Chronology of Data Breaches
Security Breaches 2005 - Present

Posted Date: April 20, 2005
Updated Date: December 31, 2013

Is this your first visit to our Chronology of Data Breaches?

  • Read our FAQ about what we define as a breached record, how we calculate the "total" records breached, our data sources, state breach notice laws, studies and other resources

  • Learn how to use our Chronology and take advantage of its sophisticated search and sort features

  • Get our RSS Feed to see when we add new breaches to the list

What would you like to do?


Click or unclick the boxes then select go.


Select features, then click GO.



Help Guide

Can't find the sort feature you're looking for? Click here to download a CSV file of the data breach list as it exisits today.
Breach Total
930,526,448 RECORDS BREACHED
(Please see explanation about this total.)
from 4,427 DATA BREACHES made public since 2005

Save or Print PDF of Entire Breach List including introduction.Save or Print a PDF of Entire Breach List (including introductory FAQ)

Filter breach list before saving or printing PDF. Conduct a search of the Chronology using its sorting features, and Save or Print a PDF of your search results (Select filters)

If you do not have access to PDF, you can print the Chronology in landscape view.

Date Made Public Name Entity Type
October 27, 2010 Houston Independent School District (HISD)
Houston, Texas
EDU HACK

232,000 (30,000 employees)

The HISD may have experienced a hacking incident over the weekend of October 24.  Employees and students were unable to access the Internet, online classes and email until late Tuesday afternoon.  Payroll information of workers and academic information of students may have been compromised along with other personal information.

UPDATE (12/2/10): HISD announced an overhaul of the computer system following the breach. Private employee, vendor and student data dating back 10 years could have been accessed by the hacker. Investigators have determined that the private data of one HISD student was viewed by the hacker.  The investigation is ongoing.

 
Information Source:
Databreaches.net
records from this breach used in our total: 30,000

September 22, 2005 Internal Revenue Service (IRS)
San Francisco, California
GOV PHYS

30,000

Taxpayers in Alaska, Arizona, California, Hawaii, Idaho, Montana, Nevada, Ohio, Oregon, Utah, Virginia, Washington and Wyoming may have been affected.

A truck carrying checks with tax information for the self-employed was involved in an accident on the San Mateo Bridge. Wind blew about 30,000 pieces of mail into the bay and beyond. The IRS agreed to waive penalties and interest for anyone whose payment was affected.

 
Information Source:
Dataloss DB
records from this breach used in our total: 30,000

October 29, 2006 New York University
New York, New York
EDU PORT

30,000

Backup CDs from the Continuing Medical Education program at NYU Medical Center were lost or stolen.  Names, Social Security numbers, addresses, telephone and fax numbers, student ID numbers, debit or credit card information and degree information for students participating in the program between 1999 and the discovery of the loss may have been exposed.

 
Information Source:
Dataloss DB
records from this breach used in our total: 30,000

March 19, 2012 Kaiser Foundation Health Plan
Oakland, California
MED DISC

30,000

Someone purchased a hard drive in September of 2011 and immediately notified law enforcement that it contained confidential information.  The external hard drive did not come from a Kaiser Permanente office.  It contained employee data that was as recent as 2009.  Current and former employees may have had their names, Social Security numbers, dates of birth, and addresses exposed. There is no evidence that the information from the hard drive was used for illegal purposes as of March of 2012.

UPDATE (3/22/2012): The external hard drive was purchased at a thrift store.  Phone numbers, pay stubs, COBRA Error, Trust Fund Paid Hours, or Fidelity Savings Plan Deduction reports may have also been on the hard drive.

UPDATE (4/16/2012): At least one source lists the total number of affected current and former employees as 30,000.

UPDATE (2/4/2014): Attorney General Kamala Harris has agreed to drop a data breach lawsuit against the Oakland based managed care provider, Kaiser, if they agreed to a $150,000 fine paid to the state and improved their information handling practices.

Originally the suite contended that the health care provider violated the three-month notification law. Kaiser learned of the violation in December 2011 but did not send letters to 20,539 affected Californians until mid-March 2012. The law requires data-holders disclose any breach "in the most expedient time possible and without unreasonable delay".

