Chronology of Data Breaches
Security Breaches 2005 - Present

Posted Date: April 20, 2005
Updated Date: December 31, 2013

Is this your first visit to our Chronology of Data Breaches?

  • Read our FAQ about what we define as a breached record, how we calculate the "total" records breached, our data sources, state breach notice laws, studies and other resources

  • Learn how to use our Chronology and take advantage of its sophisticated search and sort features

  • Get our RSS Feed to see when we add new breaches to the list

What would you like to do?

Chronology of Data Breaches

Custom Sort
Select your desired results. Then click "Go!"

Click or unclick the boxes then select go.


Select features, then click GO.



Help Guide

Can't find the sort feature you're looking for? Click here to download a CSV file of the data breach list as it exisits today.
Breach Total
815,842,526 RECORDS BREACHED
(Please see explanation about this total.)
from 4,488 DATA BREACHES made public since 2005
Date Made Public Name Entity Type
August 8, 2013 M2ComSys, Cogent Healthcare, Inc.
Brentwood, Tennessee
MED DISC

32,000

Cogent Healthcare offices across the country, Cogent Medical Care, Endion Medical Healthcare (Endion SeniorCare), Parkview Community Hospital Medical Center, Inpatient Specialists of Southwest Florida, and Comprehensive Hospital Physicians of Florida were affected.

M2ComSys (M2), a medical transcription company, stored physicians' notes for Cogent Healthcare.   It was discovered that the online system that stored the notes could be accessed.  Patient care notes with names, physician names, dates of birth, diagnosis descriptions. summary of treatment, medical history, medical record numbers, and other medical information were exposed.  The notes could have been accessed on May 5, 2013 and improper access to the site ended on June 24, 2013.  M2 no longer provides services for Cogent Healthcare.

UPDATE (9/17/2013): At least 32,000 patients were affected across all medical centers.  

 
Information Source:
California Attorney General
records from this breach used in our total: 32,000

July 30, 2010 FIrst Advantage Tax Consulting Services (TCS)
Indianapolis, Indiana
BSF PORT

32,842

A laptop that contained personal information was lost or stolen during an airport layover.  The Social Security numbers of people who were employed by companies that used TCS for tax help were on the laptop. The laptop did have a password and after it was lost its access to TCS's network was blocked.

 
Information Source:
Databreaches.net
records from this breach used in our total: 32,842

July 30, 2005 San Diego County Employees Retirement Association
San Diego, California
GOV HACK

33,000

Two computers that contained personal information for current and retired San Diego County employees were hacked.  The information included names, addresses, Social Security numbers, and dates of birth.  The San Diego Retirement Association mailed warnings to members.

 
Information Source:
Dataloss DB
records from this breach used in our total: 33,000

August 7, 2007 Merrill Lynch
Hopewell, New Jersey
BSF UNKN

33,000

A computer device apparently was stolen containing sensitive personal information, including Social Security numbers, about some 33,000 employees.

 
Information Source:
Dataloss DB
records from this breach used in our total: 33,000

August 5, 2008 The Clear Program Fast-pass Registered Travel program for airline passengers, operated by Verified Identity Pass for the U.S. Transportation Security Admin.
New York, New York
BSO PORT

33,000

A laptop containing personal information for about 33,000 people was reported stolen in a possible security breach for the Clear Program. The laptop was stolen at San Francisco International Airport. The stolen information included names, addresses, dates of birth, and driver's license numbers or passport numbers.

 
Information Source:
Media
records from this breach used in our total: 33,000

October 15, 2009 Halifax Health
Daytona Beach, Florida
MED PORT

33,000

A laptop computer from a Halifax Health employee's vehicle in Orange County was stolen -- which might have contained password protected patient information.

 
Information Source:
Dataloss DB
records from this breach used in our total: 33,000

August 22, 2014 Cedars-Sinai Medical Center, Los Angeles
Los Angeles, California
MED PORT

33,136

Cedars-Sinai Medical Center in Los Angeles California has reported a data breach of at least 500 patients at the facility when an employees laptop computer was stolen from their home during a burglary in June 2014. The laptop was password protected.

The records on the laptop included specific patient data such as lab testing, treatment and diagnosis, Social Security numbers and other personal information.

