names and medical information were on the password-protected laptops.

 
Information Source:
HHS via PHIPrivacy.net
records from this breach used in our total: 0

November 28, 2013 Amos Medical Services
Laurel, Maryland
MED PHYS

400 (No Social Security numbers or financial information reported)

Amos Medical Services was charged with improper disposal of records after leaving patient records in a dumpster.  The records were left behind when the office of Amos Medical Services moved within Laurel, Maryland.  Amos Medical Services and their associated doctor agreed to pay $20,000.

 
Information Source:
PHIPrivacy.net
records from this breach used in our total: 0

November 28, 2013 CVS Pharmacy, Inc., Maryland CVS Pharmacy, LLC
Gaithersburg, Maryland
MED PHYS

Unknown

The Maryland Attorney General charged CVS Pharmacy, Inc. and Maryland CVS Pharmacy, LLC with failing to protect sensitive financial and medical information.  CVS disposed of patient records in publicly accessible places. CVS agreed to pay $250,000 in a settlement with the Maryland Attorney General.

 
Information Source:
PHIPrivacy.net
records from this breach used in our total: 0

November 18, 2013 Eastside Medical Center
Snellville, Georgia
MED PHYS

Unknown

Eastside Medical Center left patient information in a publicly accessible area.  A vendor was responsible for shredding the patient information and took it from Eastside Medical Center; it is unclear what happened to the information after that. Patient names, addresses, phone numbers, medications, and types of surgeries were exposed.

 
Information Source:
PHIPrivacy.net
records from this breach used in our total: 0

November 18, 2013 AnMed Health, Health Port
Anderson, South Carolina
MED INSD

Unknown

An employee of AnMed's contractor Health Port accessed patient information without cause and posted it publicly.  Names, Social Security numbers, medical history, religious preference, and other personal information was accessed.  The employee was disciplined.  A lawsuit was filed in relation to the breach that named a dozen plaintiffs.

 
Information Source:
PHIPrivacy.net
records from this breach used in our total: 0

October 1, 2013 Atlanta Center for Reproductive Medicine
Atlanta, Georgia
MED DISC

654 (No Social Security numbers or financial information reported)

Atlanta Center for Reproductive Medicine became aware of a breach on July 12.  The breach involved email and it is not clear exactly how patient information was exposed or what type of information was involved.

 
Information Source:
HHS via PHIPrivacy.net
records from this breach used in our total: 0

October 1, 2013 Accountable Care Organization of Puerto Rico, Inc. (ACO of Puerto Rico), PHM Healthcare Solutions
San Juan, Puerto Rico
MED UNKN

5,000 (No Social Security numbers or financial information reported)

A breach that involved either unauthorized access to ACO of Puerto Rico's network or an unintentional disclosure of patient information online occurred between March 5 and July 16 of 2013. 

 
Information Source:
HHS via PHIPrivacy.net
records from this breach used in our total: 0

September 23, 2013 Summit Community Care Clinic
Frisco, Colorado
MED DISC

921 (No Social Security numbers or financial information reported)

An administrative error led to the exposure of patient email addresses.  Email addresses were placed in the visible "TO:" field instead of the blind "BCC:" field.  The email was an invitation to a monthly patient advisory meeting and was sent on July 22.

 
Information Source:
HHS via PHIPrivacy.net
records from this breach used in our total: 0

September 19, 2013 Edgewater Hospital
Chicago, Illinois
MED PHYS

Unknown

A curious resident entered an abandoned building that used to be Edgewater Hospital and found a room filled with thousands of patient records.  A local news team investigated and found that photos had been taken of the situation four years earlier in 2009 by the Illinois State Health Department.  The records included patient names, Social Security numbers, dates of birth, and addresses.  Edgewater Hospital had been abandoned for more than a decade.

 
Information Source:
PHIPrivacy.net
records from this breach used in our total: 0

July 29, 2013 Jacksonville Spine Center
Jacksonville, Florida
MED PHYS

5,200 (No Social Security numbers or financial information reported)

Paper patient records were lost, stolen, or exposed during an April 25 breach.

 
Information Source:
HHS via PHIPrivacy.net
records from this breach used in our total: 0

July 29, 2013 Samaritan Regional Health System
Ashland, Ohio
MED PHYS

2,203 (No Social Security numbers or financial information reported)

An exposure of patient paper records was discovered on May 29th.