 

 
Information Source:
California Attorney General
records from this breach used in our total: 30,000

March 16, 2012 University of Tampa
Tampa, Florida
EDU DISC

30,000

A server management error caused files containing sensitive information to be made publicly accessible between July of 2011 and the breach's discovery on March 13, 2012.  A classroom exercise revealed that the information was compromised and the University of Tampa's IT office was immediately informed of the discovery.  The University of Tampa then notified Google and asked that the cached file be removed from the search engine.

One file included 6,818 records of students who attended in Fall of 2011.  Two other files contained the information of an additional 29,540 people and included University ID numbers, names, Social Security numbers, and photos.  Some people also had their dates of birth exposed.The IT office at the University of Tampa concluded that the files had only been accessed by the people who reported the breach.

UPDATE (3/22/2012): Additionally, 22,722 current and former faculty, staff, and students who were associated with the University between January 29, 2000 and July 11, 2011 may have had their information exposed. The IT office confirmed that these files had only been accessed by University insiders as well. The University will not cover the cost of credit monitoring services for those who were affected.

 
Information Source:
Databreaches.net
records from this breach used in our total: 30,000

February 6, 2014 The Home Depot
Atlanta, Georgia
BSR INSD

30000

Three Home Depot employees were arrested for allegedly stealing personal information of some 300 employees, and were initially detected last fall and those employees whose files were notified of the breach. One of the three employees was caught using her Home Depot email to send the stolen information.

Security investigators fear that this breach may have affected as manay as 20,000 individuals. Information stolen included Social Security numbers and birthdates. Allegedly the employees opened numerous fraudlent accounts with the stolen personal information.

UPDATE (5/30/2014): Originally it was reported that up to 20,000 individuals may have been affected by this security breach. The number has now been increased to 30,000 individuals may have been affected. The first report that came out reported three Home Depot employees were involved, but according to the disclosure document sent on behalf of The Home Depot Corporation, one individual was arrested and The Home Depot will seek prosecution of the individual to the fullest extent of the law.

 
Information Source:
Media
records from this breach used in our total: 30,000

January 24, 2008 Fallon Community Health Plan
Worcester, Massachusetts
MED PORT

29800

A vendor computer containing personal information on patients of Fallon Community Health Plan has been stolen. The data included names, dates of birth, some diagnostic information and medical ID numbers. Some of which may be based on Social Security numbers.

 
Information Source:
Dataloss DB
records from this breach used in our total: 29,800

April 22, 2014 Iowa State University
Ames, Iowa
EDU HACK

29,780

Iowa State University has reported a data breach of one of their systems that exposed a large amount of data of individuals who were enrolled in the university over the past 17-year period.

Social Security numbers of approximately 30,000 people who enrolled in certain classes between 1995 and 2012 along with university ID numbers for nearly 19,000 additional people. Authorities believe that the person or persons motivation was apparently to generate enough computing power to create the virtual currency bitcoin.

The university is offering AllClear ID for 12 months free for those whose Social Security numbers were affected. AllClear representatives can be reached at 1-877-403-02811-877-403-0281.

Here is the link to the universities information regarding the breach http://www.news.iastate.edu/news/2014/04/22/serverbreach

For those who suspect fraud or question whether a request you receive is legitimate, please contact the ISU Foundation at 515-294-4607515-294-4607, the ISU Alumni Association at 515-294-6525515-294-6525, or Iowa State’s computer security team at serverbreach@iastate.edu.

 
Information Source:
Media
records from this breach used in our total: 29,780

February 6, 2009 Kaiser Permanente
Oakland, California
MED INSD

29,500

(877) 281-3573

A law enforcement agency seized a computer file with Kaiser data from a person who was subsequently arrested. The suspect was not a Kaiser employee. Kaiser Permanente is notifying nearly 30,000 Northern California employees that the security breach may have led to the release of their personal information. The stolen information included names, addresses, dates of birth and Social Security numbers for Kaiser employees.