More Information: http://www.latimes.com/business/la-fi-cedars-breach-20140823-story.html

UPDATE (10/3/2014): The data breach that occurred when an employee laptop was stolen, contained many more files than what was originally reported by the hospital. When the breach was made public, Cedars-Sinai hospital reported that 500 patient files were on the stolen laptop. After an investigation, the laptop actually contaned personal information on  33,136 patients.

More Information: http://www.latimes.com/business/la-fi-cedars-data-breach-20141002-story....

 
Information Source:
Media
records from this breach used in our total: 33,136

August 22, 2005 U.S. Air Force
Washington, District Of Columbia
GOV HACK

33,300

A hacker used a legitimate user ID and password to access career information, birth dates, and Social Security numbers.  Those affected were notified several months after the breach was discovered.

 
Information Source:
Dataloss DB
records from this breach used in our total: 33,300

September 4, 2007 Pfizer
New York, New York
BSO INSD

34,000

(866) 274-3891

A security breach may have caused employees' names, Social Security numbers, addresses, dates of birth, phone numbers, bank account numbers, credit card information, signatures and other personal information to be publicly exposed. The breach occurred late last year when a Pfizer employee removed copies of confidential information from a Pfizer computer system without the company's knowledge or approval. Pfizer didn't become aware of the breach until July 10.

 
Information Source:
Dataloss DB
records from this breach used in our total: 34,000

December 21, 2006 Goal Financial, LLC
San Diego, California
BSF STAT

34,000

The location listed is the headquarters. It is not clear where the incident took place.

A portion of borrowers' names and Social Security numbers were on four hard drives that were accidentally sold before being wiped clean. Employees transferred more than 7,000 files with consumer information to third parties without authorization, and one employee sold the hard drives to the public surplus. The hard drives were retrieved after the mistake was realized on June 13. Affected individuals were notified in June. The student loan company agreed to settle FTC charges in December. The company violated the FTC's Privacy Rule by failing to take reasonable and appropriate measures to protect personal information.

 
Information Source:
Dataloss DB
records from this breach used in our total: 34,000

July 7, 2011 Morgan Stanley Smith Barney, New York State Department of Taxation and Finance
Albany, New York
BSF PORT

34,000

Two CD-ROMs were lost after being mailed from Morgan Stanley to the New York State Department of Taxation and Finance.  It is not clear if the CDs were never shipped, fell out of the packaging during shipping, or were lost after being received by the New York State Department of Taxation and Finance. The affected Morgan Stanely clients had their names, addresses, account and tax identification numbers, and income earned on Morgan Stanley investments in 2010 exposed.  Some clients also had their Social Security numbers exposed.  

 
Information Source:
Databreaches.net
records from this breach used in our total: 34,000

May 25, 2006 VyStar Credit Union
Jacksonville, Florida
BSF HACK

34,400

Hacker gained access to member accounts a and stole personal information including names, addresses, birth dates, mother's maiden names, Social Security numbers and/or email addresses. Less than 10% of VyStar's 344,000 members were affected.

 
Information Source:
Dataloss DB
records from this breach used in our total: 34,400

June 5, 2006 Kingsbrook Jewish Medical Center
Brooklyn, New York
MED PORT

34,863

A personal computer was stolen from the Hospital's outpatient billing office on December 26, 2005. It is likely that the computer contained spreadsheets with patient names and Social Security numbers embedded in insurance numbers. Those affected were notified May 26, 2006.

 
Information Source:
Dataloss DB
records from this breach used in our total: 34,863

March 5, 2010 Arkansas Army National Guard
Camp Robinson, Arkansas
GOV PORT

35,000

An external hard drive has gone missing. Approximately 35,000 current and former members of the Arkansas Army National Guard are affected by the loss. The drive included names, Social Security numbers and other personal information which potentially places the affected soldiers at risk for identity theft.

UPDATE (5/18/10): The external hard drive containing personal information on over 32,000 current and former Arkansas Guardsmen that was reported missing on February 22 has now been recovered and destroyed. The drive was reported missing by an Arkansas Soldier who used the device as a personal backup of his work related information. This included a copy of the Guard's personnel database which contained personal information on all Soldiers who have served in the Arkansas Army National Guard since 1991.

