Chronology of Data Breaches
Security Breaches 2005 - Present

Posted Date: April 20, 2005
Updated Date: December 31, 2013

Is this your first visit to our Chronology of Data Breaches?

  • Read our FAQ about what we define as a breached record, how we calculate the "total" records breached, our data sources, state breach notice laws, studies and other resources

  • Learn how to use our Chronology and take advantage of its sophisticated search and sort features

  • Get our RSS Feed to see when we add new breaches to the list

What would you like to do?

Chronology of Data Breaches

Custom Sort
Select your desired results. Then click "Go!"

Click or unclick the boxes then select go.


Select features, then click GO.



Help Guide

Can't find the sort feature you're looking for? Click here to download a CSV file of the data breach list as it exisits today.
Breach Total
815,842,526 RECORDS BREACHED
(Please see explanation about this total.)
from 4,488 DATA BREACHES made public since 2005

Save or Print PDF of Entire Breach List including introduction.Save or Print a PDF of Entire Breach List (including introductory FAQ)

Filter breach list before saving or printing PDF. Conduct a search of the Chronology using its sorting features, and Save or Print a PDF of your search results (Select filters)

If you do not have access to PDF, you can print the Chronology in landscape view.

Date Made Public Name Entity Type
September 13, 2010 SunBridge Healthcare Corporation
Albuquerque, New Mexico
MED PORT

1,000 (No SSNs or financial information reported)

A BlackBerry mobile device was stolen from an employee's desk.  The device had unencrypted current and former resident and patient information from eight different nursing and rehabilitation facilities in Georgia.  No Social Security numbers or financial information were stored on the device, but it did contain patient names, medical record numbers, medical information, dates of birth, and dates of service.

 
Information Source:
HHS via PHIPrivacy.net
records from this breach used in our total: 0

September 13, 2010 New York University School of Medicine Aging and Dementia Clinical Research Center
New York, New York
MED PORT

1,200 (No reports of SSNs or financial information)

A portable electronic device was lost or stolen on April 3.  The health information of 1,200 patients was lost. The incident was reported to the Department of Health and Human Services in September.

 
Information Source:
HHS via PHIPrivacy.net
records from this breach used in our total: 0

September 18, 2010 New York City Human Resources Administration and New York City Department of Health and Mental Hygiene
New York, New York
GOV INSD

Unknown

Two New York City employees from different agencies were involved in an identity fraud ring. One employee worked for the New York City Human Resources Administration and sold copies of welfare recipients' birth certificates and Social Security numbers. The second employee worked for the New York City Department of Health and Mental Hygiene and sold parental identification information from birth certificates. The employees were sentenced to eight months to two years of prison time and one to two years of probation for identification fraud. These crimes happened between 2005 and 2008.

 
Information Source:
Databreaches.net
records from this breach used in our total: 0

September 16, 2010 Martin Luther King Jr. Multi-Service Ambulatory Care Center
Los Angeles, California
GOV INSD

33,000 (No reports of SSNs or financial information)

A janitor removed 14 boxes of patient records and sold them to a recycling center.  The records had names, genders, dates of birth, addresses, medical record numbers and financial batch numbers. Patients who received services from the outpatient facility between January and October of 2008 were affected.  The files were discovered missing on July 29 of 2010 and the custodial worker admitted to selling them.  The custodian is being charged with one count of felony commercial burglary.  Those affected will be mailed notifications during the week of September 20 of 2010.

 
Information Source:
Databreaches.net
records from this breach used in our total: 0

September 17, 2010 Saint Anselm College
Manchester, New Hampshire
EDU DISC

Unknown

A number of alumni who received a University newsletter were notified that their Social Security numbers were printed on mailing labels.  The error occurred on the spring 2010 and fall 2009 newsletters. It seems that no one complained about the fall accidental disclosure.