UPDATE (9/28/2011): A former benefits clerk from Service Employees International Union-affiliated United Healthcare Workers West (SEIU-UHW) was sentenced to 12 years and four months in prison for stealing Kaiser union employee information.

 
Information Source:
Databreaches.net
records from this breach used in our total: 29,500

June 5, 2007 vFinance Investments Inc.
Boca Raton, Florida
BSF HACK

29,000

A database that contained customer information was accessed through the www.vfinance.com website by an unauthorized person. The goal of the attack seems to have been to deface the website.  

 
Information Source:
Dataloss DB
records from this breach used in our total: 29,000

December 28, 2012 Gibson General Hospital
Princeton, Indiana
MED PORT

29,000

The November 27 theft of a laptop may have resulted in the exposure of patient information.  Names, Social Security numbers, addresses, and clinical information may have been exposed.  Patients who have received services since 2007 may have been affected.

 
Information Source:
PHIPrivacy.net
records from this breach used in our total: 29,000

October 10, 2013 City of Wichita - Electronic Procurement Website
Wichita, Kansas
GOV HACK

29,000

Hackers accessed the city of Wichita's electronic procurement website.  Current and former vendors who had worked with the city and employees who had been reimbursed for expenses  since 1997 were affected.  Social Security numbers, taxpayer ID numbers, and bank account information may have been exposed.

UPDATE (11/22/2013): This breach was a result of the Dun & Bradstreet Credibility Corp. breach.  Nearly 29,000 local vendors and employers were affected by the hacking incident that occurred during the weekend of October 5.

 
Information Source:
Media
records from this breach used in our total: 29,000

August 22, 2006 Beaumont Hospital
Troy, Michigan
MED PORT

28,473

A vehicle of a home health care nurse was stolen from outside a senior center Aug. 5. Although it was recovered nearby, a laptop left in the rear of the car was not recovered. It contained names, addresses, SSNs, and insurance information of home health care patients.

UPDATE (8/23/06). The laptop was returned Aug. 23 by a woman who said she found it in her yard.

 
Information Source:
Dataloss DB
records from this breach used in our total: 28,473

April 1, 2008 Okemo Mountain Resort
Ludlow, Vermont
BSO HACK

28,168

(866) 756-5366

The Ludlow ski area announced that its computer network was breached by an intruder who gained access to credit card data including cardholder names, account numbers and expiration dates.

 
Information Source:
Dataloss DB
records from this breach used in our total: 28,168

June 23, 2006 U.S. Navy
Washington, District Of Columbia
GOV UNKN

28,000

Navy personnel were notified on June 22 that a civilian website contained files with personal information of Navy members and dependents including names, birth dates and Social Security numbers.

 
Information Source:
Dataloss DB
records from this breach used in our total: 28,000

November 7, 2007 Carolinas Medical Center, NorthEast
Concord, North Carolina
MED PORT

28,000

A paramedic left a computer on the back bumper of an ambulance and then drove away. The laptop contains names, addresses, phone numbers and Social Security numbers of approximately 28,000 people who have been cared for by the Cabarrus County EMS over the last four years.

 
Information Source:
Dataloss DB
records from this breach used in our total: 28,000

March 18, 2009 Walgreens Health Initiative
Deerfield, Illinois
MED DISC

28,000

(866) 292-9063

Names, dates of birth and Social Security numbers of roughly 28,000 state retirees were e-mailed to the Kentucky Retirement Systems without being properly encrypted for security purposes by its pharmacy benefit provider. The e-mail contained dates of birth, Social Security numbers and health insurance claim numbers but not personal health information. The file contained information only on members who were both Medicare-eligible and used the retiree pharmacy benefit through Walgreens in 2007.

 
Information Source:
Dataloss DB
records from this breach used in our total: 28,000

May 18, 2009 NJ Department of Labor and Workforce Development
Trenton, New Jersey
GOV DISC

28,000

Unemployed New Jersey residents may have had their name and Social Security number accidentally delivered to an employer for which you did not work. The error occurred when department staff last month sent first-quarter reports to businesses that included a list of former employees receiving unemployment benefits. Because some companies had laid off a significant number of employees, the reports were longer than usual, requiring staff members to stuff the envelopes by hand rather by machine. Some reports were placed in the wrong envelopes.