 
Information Source:
HHS via PHIPrivacy.net
records from this breach used in our total: 0

July 29, 2013 South Florida Neurology Associates, P.A.
Boca Raton, Florida
MED PORT

900 (No Social Security numbers or financial information reported)

The theft of a laptop resulted in the exposure of patient information.  The laptop was stolen sometime between May 25 and May 30.

 
Information Source:
HHS via PHIPrivacy.net
records from this breach used in our total: 0

July 29, 2013 Sheet Metal Local 36 Welfare Fund, People Resource Corporation
St. Louis, Missouri
MED UNKN

4,560 (No Social Security numbers or financial information reported)

A data breach occured between August 1, 2012 and July 8, 2013.

 
Information Source:
HHS via PHIPrivacy.net
records from this breach used in our total: 0

July 29, 2013 MED-EL Corporation
Durham, North Carolina
MED DISC

609 (No Social Security numbers or financial information reported)

An email error that occrred on June 25 resulted in the exposure of health information.

 
Information Source:
HHS via PHIPrivacy.net
records from this breach used in our total: 0

July 29, 2013 Northrop Grumman Retiree Health Plan, CVS Caremark
Fall Church, Virginia
MED PHYS

4,305 (No Social Security numbers or financial information reported)

A breach involving paper records from CVS Caremark affected 4,305 Northrop Grumman Retiree Health Plan enrollees.

 
Information Source:
HHS via PHIPrivacy.net
records from this breach used in our total: 0

July 4, 2013 Behavioral Health Network
Springfield, Massachusetts
MED PHYS

Unknown

A concerned citizen found medical records in a publicly accessible dumpster.  Behavioral Health Network has a shredding vendor and did not have an explanation for the breach.  Behavioral Health Network picked up the remaining files.

 
Information Source:
PHIPrivacy.net
records from this breach used in our total: 0

July 2, 2013 Advantage Health Solutions
Indianapolis, Indiana
MED DISC

Unknown

A patient discovered that he could see the information of other users by logging into his Advantage Health Solutions account.  Any patients who put in a name or date of birth other than their own were able to see the records of people with those names or dates of birth.  Names, phone numbers, addresses, primary care physicians, medical bills, types of medications, and other medical information were exposed.

 
Information Source:
PHIPrivacy.net
records from this breach used in our total: 0

July 1, 2013 Union Security Insurance Company
Kansas City, Missouri
MED UNKN

1,127 (No Social Security numbers or financial information reported)

A breach that occurred on May 17 may have exposed protected health information.  It involved email and/or the improper disposal of records.

 
Information Source:
HHS via PHIPrivacy.net
records from this breach used in our total: 0

June 9, 2013 Laboratory Corporation of America (LabCorp)
Burlington, North Carolina
MED STAT

Unknown

The theft of a computer that was scheduled to be destroyed may have exposed patient names, birthdates, and Medicare subscriber numbers.

 
Information Source:
PHIPrivacy.net
records from this breach used in our total: 0

June 9, 2013 Office of Kara Falck, Other World Computing
Takoma Park, Maryland
MED PORT

Unknown

A hard drive from the therapy service was purchased and then returned to Other World Computing.  A doctor in Germany later contacted the therapy service and confirmed that he had received the hard drive.  Client information, progress notes, and billing notes could be found on the hard drive though the doctor had believed he was purchasing a new or refurbished hard drive.  Other World Computing or the hard drive's manufacturer failed to clear the hard drive before it was resold.  The hard drive was resold to its original owner in order to safeguard the therapeutic client information.

 
Information Source:
PHIPrivacy.net
records from this breach used in our total: 0

May 21, 2013 Sovereign Medical Group, LLC
Ridgewood, New Jersey
MED HACK

27,800 (No Social Security numbers or financial information reported)

An October 10, 2012 breach resulted in the exposure of information.  The incident or incidents involved one or more network servers, theft, and/or hacking.

 
Information Source:
HHS via PHIPrivacy.net
records from this breach used in our total: 0

May 21, 2013 Hawaii State Department of Health - Adult Mental Health Division
Honolulu, Hawaii
MED HACK

674 (No Social Security numbers or financial information reported)

An employee noticed unusual activity on a computer and a hacking incident was discovered on September 25, 2012.  Information stored on a computer file may have been accessed and dated back to 1997.  Names, dates of birth, addresses, phone numbers, consumer record numbers, and a limited number of Social Security numbers were exposed.

