Chronology of Data Breaches
Security Breaches 2005 - Present

Posted Date: April 20, 2005
Updated Date: December 31, 2013

Is this your first visit to our Chronology of Data Breaches?

  • Read our FAQ about what we define as a breached record, how we calculate the "total" records breached, our data sources, state breach notice laws, studies and other resources

  • Learn how to use our Chronology and take advantage of its sophisticated search and sort features

  • Get our RSS Feed to see when we add new breaches to the list

What would you like to do?

Chronology of Data Breaches

Custom Sort
Select your desired results. Then click "Go!"

Click or unclick the boxes then select go.


Select features, then click GO.



Help Guide

Can't find the sort feature you're looking for? Click here to download a CSV file of the data breach list as it exisits today.
Breach Total
815,842,526 RECORDS BREACHED
(Please see explanation about this total.)
from 4,488 DATA BREACHES made public since 2005

Save or Print PDF of Entire Breach List including introduction.Save or Print a PDF of Entire Breach List (including introductory FAQ)

Filter breach list before saving or printing PDF. Conduct a search of the Chronology using its sorting features, and Save or Print a PDF of your search results (Select filters)

If you do not have access to PDF, you can print the Chronology in landscape view.

Date Made Public Name Entity Type
January 24, 2011 University of Missouri, Coventry Health Care
Columbia, Missouri
EDU DISC

750 (No SSNs or financial information reported)

A Coventry Health Care computer malfunction caused the names of University of Missouri health insurance program participants to be aligned with incorrect mailing addresses.  Names, member numbers and birth dates were on mailed documents like benefits statements, health services letters and new ID cards.  The erroneous mail was sent out to employees between January 6 and 10.  An employee notified the University on or around January 14.

 
Information Source:
PHIPrivacy.net
records from this breach used in our total: 0

January 26, 2011 Hamilton Beach Brands, Inc.
Glen Allen, Virginia
BSR HACK

Unknown

Hacker code was discovered on a server that hosts www.hamiltonbeach.com and www.proctorsilex.com. The server was breached on or around January 5. Customer names, credit card information, addresses, telephone numbers and email addresses were captured. The captured information was sent to hmtbccv@gmail.com and prosilexccv@gmail.com

 
Information Source:
Databreaches.net
records from this breach used in our total: 0

January 26, 2011 J. Press
New Haven, Connecticut
BSR HACK

Unknown

An unauthorized party gained access to records of customer online orders placed between January 5 and January 10. Customer names, credit card information, order information and addresses may have been exposed. The website was temporarily shut down after J. Press learned of the breach.

 
Information Source:
Databreaches.net
records from this breach used in our total: 0

January 26, 2011 KBR, Inc.
Houston, Texas
BSO PORT

Unknown

People with questions regarding this incident may call 1-877-311-6112 or email response@kbr.com.

A company laptop that contained the personal information of current and former KBR employees and contractors was stolen. Names, Social Security numbers, addresses, dates of birth and employee ID numbers may have been accessed.

 
Information Source:
Databreaches.net
records from this breach used in our total: 0

January 25, 2011 Plainfield Board of Education
Plainfield, New Jersey
EDU UNKN

Unknown

Someone posted administrative login information and a link to the login page of the Plainfield District's Genesis Student Information System on a popular online message board. Plainfield did not disclose how the admin user name and password were discovered. An unknown number of people would have had access to student records and maybe even student and parent contact information. The breach was discovered and addressed within 24 hours.

 
Information Source:
Databreaches.net
records from this breach used in our total: 0

January 29, 2011 Bend Ophthamology
Bend, Oregon
MED STAT

Unknown

Five desktop computers were stolen from the Bend office during a robbery sometime between January 26 and 27.  The office is located in the Pilot Butte Medical Clinic.  How much information and the kinds of information exposed were not reported.

 
Information Source:
PHIPrivacy.net
records from this breach used in our total: 0

January 29, 2011 Southern Perioperative Services, P.C.
Pelham, Alabama
MED PORT

2,000 (No SSNs or financial information reported)

The breach may not have occurred at the Pelham office and may have affected other offices in Alabama.