 
Information Source:
Dataloss DB
records from this breach used in our total: 28,000

May 30, 2012 American Pharmacist Association (APhA), Pharmacist.com
Washington, District Of Columbia
NGO HACK

28,000

Hackers associated with the group Anonymous posted donations, emails, personal account information, server information, and other information from APhA's online database.  The hackers also claim to have accessed the records of 16,000 patients by hacking the website, but did not post that information. Anonymous claims that the organization was targeted due to its connection to government officials.

UPDATE (6/09/2012): Some names and addresses were also posted.  The data posted included information on over 28,000 visitors, donors, and members.

UPDATE (07/18/2012): The website was defaced on May 28.  APhA immediately noticed and shut down the website and related computer servers.  However, names, addresses, and credit card information (excluding security codes) stored on computer servers may have been accessed between April 23 and May 28.

 
Information Source:
Dataloss DB
records from this breach used in our total: 28,000

July 13, 2012 American Express Travel Related Services Company, Inc. (AXP)
Los Angeles, California
BSF CARD

27,257

A man was arrested in his Los Angeles home for allegedly purchasing and using stolen payment card numbers.  The credit and debit card numbers from American Express, Visa, MasterCard, and Discover were in the man's possession between January 11, 2012 and February 26, 2012.  The payment card numbers came from hacking the computer systems of a restaurant and a restaurant supply business in the Seattle area.  Two people who were associated with the hacking incidents had already been arrested. The man who purchased the payment card numbers is charged with conspiracy to access protected computers to further fraud, to commit access device fraud, and to commit bank fraud; eight counts of bank fraud; six counts of access device fraud; five counts of aggravated identity theft; and two counts of accessing a protected computer without authorization.

UPDATE (07/20/2012): Customer names and payment card expiration dates were also compromised.

 
Information Source:
Databreaches.net
records from this breach used in our total: 27,257

July 7, 2005 Michigan State University
East Lansing, Michigan
EDU HACK

27,000

Student information was compromised during an attack on the College of Education server.  The information included Social Security numbers, names, addresses, student courses, and personal identification numbers.  The breach occurred in April and students were emailed in July.

 
Information Source:
Dataloss DB
records from this breach used in our total: 27,000

February 16, 2006 Blue Cross and Blue Shield
Jacksonville, Florida
MED INSD

27,000

A contractor sent names and Social Security numbers of current and former employees, vendors and contractors to his home computer in violation of company policies.  A judge ordered the former computer consultant to reimburse the Jacksonville-based health insurer $580,000 for expenses related to his theft.

 
Information Source:
Dataloss DB
records from this breach used in our total: 27,000

June 29, 2006 AllState Insurance Huntsville branch
Huntsville, Alabama
BSF STAT

27,000

Over Memorial Day weekend, a computer containing personal data including images of insurance policies, correspondence and Social Security numbers was stolen.

 
Information Source:
Dataloss DB
records from this breach used in our total: 27,000

July 17, 2007 Kingston Technology Co.
Fountain Valley, California
BSO HACK

27,000

A security breach may have compromised the names, addresses and credit card details of online customers. Kingston Technology is a computer memory vendor. The breach may have gone undetected for nearly 2 years.

 
Information Source:
Dataloss DB
records from this breach used in our total: 27,000

August 3, 2009 National Finance Center
Washington, District Of Columbia
GOV DISC

27,000

An employee with the National Finance Center mistakenly sent an Excel spreadsheet containing the employees' personal information to a co-worker via e-mail in an unencrypted form. The names and Social Security numbers of at least 27,000 Commerce Department employees were exposed.

 
Information Source:
Media
records from this breach used in our total: 27,000

February 4, 2010 Ceridian Corporation
Bloomington, Minnesota
BSF HACK

27,000

A hacker attack at payroll processing firm Ceridian Corp. of Bloomington has potentially revealed the names, Social Security numbers, and, in some cases, the birth dates and bank accounts of 27,000 employees working at 1,900 companies nationwide. In a Jan. 29 letter to an affected worker obtained by the Star Tribune, Ceridian said a hacker attacked its Internet payroll system Dec. 22 and 23.