 
Information Source:
Dataloss DB
records from this breach used in our total: 35,000

December 12, 2006 University of Texas, Dallas
Dallas, Texas
EDU HACK

35,000

Affected individuals can call (972) 883-4325, http://www.utdallas.edu/datacompromise/form.html

The University discovered that personal information of current and former students, faculty members, and staff may have been exposed by a computer network intrusion -- including names, SSNs, home addresses, phone numbers and e-mail addresses.

UPDATE (12/14/06): The number of people affected was first thought to be 5,000, but was increased to 6,000.

UPDATE (01/19/07): Officials now say 35,000 individuals may have been exposed.

 
Information Source:
Dataloss DB
records from this breach used in our total: 35,000

February 22, 2007 Speedmark
Woodlands, Texas
BSO STAT

35,000

Thieves stole several computers, one of which contained a database with personally identifying information including names, addresses, e-mail accounts, and Social Security numbers of Speedmark's mystery shopper employees and contractors.

 
Information Source:
Dataloss DB
records from this breach used in our total: 35,000

August 26, 2007 American Ex-Prisoners of War
, Texas
NGO UNKN

35,000

Personal records including addresses and Social Security numbers of more than 35,000 veterans and their families were stolen this month from the offices of a POW support organization in Texas. Digital and paper records included information on the group's entire membership, including addresses, dates of birth, Social Security numbers and VA claims data.

 
Information Source:
Dataloss DB
records from this breach used in our total: 35,000

October 14, 2010 Accomack County Virginia residents
Accomac, Virginia
GOV PORT

35,000

The theft occurred in Las Vegas, NV and affects residents of Accomack County. Citizens are advised to call one of the three credit bureaus at 888-397-3742, 888-766-0008 or 800-680-7289 for a credit report fraud alert.

A stolen laptop contained the names and Social Security numbers of Accomack County, Virginia residents. Full addresses of some residents were also exposed. The laptop was county property and was stolen from an employee's car during a vacation to Las Vegas. The incident happened on October 7; as of October 14, residents had not been notified.

 
Information Source:
Databreaches.net
records from this breach used in our total: 35,000

January 28, 2008 T. Rowe Price Retirement Plan Services, CBIZ Benefits and Insurance Services Inc.
Baltimore, Maryland
BSF STAT

35,000

Names and Social Security numbers of current and former participants in several hundred retirement plans were compromised when several computers were stolen. The machines were taken from the office of CBIZ Benefits and Insurance Services Inc.

 
Information Source:
Dataloss DB
records from this breach used in our total: 35,000

May 22, 2014 Lowes Corporation
Mooresville, North Carolina
BSR DISC

35,000

Lowes Corporation had to issue a data breach notice to current and former drivers for the company due to a security breach with one of the third party vendors they use.

Information breached included including names, addresses, birthdays, Social Security numbers, driver's license numbers, and other driving record information with a company called E-DriverFile, an online database provided by SafetyFirst, a driver safety firm headquartered in New Jersey.

The third party vendor unintentionally backed up the data to an unsecure server that was accessible via the Internet. The information may have been exposed from July 2014 through April 2014 before it was discovered.

Lowes is offering their current and former employees one year free of AllClearID. Those affected can call 1-877-322-8228

 
Information Source:
Media
records from this breach used in our total: 35,000

May 19, 2014 Safety First
Parsippany, New Jersey
BSO DISC

35,000

SafetyFirst has come forward to announce a data breach of their E-DriverFile service. The company is connected to the announcement that Lowe's current and former employees were involved in a data loss.

"A new filing with the California Attorney General’s Office obtained today indicates that a server containing a wealth of information about client vehicle operators was unprotected and accessible via the Internet for a period that exceeded six months. SafetyFirst reported that the breach dated back to September 27, 2013. It was not discovered until April 2, 2014 according to those records".

SafetyFirst unintentionally backed up data to an unsecured computer server that was accessible from the Internet.  The information breached included Social Security numbers, and driver license numbers.

 
Information Source:
Media
records from this breach used in our total: 35,000

June 16, 2014 Riverside Community College
Riverside, California
EDU DISC

35,212

Riverside Community College has suffered a data breach affecting 35,212 students. On May 30th, a district employee emailed a file containing information about all students who were enrolled in the spring term to a colleague working at home due to illness, for a research report that was on a deadline. The district employee used a personal email account to send the data because the file was too large for the district's secure email to send. The employee then typed in the incorrect email address.