 
Information Source:
PHIPrivacy.net
records from this breach used in our total: 0

January 1, 2014 Snapchat
Venice, California
BSO HACK

Unknown

The hacker or group known as "Lightcontact" is claiming to have hacked Snapchat.com. Reportedly, the group published a database containing Snapchat user names and phone numbers and posted it to several public forums such as Reddit.com.

UPDATE: Snapchat has announced a security update to their mobile image sharing services to include an opt out option to the Find Friends system. This update is said to prevent others from looking up their account information through address books. This update will allow a person to no longer appear if this type of search is initiated. According to security vendor AdaptivMobile, the compromised accounts are concentrated mostly in California and New York, with the two states accounting for nearly 2.3 million accounts. Other regions affected include Illinois, Colorado and Florida(1/4/2014)

 
Information Source:
Media
records from this breach used in our total: 0

January 1, 2014 Skype breach
Redmond, Washington
BSO HACK

Unknown

On January 1st, the Syrian Electronic Army is reportedly taking credit for hacking into user accounts on Skype. The amount of users affected is unknown. Reportedly, the hackers infiltrated a users account and monitors the activity and sells the data.

 
Information Source:
Media
records from this breach used in our total: 0

December 20, 2013 StakerLaw Tax and Estate Planning Law
Camarillo, California
BSF PHYS

Client files which included social security numbers and other asset information.

On Friday December 20, 2013 the owner of the firm had his home burglarized in which the firms back-up hard drive was stolen which contained the firms customer files containing sensitive personal information.

 
Information Source:
California Attorney General
records from this breach used in our total: 0

December 30, 2013 T-Mobile Supplier
Unknown,
BSO HACK

Unknown

A  supplier  for T-Mobile reported a breach of files stored on their servers. This breach included the breach of names, addresses, Social Seurity numbers and/or Driver's License numbers. This access was discovered in late November 2013.  They believe that the primary goal of the hackers was to obtain credit card data, but credit card information was not included in these files.

 

 
Information Source:
California Attorney General
records from this breach used in our total: 0

December 30, 2013 Wichcraft Operating LLC
New York, New York
BSO HACK

Unknown

An unauthorized third party accessed their systems compromising payment card information of certain customers in possibly two of their locations, New York and San Francisco. The breached occured from approximately August 11, 2013 to October 2, 2013.

Based on their investigation, the information accessed by the unauthorized party may have included names, payment card numbers, security codes and expiration dates. They are claiming that not all of these data elements were accessed for each customer.

 
Information Source:
California Attorney General
records from this breach used in our total: 0

December 29, 2013 American Express Company
New York, New York
BSF UNKN

Unknown

American Express announced, as part of an investigation by law enforcement and/or American Express, the company discovered a data breach that involved customer information. The data recovered included American Express cardholder acount numbers, names and other card information such as the expiration date. They have stated that Social Security numbers were not impacted and their systems did not detect any unauthorized activity on card holders accounts as related to this incident.

UPDATE: (1/16/2014): American Express has sent out a new letter addressed to customers affected by the data breach. This new communication entailed information that one of the merchants that they purchased goods with was affected by the breach. The information breached did not change, in that card holder account numbers, names and other card information such as expiration date were compromised. No Social Security numbers were impacted.

 

 
Information Source:
California Attorney General
records from this breach used in our total: 0

December 27, 2013 Briar Group
Brighton, Massachusetts
BSO HACK

Unknown

Briar Group confirms it was the source behind a Seaport data breach. After an investigation by the Briar Group, who runs eight restaurants and bars in the city, confirmed that their systems were compromised causing the data breach that affected hundreds of individuals who visited the Seaport area of Boston sometime in November.

Currently, a number has not been released as the investigation regarding the breach is ongoing. The breach included unauthorized access to card data at their restaurants sometime between October and November 2013.

 
Information Source:
Media
records from this breach used in our total: 0

Breach Total
868,045,823 RECORDS BREACHED
(Please see explanation about this total.)
from 4,353 DATA BREACHES made public since 2005
Showing 4151-4200 of 4353 results


X

Sign In!

Loading