A device with protected health information of patients was stolen on or around November 17, 2010.

 
Information Source:
HHS via PHIPrivacy.net
records from this breach used in our total: 0

January 29, 2011 Friendship Center Dental Office
Ocala, Florida
MED PORT

2,200 (No SSNs or financial information reported)

A laptop that contained the protected health information of patients was stolen on or around December 20, 2010.

 
Information Source:
HHS via PHIPrivacy.net
records from this breach used in our total: 0

January 29, 2011 Franciscan Medical Group
Tacoma, Washington
MED STAT

1,250 (No SSNs or financial information reported)

The breach may have occurred outside of Tacoma and affected patients who were seen at other hospitals and clinics.

A computer that contained the protected health information of patients was stolen on or around November 18, 2010.

 
Information Source:
HHS via PHIPrivacy.net
records from this breach used in our total: 0

January 29, 2011 Benefits Resources, Inc.
Cincinnati, Ohio
MED PORT

16,200 (No SSNs or financial information reported)

The location listed is the headquarters of Benefits Resources, Inc. The breach occurred in South Carolina.

A portable electronic device was lost or stolen on or around November 22, 2010. It contained the PHI of patients.

 
Information Source:
HHS via PHIPrivacy.net
records from this breach used in our total: 0

January 29, 2011 Veteran's Affairs Medical Center
White River Junction, Vermont
GOV DISC

114 (No full SSNs or financial information reported)

A client device owned by Dartmouth allowed an unknown amount of people to anonymously log on to a computer network. A document that contained Veteran and Dartmouth patient information could be viewed once people had logged on using the client device. The document contained a list of Dartmouth and Veteran patients. Last names, last four digits of Social Security number, clinical diagnosis and comments were exposed. At least one patient had their full name and date of birth exposed. The problem had existed for an unknown amount of time.

 
Information Source:
PHIPrivacy.net
records from this breach used in our total: 0

January 29, 2011 Dermatology Clinic
Durham, North Carolina
MED PHYS

55 (No full SSNs or financial information reported)

A log book with patient appointment information was discovered missing.  Patients had their names, last four digits of Social Security number, telephone numbers and names of procedures scheduled exposed.  Two searches did not lead to the recovery of the log book; there is a possibility that a patient took the book.

 
Information Source:
PHIPrivacy.net
records from this breach used in our total: 0

January 29, 2011 Texas Health Harris Methodist Hospital Azle
Azle, Texas
MED PORT

Unknown

Those with questions may call (800) 277-3597.

The loss of a back-up computer disc with patient information was confirmed on April 22, 2010.  The disc contained laboratory chemistry exam results.  Patients who were treated at the Hospital's lab between July 2008 an February 2010 were affected.

 
Information Source:
PHIPrivacy.net
records from this breach used in our total: 0

January 28, 2011 University of Iowa Hospitals and Clinics
Iowa City, Iowa
MED INSD

13

University officials launched an investigation to determine if electronic medical records of 13 Iowa Hawkeyes football players receiving care at the facility were accessed inappropriately.  Speculation about the health of the football players and the causes of their illness had been in the media.

UPDATE (2/3/2011): It appears that three workers will be fired and two will be suspended because they inappropriately accessed football player information.

UPDATE (2/7/2011): One of the fired workers is challenging allegations that she viewed patient information without authorization.  She and her representative claim that she did nothing wrong, and that if the accusations were true, viewing computerized medical records for a few seconds should be treated as a minor infraction.

UPDATE (4/5/2011): The nurse who challenged her termination has agreed to resign rather than be fired.

 
Information Source:
PHIPrivacy.net
records from this breach used in our total: 0

January 30, 2011 JP Morgan Chase, Citibank
New York, New York
BSF UNKN

Unknown

A Staten Island resident somehow obtained the personal information of JPMorgan Chase Bank and Citibank customers.  The woman then used the names, addresses, dates of birth and bank account numbers of the people to steal more than $300,000 from Chase and $30,000 from Citibank.  The woman visited banks in and around Manhattan between November 26, 2007 and April 29, 2010.  She used forged driver's licenses to make fraudulent withdrawals.  