The information contained in the file included names, addresses, birth dates, Social Security numbers, email addresses, student ID numbers, and telephone numbers.

The district has set up a Call Assistance Center at 1-888-266-9438 for affected students. The center will be open from 6 a.m to 6 p.m Monday through Friday for 90 days.

 
Information Source:
records from this breach used in our total: 35,212

August 2, 2005 University of Colorado
Denver, Colorado
EDU HACK

36,000

Hackers accessed files containing names, photographs, Social Security numbers, and University meal card information.  Around 7,000 staff members, 29,000 current students, and some former students were affected.

 
Information Source:
Dataloss DB
records from this breach used in our total: 36,000

July 7, 2006 University of Tennessee
Knoxville, Tennessee
EDU HACK

36,000

(866) 748-1680, http://security.tennessee.edu.  Additional locations: Chattanooga, Martin, Tullahoma and Memphis, TN

Hacker broke into a UT computer containing names, addresses and SSNs of about 36,000 past and current employees. The intruder used the computer from Aug. '05 to May '06 to store and transmit movies.

 
Information Source:
Dataloss DB
records from this breach used in our total: 36,000

October 23, 2008 Medical Mutual of Ohio
Columbus, Ohio
MED PORT

36,000

Eleven computer disks containing personal information on Ohio retirees and employees are missing, disks are most likely somewhere in the postal system. It seems insufficient postage was placed on the envelopes [containing the disks], therefore they are believed that they are likely to still be safe within the postal system.

 
Information Source:
Dataloss DB
records from this breach used in our total: 36,000

February 18, 2009 Rio Grande Food Project
Albuquerque, New Mexico
NGO PORT

36,000

A food pantry is warning its clients that tens of thousands of them are at risk for identity theft after a laptop computer containing their personal information was stolen. The computer contained sensitive personal data including addresses, birth dates and Social Security numbers.

 
Information Source:
Dataloss DB
records from this breach used in our total: 36,000

November 16, 2011 Bright Directions College Savings Program, Illinois State Treasurer's Office
Springfield, Illinois
GOV DISC

36,000

A mailing error led to the Social Security numbers of over 36,000 people to be visible from the outside of envelopes mailed in October.  Those who were enrolled in the Illinois Treasurer's Office Bright Directions college savings program were affected.

 
Information Source:
Databreaches.net
records from this breach used in our total: 36,000

December 29, 2012 US Army Fort Monmouth
Oceanport, New Jersey
GOV HACK

36,000

Those with questions may call (443) 861-6571.

Hackers were able to access database information from Command, Control, Communications, Intelligence, Surveillance and Reconnaissance as well as nongovernmental personnel and people who visited Fort Monmouth.  The breach was discovered and addressed on December 6.  names, Social Security numbers, dates of birth, places of birth, home addresses, and salaries were exposed.

 
Information Source:
Media
records from this breach used in our total: 36,000

April 29, 2005 Oklahoma State University
Stillwater, Oklahoma
EDU PORT

37,000

A laptop used for student job placement seminars was lost or stolen.  It contained the Social Security numbers of current and former students.

 
Information Source:
Dataloss DB
records from this breach used in our total: 37,000

April 12, 2010 Kern County Employee's Retirment Association
Bakersfield, California
GOV INSD

37,000

A former employee was convicted of using the Social Security number of a member to create a false identity. The county employee opened a line of credit and had committed felonies before being hired at KCERA in a position with access to retirees' personal information.

 
Information Source:
Databreaches.net
records from this breach used in our total: 37,000

February 14, 2008 Tenet Healthcare Corporation
Dallas, Texas
MED INSD

37,000

A ex-employee worked at a Frisco, Texas, billing center for less than two years, and is confirmed to have stolen the names, Social Security numbers and other personal information of about 90 patients. The employee also had access to 37,000 other accounts.

 
Information Source:
Dataloss DB
records from this breach used in our total: 37,000

February 13, 2009 University of Alabama
Tuscaloosa, Alabama
EDU HACK

37,000

Seventeen of 400 databases were tapped by hackers. Personal information may have been stolen. One of those computers contained lab results for people tested at the campus medical center. The servers had a database containing 37,000 records of lab data. They contain the names, addresses, birthdates and Social Security numbers of each person who has had lab work, such as a blood or urine test, done on the UA campus since 1994.