UPDATE (6/1/2011): The Federal Trade Commission reached a settlement agreement with Ceridian.  According to the FTC, Ceridian did not adequately protect its network from reasonably foreseeable attacks and failed to encrypt the sensitive personal information that was stored on its network.  The settlement requires the company to establish a comprehensive information security program and to undergo 20 years of independent security audits.  Ceridian provides payroll and HR services.

 
Information Source:
Dataloss DB
records from this breach used in our total: 27,000

April 18, 2014 University Pittsburgh Medical Center
Pittsburgh, Pennsylvania
MED HACK

27000

The University Pittsburgh Medical Center (UPMC) informed employees of a data breach that compromised employee's personal data, including their Social Security number and  the potential for fraudulent tax returns being filed in their name.

The number of employees affected was approximately 800. The full extent of the information exposed has not been communicated, however, due to the tax fraud, information such as names, addresses and Social Security numbers were assumed to be involved.

UPMC was aware of the breach in February and thought that the breach included only 27 individuals, but soon became aware that the breach was much larger. An investigation is currently being conducted.

UPDATE (4/21/2014): The extent of the data breach at UPMC thought to be around 800 employees, is much more extensive than originally believed. The current numbers are around 27,000 employees affected. UPMC is offering Lifelock for 12 months for those affected. A letter went out to those individuals with the information. For additional questions, UPMC has provided a toll free hotline (1-855-306-8274) or email JohnHouston@upmc.edu. A class action lawsuit has been filed against UPMC.

UPDATE (5/14/2014): On Friday May 9, 2014 the law firm of Kraemer, Manes & Associates sued University Pittsburgh Medical Center (UPMC) and Ultimate Software Group of Weston, Fla., over the loss of employee data and subsequent identity thefts. They are seeking class-action status in U.S. District Court, and would represent current and former UPMC employees who have been affected by the breach.

 
Information Source:
Media
records from this breach used in our total: 27,000

July 21, 2010 Lincoln National Life Insurance
Radnor, Pennsylvania
BSF DISC

26,840

A vendor printed a user name and password for agents and authorized brokers in a brochure.  The brochure was also posted on an agent's public website.  The login information enable access to a website containing medical records and other personal information from individuals seeking life insurance.  Applicant name, Social Security number, address, policy number, driver's license number and credit information is also on the website. 

 
Information Source:
Databreaches.net
records from this breach used in our total: 26,840

June 22, 2006 U.S. Department of Agriculture (USDA)
Washington, District Of Columbia
GOV HACK

26,000

http://www.firstgov.gov/usdainfo.shtml

During the first week in June, a hacker broke into the Department's computer system and may have obtained names, Social Security numbers and photos of current and former employees and contractors.

 
Information Source:
Dataloss DB
records from this breach used in our total: 26,000

December 8, 2005 J-Sargeant Reynolds Community College
Richmond, Virginia
EDU DISC

26,000

The names, Social Security numbers and addresses of students taking non-credit classes from 2000 to 2003 were posted online for months.  The information was compiled for a mailing list, but an employee posted it on the College's server.  A student informed officials of the mistake after accessing the information online.  The College began the process of removing the information from the web.

 
Information Source:
Dataloss DB
records from this breach used in our total: 26,000

August 9, 2006 Hoffman-La Roche Inc, McCladrey and Pullen LLP
Washington, District Of Columbia
BSR PORT

26,000

A laptop computer belonging to an employee of McCladrey and Pullen LLP was stolen on July 18. McCladrey conducts audits of Roche Savings and Pay Deferral Plan. The laptop included names, Social Security numbers, affiliation with the plan, plan account balance and 2005 plan withdrawal amounts.

 
Information Source:
Dataloss DB
records from this breach used in our total: 26,000

June 25, 2012 Towards Employment
Cleveland, Ohio
NGO PORT

26,000

Those with questions may call 216-297-4470 or go to the Towards Employment website: towardsemployment.org

The May theft of a laptop that contained Towards Employment client data may have exposed personal information.  The laptop was password protected and contained the names, Social Security numbers, and addresses of clients. Towards Employment is altering its policy so that only the last four digits of clients' Social Security numbers are tracked and used.