 
Information Source:
Databreaches.net
records from this breach used in our total: 0

January 30, 2011 The Minnesota Department of Education
Roseville, Minnesota
GOV DISC

20 (No SSNs or financial information reported)

The transcripts of 20 online BlueSky Charter School students were accidentally released in November of 2010.  The breach was not discovered until the week of January 30 when a new data request for the school was being processed.  

 
Information Source:
Databreaches.net
records from this breach used in our total: 0

January 29, 2011 Amazon.com
Seattle, Washington
BSR DISC

Unknown

A security flaw that allows some Amazon customers to log in with variations of their actual passwords was recently discovered. Lowercase and uppercase letters are not distinguished and people could even use passwords with extra characters as long as the incorrect characters came after the 8th character of the password. An example of this problem is that Amazon would accept "PASSWORD", "password" and "passwordpassword" as correct if someone had a password of "Password". The problem appears to affect older Amazon.com passwords that have not been changed recently.

 
Information Source:
Databreaches.net
records from this breach used in our total: 0

February 3, 2011 University of Washington Hospital
Seattle, Washington
EDU PHYS

17 (No SSNs or financial information reported)

A customer purchased a piece of furniture from the University's Surplus Store that had the medical records of patients.  The information in the records was mostly x-ray and MRI images of spines.

 
Information Source:
PHIPrivacy.net
records from this breach used in our total: 0

February 2, 2011 Texas Children's Hospital
Houston, Texas
MED HACK

Unknown

On December 29, the Harris County District Attorney's Office notified Texas Children's Hospital that its Accounts Payable system may have been breached.  Vendors and employees who received checks between 1999 and 2011 may have had their names and Social Security numbers accessed by an unauthorized third party.  The information seems to have been used to open electricity accounts.

 
Information Source:
Databreaches.net
records from this breach used in our total: 0

January 28, 2011 Five County Credit Union
Bath, Maine
BSF HACK

Unknown

Five County decided to send 3,000 credit and debit cards to customers after discovering a breach that affected a third party.  Some customers noticed suspicious transactions on their debit cards.  About 2,500 debit cards were reissued and 500 Visa credit cards were reissued.  The organization that experienced the breach and the number of customers affected were not reported.

 
Information Source:
Databreaches.net
records from this breach used in our total: 0

February 4, 2011 Twitter, Facebook and PayPal
Rapides Parish, Louisiana
BSO HACK

Unknown

A 17-year old hacker was charged with various computer crimes.  He somehow managed to access the Twitter, Facebook, PayPal and email accounts of multiple celebrities and other people.  The teen was charged with cyberstalking, computer fraud, computer tampering and extortion. 

 
Information Source:
Databreaches.net
records from this breach used in our total: 0

February 7, 2011 HBGary Federal
Sacramento, California
BSO HACK

60,000 business emails (No SSNs or financial information reported)

HBGary announced that it had information about the Anonymous hackers collective.  Anonymous supporters hacked into HBGary's network in order to learn what information had been gathered during the investigation.  Over 60,000 business emails were extracted and the company's website was defaced.  HBGary's leader also had his Twitter account hacked and his personal information exposed.  Anonymous supporters claim the attack was to prevent HBGary from selling trivial information to the FBI.  The hackers published a 23-page document online and claimed that it was the information HBGary was going to sell.  HBGary's email database was also published.  Sensitive information about customers may have been exposed.

 
Information Source:
Databreaches.net
records from this breach used in our total: 0

February 7, 2011 Marriott Vacation Club International
Orlando, Florida
BSR PHYS

Unknown

An unknown number of customer payment slips were lost during shipping. Timeshare maintenance fee payment slips were processed by a bank and shipped back to Marriott. The box of slips arrived damaged and had some of the slips missing. Timeshare owners' names, credit card numbers and expiration dates, and addresses were exposed.