 
Information Source:
Dataloss DB
records from this breach used in our total: 37,000

February 13, 2006 Ernst & Young
New York, New York
BSO PORT

38,000

Additional locations: Throughout the US and UK

38,000 BP employee in U.S. In addition to Sun, Cisco and IBM employees.

A laptop containing the names, dates of birth, genders, family sizes, Social Security numbers and tax identifiers for current and previous IBM, Sun Microsystems, Cisco, Nokia and BP employees was stolen from a locked car. While Ernst and Young waited until pressured to inform a majority of those affected about the breach, at least one CEO from the affected companies was contacted immediately.

 
Information Source:
Security Breach Letter
records from this breach used in our total: 38,000

January 29, 2008 Georgetown University
Washington, District Of Columbia
EDU PORT

38,000

A hard drive containing the Social Security numbers of Georgetown students, alumni, faculty and staff was reported stolen from the office of Student Affairs.

 
Information Source:
Dataloss DB
records from this breach used in our total: 38,000

March 26, 2008 Broward School District
Coconut Creek, Florida
EDU HACK

38,000

An Atlantic Technical High School senior hacked into a district computer and collected Social Security numbers and addresses of district employees.

 
Information Source:
Dataloss DB
records from this breach used in our total: 38,000

September 2, 2009 Naval Hospital Pensacola
Pensacola, Florida
MED PORT

38,000

Naval Hospital Pensacola will be notifying thousands of beneficiaries who use its pharmacy services, following the disappearance of a laptop computer. The computer's database contains a registry of 38,000 pharmacy service customers' names, Social Security numbers and dates of birth on all patients that used the pharmacy in the last year. It does not contain any personal health information.

 
Information Source:
Dataloss DB
records from this breach used in our total: 38,000

April 26, 2006 Aetna, Omni Hotels and the Department of Defense NAF
Hartford, Connecticut
MED PORT

38,253

A laptop containing personal information including names, addresses and Social Security numbers of Department of Defense (35,253) and Omni Hotel employees (3,000) was stolen from an Aetna employee's car.  Members were notified and Aetna offered to pay for the credit monitoring services of those who were affected.

 
Information Source:
Dataloss DB
records from this breach used in our total: 38,253

September 1, 2006 City of Chicago via contractor Nationwide Retirement Solutions, Inc.
Chicago, Illinois
GOV PORT

38,443

(800) 638-1485, http://www.chicagofop.org/Updates/links/nrs.pdf

A laptop was stolen from the home of one of the contractor's employees in April 2005. It was reported to the city July 2006. Data included names, addresses, phone numbers, birth dates and SSNs for those in the city's deferred compensation plan.

 
Information Source:
Dataloss DB
records from this breach used in our total: 38,443

April 20, 2007 U.S. Agriculture Department
Washington, District Of Columbia
GOV DISC

38,700

http://www.usda.gov/wps/portal/!ut/p/_s.7_0_A/7_0_1OB?contentidonly=true&contentid=2007/04/0110.xml

The Social Security numbers of people who received loans or other financial assistance from two Agriculture Department programs were disclosed since 1996 in a publicly available database posted on the Internet. Originally, the US Department of Agriculture estimated that the personal information of as many as 150,000 people may be affected, then reduced the number 38,700.

 
Information Source:
Dataloss DB
records from this breach used in our total: 38,700

April 21, 2006 University of Alaska, Fairbanks
Fairbanks, Alaska
EDU HACK

38,941

A hacker had access to names, Social Security numbers, and partial e-mail addresses of current and former students, faculty, and staff.  The University reported that it would not contact those affected after a first and second notification.  Anyone claiming to be from the University after these notifications should be viewed with suspicion.

 
Information Source:
Dataloss DB
records from this breach used in our total: 38,941

August 10, 2005 University of North Texas
Denton, Texas
EDU HACK

39,000

A server containing housing records, financial aid inquiries, and in some cases credit card numbers was hacked.  UNT sent letters to current, former, and prospective students whose information may have been accessed.