 
Information Source:
Media
records from this breach used in our total: 26,000

August 12, 2011 Reznick Group, AssureCare Risk Management Inc, Colonial Healthcare Inc, Gypsum Management and Supply
Plymouth, Minnesota
BSF HACK

25,330

The location listed is that of Assurecare Risk Management Inc.  Though 25,330 Gypsum employees were affected, the total number of individuals affected across companies was not reported.

Reznick's former service provider AssureCare reported a breach of a server that contained Reznick information.  The information from employee benefits plans from 2001 to 2006 could have been accessed by outside parties.  Current and former employees and their spouses may have had their names, Social Security numbers, addresses, dates of birth and medical information exposed.  The server was accessed by external intruders on May 9 and May 10 of 2011.

UPDATE (10/13/2011): Employees enrolled in Gypsum's health and dental care plans were also affected.

 
Information Source:
PHIPrivacy.net
records from this breach used in our total: 25,330

September 8, 2006 Berks County Sheriff's Office via contractor Canon Technology Solutions
Reading, Pennsylvania
GOV DISC

25,000

A confidential list of some of the County's 25,000 gun permit holders was exposed on the Web by the contractor that is developing a Web-based computer records program for the Sheriff's Office. Personal information included names, addresses and SSNs.

UPDATE (10/6/06): The Berks County solicitor's office says the entire list of more than 25,000 gun permit holders was exposed.

 
Information Source:
Dataloss DB
records from this breach used in our total: 25,000

May 25, 2007 North Carolina Department of Transportation
Raleigh, North Carolina
GOV UNKN

25,000

https://apps.dot.state.nc.us/pio/releases/details.aspx?r=1179

A computer server used to back up employee identification badge records that included the names and Social Security numbers of NCDOT employees, contractors and other state employees was compromised.

 
Information Source:
Dataloss DB
records from this breach used in our total: 25,000

September 10, 2008 Franklin Savings and Loan
Cincinnati, Ohio
BSF HACK

25,000

(877) 579-2267, (513) 605-4378

An unauthorized person gained access to a database on a company web site containing personal information such as names, addresses, phone numbers, account numbers, account balances and Social Security numbers.

 
Information Source:
Dataloss DB
records from this breach used in our total: 25,000

October 17, 2008 The Planet
Houston, Texas
BSO UNKN

25,000

A security breach that may have affected the customer portal account and server passwords, was discovered. The Planet identified the methods by which the systems were compromised and have closed those holes. Only two user accounts were definitely affected, and no credit card information is believed to have been compromised.

 
Information Source:
Media
records from this breach used in our total: 25,000

November 9, 2008 City of Charlottesville
Charlottesville, North Carolina
GOV PORT

25,000

Two laptops containing voter registration information were stolen from a building at Tonsler Park in Charlottesville sometime after the polls closed. The information on the computers included names, addresses, date of birth and DMV customer number.

 
Information Source:
Media
records from this breach used in our total: 25,000

January 1, 2010 collective2.com
Tenafly, New Jersey
BSO HACK

25,000

Users of the do-it-yourself trading site collective2.com received an “urgent” e-mail notifying them that the company's computer database had been breached by a hacker and that all users should log in to change their passwords immediately. That e-mail stated that the information accessed by the hacker included names, e-mail addresses, passwords and credit card information.

 
Information Source:
Media
records from this breach used in our total: 25,000

August 7, 2010 Fort Worth Allergy and Asthma Associates
Fort Worth, Texas
MED STAT

25,000

The June 29th theft of four computers resulted in patient records being exposed. The patient records contained addresses, Social Security numbers and dates of birth.

 
Information Source:
PHIPrivacy.net
records from this breach used in our total: 25,000

September 19, 2010 Albrecht Discount (ALDI)
Chicago, Illinois
BSR CARD

25,000

Several ATMs inside or near grocery stores in the Chicago area were outfitted with skimming devices.  ALDI checked machines nationwide and removed a number of debit card terminals after discovering the problem.