 
Information Source:
Databreaches.net
records from this breach used in our total: 0

February 13, 2011 Bank of America
Charlotte, North Carolina
BSF DISC

Unknown

An unknown number of customers were able to see the information of other customers when attempting to access their accounts online. The problem appeared to involve customers who had the same last name. The mistake exposed information for credit, mortgage and home equity accounts. All access to problem accounts was suspended within hours of the discovery.

 
Information Source:
Databreaches.net
records from this breach used in our total: 0

February 15, 2011 Baptist Memorial Hospital
Huntingdon, Tennessee
MED UNKN

4,800 (No SSNs or financial information reported)

A number of patients were notified after a breach occurred on November 27, 2010.

 
Information Source:
HHS via PHIPrivacy.net
records from this breach used in our total: 0

February 15, 2011 Lake Woods Nursing and Rehabilitation Center
Muskegon, Michigan
MED STAT

656 (No SSNs or financial information reported)

The December 28 theft of a computer may have exposed the health information and other types of information of certain individuals.

 
Information Source:
HHS via PHIPrivacy.net
records from this breach used in our total: 0

February 15, 2011 Baylor Health Care Systems, Baylor Heart and Vascular System, Baylor University Medical Center
Dallas, Texas
MED PORT

8,241 (No SSNs or financial information reported)

A portable ultrasound machine was stolen from the Baylor Jack and Jane Hamilton Heart and Vascular Hospital in Dallas.  The machine was stolen from a patient's room sometime between December 2 and December 3.  Patients who were seen at the hospital between December 26 of 2006 and the date of the theft may have had their names, dates of birth, blood pressure, height, weight and ultrasound images of their hearts on the machine.  It is believed that only a fraction of the 8,000 patients who are at risk actually had their information on the machine at the time of the theft.

 
Information Source:
PHIPrivacy.net
records from this breach used in our total: 0

February 15, 2011 Day's Jewelers
Waterville, Maine
BSR HACK

Unknown

The location listed is the headquarters of Day's Jewelers.

Those with questions can call Day's at (800) 439-3297.

A number of Maine residents have experienced credit, bank account and credit union fraud after shopping at Day's Jewelers.  An investigation has revealed that a hacking incident caused the breach and the approximate time of the breach.

 
Information Source:
Databreaches.net
records from this breach used in our total: 0

February 15, 2011 Affiliated Computer Services (ACS)
Columbus, Ohio
BSO DISC

8,000 (Unknown number of SSNs)

ACS handles the state of Ohio's automated system for paying and tracking child care providers.  An ACS mistake meant that over 8,000 providers were mailed letters with Social Security numbers visible from the outside of the envelope.  Some of the providers were childcare centers and only had ID numbers revealed; smaller providers who had their Social Security numbers as IDs face a greater risk.

 
Information Source:
Databreaches.net
records from this breach used in our total: 0

February 11, 2011 First Transit, FirstGroup America
Cincinnati, Ohio
BSO PORT

Unknown

A flash drive with First Transit applicant personal information was lost on a bus on January 21. Applicant names, Social Security numbers, addresses, dates of birth and possibly other employment information such as conviction record and drug test results may have been on the flash drive.

 
Information Source:
Databreaches.net
records from this breach used in our total: 0

February 20, 2011 Howard Brown Health Center
Chicago, Illinois
MED INSD

Unknown

Call (773) 388-8793 for more information.

A donor database may have been breached. It would have revealed phone numbers and email addresses. It appears that one or more disgruntled organization insiders distributed a libelous letter to people who had their information on the donor database. Several of these people reported receiving the letter.

 
Information Source:
PHIPrivacy.net
records from this breach used in our total: 0

February 19, 2011 Loud Technologies, Inc.
Woodinville, Washington
BSR STAT

Unknown

The office theft of a computer may have exposed names and Social Security numbers of current and former employees.  Some other items had been taken from the office too.  The theft was discovered on November 15.

 
Information Source:
Databreaches.net
records from this breach used in our total: 0

February 18, 2011 The Cigarette Box, Colton's General Store
Las Vegas, Nevada
BSR CARD

Unknown

The Cigarette Box in Las Vegas and The Cigarette Box in Laughlin are associated with the suspect.