 
Information Source:
Dataloss DB
records from this breach used in our total: 39,000

November 27, 2006 Johnston County, NC
Johnston County, North Carolina
GOV DISC

About 39,000 North Carolina residents

Personal data, including SSNs, of thousands of taxpayers, were inadvertently posted on the county web site. The information was removed from the site within an hour after officials became aware of the situation.

 
Information Source:
Dataloss DB
records from this breach used in our total: 39,000

July 31, 2010 Montefiore Medical Center
Bronx, New York
MED STAT

39,000

Two computers were stolen during the weekend of May 22nd. Names, medical record numbers, Social Security numbers, dates of birth, insurers, and hospital admission dates for an unknown number of patients were on the computers.

UPDATE (8/3/10): One computer was from the Finance Department and had the information of 16,000 patients; the second computer theft affected the records of 23,000 students from the School Health Program and their families.

 
Information Source:
PHIPrivacy.net
records from this breach used in our total: 39,000

August 16, 2013 Ferris State University
Big Rapids, Michigan
EDU HACK

62,000 (39,000 Social Security numbers)

An unauthorized person gained access to the school's computer network.  Campus ID numbers, names, and possibly other information of staff and students were exposed.  In addition to the 39,000 people who had their files with Social Security numbers exposed, 19,000 more indidviduals were notified of the breach.

UPDATE (10/22/2013): It is estimated that 62,000 people were affected and $380,000 was spent investigating the breach.  This number includes providing services to those who were affected.

 
Information Source:
Media
records from this breach used in our total: 39,000

August 28, 2013 Missouri Credit Union
Columbia, Missouri
BSF DISC

39,000

A file with customer information was accidentally published on Missouri Credit Union's website on August 5.  The names, Social Security numbers, account numbers, teller and call in passwords, and addresses of Missouri Credit Union members were accessed.  The file was accessed 10 times before the issue was discovered and it was taken off of the website.

 
Information Source:
Media
records from this breach used in our total: 39,000

April 26, 2005 Michigan State University's Wharton Center
East Lansing, Michigan
EDU HACK

40,000

A hacker may have stolen the credit card information of visitors attending a performing arts venue.  Warnings were sent to Wharton visitors who used their credit cards anytime between September of 2003 and the incident.

 
Information Source:
Dataloss DB
records from this breach used in our total: 40,000

May 19, 2005 Valdosta State University
Valdosta, Georgia
EDU HACK

40,000

A computer server containing campus ID card information and Social Security numbers was hacked. The cards were designed to be used as debit cards by students and employees.

 
Information Source:
Dataloss DB
records from this breach used in our total: 40,000

April 14, 2006 NewTech Imaging
Honolulu, Hawaii
BSO INSD

40,000

Records containing the names, Social Security numbers and birth dates of more than 40,000 members of Voluntary Employees Benefit Association of Hawaii were illegally reproduced at a copying business before they were to be put onto a compact disc for the State. Police later found the data on a computer that had been confiscated as part of a drug investigation.  Those who were on the list and Hawaii Government Employees Association and United Public Workers members who were enrolled in union-sponsored health and group life insurance plans between July and December 1999 were warned.  Investigators were only able to speculate that the theft may have occurred in February of 2005.

 
Information Source:
Dataloss DB
records from this breach used in our total: 40,000

April 6, 2007 Chicago Public Schools
Chicago, Illinois
EDU PORT

40,000

(773) 553-1142

Two laptop computers contain the names and Social Security numbers of current and former employees was stolen from Chicago Public Schools headquarters.

 
Information Source:
Dataloss DB
records from this breach used in our total: 40,000

February 15, 2008 Systematic Automation Inc
Fullerton, California
BSO STAT

40,000

Police filed possession of stolen property charges against a prison parolee who was arrested for having a computer with more than 40,000 names, addresses and Social Security numbers of California residents. The computer was stolen from Systematic Automation Inc., which processes individualized annual statements customized for employees with a summary of their health and other employee benefits. The hard drive contained employee information from 19 agencies. Some of the agencies include the Modesto City Schools, Clovis Unified School District, Los Angeles Department of Water and Power, Nestle Waters North America and the Torrance Unified School District.

 
Information Source:
Dataloss DB
records from this breach used in our total: 40,000

Showing 4051-4100 of 4488 results


X

Sign In!

Loading