UPDATE (10/1/10): A notice on the ALDI Inc. website reveals that customers in Hartford, Atlanta, Chicago, Indianapolis, Maryland, New Jersey, New York state, North Carolina, Pennsylvania, Charlotte (South Carolina), and Washington D.C. were affected by the breach.  The terminals were in stores between June 1 and August 31 of 2010.

UPDATE (12/2/10): Eight thousand Maryland residents and 17,000 New York residents were affected.

 
Information Source:
Databreaches.net
records from this breach used in our total: 25,000

September 15, 2011 United States Army
Alexandria, Virginia
GOV PORT

25,000

A CD with sensitive Non-Appropriated Fund retiree information was lost in the mail between Alexandria, Virginia and San Antonio, Texas.  The CD never officially arrived after being sent during the last week of August.  It contained retiree records with names, Social Security numbers, retirement date, type of retirement, amount of life insurance carried, term data, dates of service, and other retirement data.

 
Information Source:
Databreaches.net
records from this breach used in our total: 25,000

March 16, 2013 Salem State University
Salem, Massachusetts
EDU HACK

25,000

A server was found to be infected with a virus.  The University computer contained information related to paychecks distributed by the University.  Current and former employees who may have been students or staff may have been affected.

 
Information Source:
Media
records from this breach used in our total: 25,000

August 28, 2013 Infocrossing Inc, MO HealthNet, Missouri Department of Social Services
Jefferson City, Missouri
MED DISC

25,000

An error by Infocrossing, Inc. caused the personal information of a group of patients to be mailed to incorrect addresses.  The incident was discovered on June 6, 2013 and impacted correspondence sent between October 16, 2011 and June 7, 2013.  Names, dates of birth, MO HealthNet identification account numbers, county names, phone numbers, and the last four digits of Social Security numbers were exposed.

UPDATE (09/23/2013): The breach was originally thought to have affected fewer than 2,000 individuals and last between 2011 and 2013.  The Missouri Department of Social Services reported that the breach began when information was sent out in December of 2009. More than 25,000 Missouri residents were affected.

 
Information Source:
PHIPrivacy.net
records from this breach used in our total: 25,000

March 5, 2014 Sally Beauty Supply
Denton, Texas
BSR HACK

25,000

As reported by Krebs on Security, it appears that Sally Beauty Supply may be one of the latest victims of a string of credit card data breaches affecting their payment systems.

"On March 2, a fresh batch of 282,000 stolen credit and debit cards went on sale in a popular underground crime store.  Three different banks contacted by KrebsOnSecurity made targeted purchases from this store, buying back cards they had previously issued to customers".

The banks used a "common point of purchase" or "CPP" to determine where the cards were used over the same period of time. "Each bank independently reported that all of the cards (15 in total) had been used within the last ten days at Sally Beauty Supply locations across the United States".

The company had also detected some kind of intrusion into their network at or around the same time that the stolen card mapping or "CPP" dates that the banks found associated with Sally Beauty Supply. The company's initial investigation did not show any evidence that data was compromised at the store level. The company hired Verizon Enterprise Solutions for the initial and continued investigation.

UPDATE (3-17-2014): Sally Beauty has confirmed that the breach they suffered was due to hackers breaking into their network, stealing credit card data from stores. Originally the retailer would not confirm that they suffered a breach as they had no evidence that any credit card data was stolen. The company confirmed that "fewer than 25,000 records containing card present (track 2) payment card data have been illegally accessed on our systems and we believe have been removed." The company also states " As experience has shown in prior data security incidents at other companies, it is difficult to ascertain with certainty the scope of a data security breach/incident prior to the completion of a comprehensive forensic investigation. As a result, we will not speculate as to the scope or nature of the data security breach."

 
Information Source:
Media
records from this breach used in our total: 25,000

April 7, 2014 Deltek Inc.
Herndon, Virginia
GOV HACK

80,000

Software developer Deltek Inc. informed approximately 80,000 employees of a breach that occured in Deltek's GovWin IQ system.