A suspect was arrested and charged with fraudulent use of a credit card. The suspect is associated with three businesses and investigators are checking to see if customers of those businesses were victims of fraud. Several card skimmers were recovered at the three businesses.

 
Information Source:
Databreaches.net
records from this breach used in our total: 0

February 24, 2011 Snow Creek
Weston, Missouri
BSO HACK Unknown
It appears that a hacker was able to obtain unencrypted customer credit card information around Friday February 18. Online customers of the ski resort were not affected. Information from electronic card transactions that were performed on-site was exposed.  
Information Source:
Databreaches.net
records from this breach used in our total: 0

February 22, 2011 Jack in the Box
Pearland, Texas
BSR INSD

Unknown

Investigators determined that a Jack in the Box location had been visited by multiple victims of fraudulent credit and debit card charges. Law enforcement visited the store and found a drive-thru employee with a skimmer in his pocket.

 
Information Source:
Databreaches.net
records from this breach used in our total: 0

February 24, 2011 Private Medical Practice
Olathe, Kansas
GOV INSD

Unknown

An Attorney General who investigated the controversial Dr. Tiller is facing allegations that patient records were improperly stored.  The AG admitted that sensitive patient records from the case had been temporarily stored in a former employee's home at one point.

 
Information Source:
PHIPrivacy.net
records from this breach used in our total: 0

February 24, 2011 Henry Ford Health Center
Detroit, Michigan
MED PORT

2,777 (No SSNs or financial information reported)

An employee misplaced a flash drive with sensitive patient information. The flash drive was lost on January 31 and investigators began the process of determining what happened and what information was on the flash drive on February 8. Patients tested for urinary tract infections between July and October of 2010 may have had their names, medical record numbers, test information and results exposed.

 
Information Source:
PHIPrivacy.net
records from this breach used in our total: 0

February 24, 2011 Prudential Patterson Realtors
Hazelwood, Missouri
BSO PHYS

Unknown

Real estate records dating back to 2005 were found in a condominium dumpster by a resident. The records included addresses, phone numbers and copies of personal checks. Prudential Patterson Realtors was sold to Prudential Select Properties in December 2010. Prudential Select said that shredding sensitive documents is their policy.

 
Information Source:
Databreaches.net
records from this breach used in our total: 0

February 17, 2011 Winamp
New York, New York
BSO HACK

Unknown

The location listed is AOL's headquarters.  AOL owns Winamp.

Hackers were able to access forum information, user accounts and emails.  The attack is believed to have been limited to the Winamp forums.  All users are advised to change their Winamp passwords and any similar passwords for other accounts.

 
Information Source:
Databreaches.net
records from this breach used in our total: 0

February 16, 2011 Alabama Department of Motor Vehicles
, Alabama
GOV DISC

Unknown

All Alabama DMV offices could have been affected.

The Alabama DMV used an online tool that allowed people to access personal information of other drivers. There is a record of these individuals since the online search tool required people who used this feature to register their name and credit card information. Users without legal authorization were able to obtain others' personal information association with vehicle registration for approximately three months.

 
Information Source:
Databreaches.net
records from this breach used in our total: 0

March 7, 2011 Blue Cross Blue Shield Florida
Jacksonville, Florida
MED DISC

7,366 (No SSNs or financial information reported)

Members concerned about the breach may call 1-877-526-1013.

A system error caused mail to be sent to the wrong addresses.  Current and former addresses were mixed up and mail containing an explanation of benefits was sent to incorrect (former) addresses.

UPDATE (4/15/2011): The mailing error occurred on October 16, 2010 and was discovered in late January of 2011.

 
Information Source:
PHIPrivacy.net
records from this breach used in our total: 0

March 5, 2011 Rancho Los Amigos National Rehabilitation Center
Downey, California
MED PORT

667 (No SSNs or financial information reported)

Anyone with questions about the breach can call (877) 726-2461.

A stolen laptop contained patient information.  Patient names, dates of birth and medical record numbers may have been exposed.  The laptop was connected to diagnostic machinery.  The laptop was stolen from the Center on or around February 24.

 
Information Source:
PHIPrivacy.net
records from this breach used in our total: 0

March 6, 2011 Alaska Department of Education and Early Development
Juneau, Alaska
GOV PORT

89,519 (No SSNs or financial information reported)

A hard drive with the information of students was stolen. Most of the affected students reside in Fairbanks. Names, dates of birth, student identification numbers, genders, ethnicity, disability status, grade levels, test scores and enrollment information were exposed. The theft is believed to have occurred in early February.

 
Information Source:
Databreaches.net
records from this breach used in our total: 0

March 8, 2011 Western Michigan University
Kalamazoo, Michigan
EDU PORT

Unknown

A backup hard drive that contained student and faculty information was discovered missing on January 25.  Hundreds of current and former students and faculty members had their names and Social Security numbers exposed by the breach.  Academic records were also on the hard drive.

 
Information Source:
Databreaches.net
records from this breach used in our total: 0

March 3, 2011 Racetrac, Seacoast National Bank
Fort Pierce, Florida
BSR CARD

Unknown

The Seacoast National Bank issued thousands of new debit and credit cards after some customers became victims of skimming. Some customers noticed fraudulent charges after making purchases at Racetrac gas station.

 
Information Source:
Databreaches.net
records from this breach used in our total: 0

January 25, 2011 MetLife
Loves Park, Illinois
BSF PHYS

Unknown

Metlife representatives can be reached at 888-383-5257.

Thousands of papers with names, addresses, Social Security numbers, birth dates and account balances were thrown in a dumpster. The breach appears to be the result of an insurance office moving from one location to another. A man searching for metal in dumpsters made the discovery. Most of the files belonged to one insurance agent.

UPDATE (3/1/2011): MetLife has been ordered to provide credit fraud protection for everyone affected by the mistake.  MetLife must also pay a $75,000 fine to the State of Illinois Director of Insurance.  The information had sat in the dumpster for at least four days.  The former insurance agent who was responsible for most of the accounts says that he left 17 filing cabinets with MetLife before he departed the company. He estimated that the filing cabinets contained a thousand accounts.

 
Information Source:
Databreaches.net
records from this breach used in our total: 0

March 9, 2011 CVS Caremark Corp.
Woonsocket, Rhode Island
BSR INSD

Unknown

According to a complaint filed against CVS, CVS used the confidential information of customers to push certain drugs.  CVS is accused of receiving payment for promoting certain pharmaceutical drugs to targeted groups of people. CVS may have violated consumer privacy by sending promotions for specific medications to the physicians of customers.  The complaint was filed on March 7.

 
Information Source:
PHIPrivacy.net
records from this breach used in our total: 0

March 9, 2011 Penn Mutual Life Insurance
Philadelphia, Pennsylvania
BSF INSD

Unknown

In late January or early February, Penn Mutual sent notification that a dishonest employee is likely to have accessed and disclosed customer information.  Names, Social Security numbers, addresses, dates of birth and bank account information may have been exposed. Penn Mutual was unable to determine which customers were affected.

 

UPDATE (4/21/2011): The employee and 15 others involved in an identity theft ring have been identified.  The Penn Mutual employee and insiders from other organizations sold customer information to the ring leader.

 
Information Source:
Databreaches.net
records from this breach used in our total: 0

March 9, 2011 Chapman University
Orange, California
EDU DISC

Unknown

A file that should have only been available to certain University system users was available to all users. It contained the names, Social Security numbers, student ID numbers and financial aid information of students who applied for financial aid for the 2009-2010 school year.

 
Information Source:
Databreaches.net
records from this breach used in our total: 0

March 9, 2011 Navy Federal Credit Union
Norfolk, Virginia
GOV UNKN

Unknown

Two men obtained account information from account holders at NFCU in 2009 and 2010. The men then applied for loans in the names of the account holders. Approximately $460,000 in fraudulent charges were made.  Both men pled guilty.

 
Information Source:
Databreaches.net
records from this breach used in our total: 0

Breach Total
815,842,526 RECORDS BREACHED
(Please see explanation about this total.)
from 4,488 DATA BREACHES made public since 2005
Showing 801-850 of 4488 results


X

Sign In!

Loading