The company confirmed that on March 13, 2014 they suffered a cyberattack where hackers obtained usernames, passwords and credit card information for individuals who use the GovWin IQ system. Of the 80,000 individuals affected, 25,000 of those may have had credit card information breached.

Those individuals who did have credit card information affected, the company is offering a membership to TransUnion Monitoring services for free.

It has also been reported that authorities have already made an arrest in this case.

Deltek has set up an email address for users to submit questions: protect@deltek.com.

 
Information Source:
Media
records from this breach used in our total: 25,000

August 22, 2014 US Investigations Services (USIS)
Falls Church, Virginia
GOV HACK

25,000

The US Investigations Services (USIS), a firm that performs background checks for U.S government employees had a breach in their data base. Cyber criminals were able to hack their system to gain personal information on employees with the Department of Homeland Security, U.S Immigration and Customs Enforcement and U.S Customs and Border Protection units.

The information breached included Social Security numbers, education and criminal history, birth dates, information on spouses, other relatives and friends including names and addresses.

Officials say the number may increase as the investigation continues.

More Information: http://www.reuters.com/article/2014/08/22/us-usa-security-contractor-cyb...

UPDATE (9/18/2014): "The Office of Personnel Management will not renew any of its contracts with USIS, the major Falls Church, Va., contractor that provides the bulk of background checks for federal security clearances and was the victim of a recent cyberattack, officials confirmed Tuesday evening".

USIS conducted over 21,000 background checks per month for the US government and has been under scrutiny since the data breach in August.

More Information: http://www.washingtonpost.com/business/economy/opm-to-end-usis-contracts...

 
Information Source:
Media
records from this breach used in our total: 25,000

March 22, 2011 Laredo Independent School District
Laredo, Texas
EDU PORT

24,903

A disk that contained the Social Security numbers of all students in the Laredo Independent School District was lost or stolen sometime prior to February of 2011.

UPDATE (4/7/2011): Between August 2010 and January 2011, CDs that were mailed to the Texas Education Agency (TEA) were lost.  The CDs were unencrypted and contained student Social Security numbers, dates of birth and ethnicity.  The CDs were sent to TEA so that identifying information could be removed and the information could be passed along to the University of Texas at Dallas Education Research Center.  According to a TEA spokesperson, Laredo ISD’s data set is missing from a set of other district information that was sent. Though the TEA claims that only Laredo student information was exposed, the information of 164,406 students from eight Texas school districts was sent. The information on the unencrypted disks goes back 20 years.  This information includes current and former students in the top 10% of their class who graduated between 1992-2010 from Crowley, Harlingen, Round Rock, Killeen, Richardson, Irving, Mansfield, and Grand Prairie school districts.

 
Information Source:
Databreaches.net
records from this breach used in our total: 24,903

April 30, 2010 Our Lady of Peace
Louisville, Kentucky
MED PHYS

24,600

A flash drive containing personal information on 24,600 patients is missing from Our Lady of Peace psychiatric hospital. The drive contained the following information on patients admitted since 2002: patient names, room numbers, insurance company names and admission and discharge dates. It didn’t include diagnoses or treatments, Social Security numbers, dates of birth, telephone numbers or addresses for these patients. The drive also included the following information on patients assessed since 2009 but never admitted: name, date of assessment, date of birth and the time they left the hospital. For these patients, the information on the drive didn’t include diagnoses or treatments, Social Security numbers, telephone numbers, addresses or insurance information.

 
Information Source:
Dataloss DB
records from this breach used in our total: 24,600

November 26, 2013 Anthem Blue Cross
, California
MED DISC

24,500

The breach affected doctors across California.

The Social Security numbers and tax identification numbers of around 24,500 California doctors were accidentally posted in Anthem's online provider directory.  The information was available online at the end of October for about 24 hours.

 
Information Source:
Media
records from this breach used in our total: 24,500

Breach Total
930,526,448 RECORDS BREACHED
(Please see explanation about this total.)
from 4,427 DATA BREACHES made public since 2005
Showing 451-500 of 4427 results


X

Sign In!

Loading