 
Information Source:
Databreaches.net
records from this breach used in our total: 0

September 16, 2010 Benefit Concepts Inc
East Providence, Rhode Island
BSF PORT

Unknown

A package containing payroll checks and a CD copy of payroll checks was lost during shipment between July 19 and July 20. Benefit Concepts' vendor CompuPay will encrypt CDs and mask paper records in the future, but this CD was not encrypted. Employee names, Social Security numbers and bank account numbers were in the package.

 
Information Source:
Databreaches.net
records from this breach used in our total: 0

August 20, 2010 Turley's Restaurant
Boulder, Colorado
BSR PHYS

Unknown

The owner of Turley's Restaurant went to recycle old employee files. After seeing that the dumpster was full, the owner then left boxes of intact files from former employees near the dumpster. The files included Social Security numbers, birth dates and phone numbers.

 
Information Source:
NAID
records from this breach used in our total: 0

September 22, 2010 Ault Chiropractic Center
Batesville, Indiana
MED STAT

2,000 (No SSNs or financial information reported)

The September 15 theft of a computer may have resulted in the exposure of the protected health information of patients.

 
Information Source:
HHS via PHIPrivacy.net
records from this breach used in our total: 0

September 23, 2010 Alaskan AIDS Assistance Association (Four A's)
Anchorage, Alaska
NGO PORT

2,000 (Unknown number of SSNs reported)

The Four A's is a business associate of the State of Alaska Department of Health and Human Services.

A data storage device containing client names and contact information was stolen from Four A's executive director's car.  Some clients had their Social Security numbers on the device.

 
Information Source:
PHIPrivacy.net
records from this breach used in our total: 0

September 27, 2010 Kern Medical Center
Bakersfield, California
MED HACK

Unknown

An employee opened an email that subsequently affected the entire hospital system in late July. The Kern Medical Center temporarily removed itself from the county computer network to prevent the spread of the attack. Patient records were eventually secured, but it is unknown if any were affected by the 16-day malware attack.

 
Information Source:
PHIPrivacy.net
records from this breach used in our total: 0

September 21, 2010 The Kent Center
Warwick, Rhode Island
MED PHYS

1,361 (No SSNs or financial information reported)

A briefcase with patient records was stolen from a clinician's car on July 13. The lost documents included client names, dates of birth and some clinical information. The patient records do not appear to have been the target of the theft since other cars were broken into during that night.

 
Information Source:
HHS via PHIPrivacy.net
records from this breach used in our total: 0

September 21, 2010 Private Medical Practice
Chesapeake, Virginia
MED PORT

2,739 (No SSNs or financial information reported)

The doctor's patients in Norfolk, Portsmouth, Virginia Beach and Chesapeake may have been affected.

A laptop was stolen from a doctor's office on July 12. It is unknown if patient files were accessible on the laptop. The files would have contained names, dates of birth, diagnoses, treatments, and other personal information.

 
Information Source:
HHS via PHIPrivacy.net
records from this breach used in our total: 0

September 28, 2010 Maine Department of Education
Augusta, Maine
EDU DISC

Unknown

A technology director from the school district was able to access Social Security numbers of staff members in other districts.  The Maine Department of Education has asked school districts to delay submitting student Social Security numbers until the problem has been addressed.  According to reports, "For the first time, Maine school districts are collecting students' SSNs for a statewide database intended to help policy makers track students' progress throughout school and college and into the workplace." This practice has been controversial.

 
Information Source:
Databreaches.net
records from this breach used in our total: 0

September 6, 2010 Humana
Louisville, Kentucky
MED INSD

4 (No SSNs or financial information reported)

A former employee pleaded guilty to illegally accessing and using patient information in order to support his drug habit. The employee worked in Humana's information technology department. He also agreed to help address internal security flaws.

 
Information Source:
PHIPrivacy.net
records from this breach used in our total: 0

August 18, 2010 Wright State Physicians
Dayton, Ohio
MED PORT

1,309 (No SSNs or financial information reported)

A password-protected laptop with patient information was accidentally thrown in the trash and lost for five days. Names, dates of service, and sometimes treatment description of patients treated for vascular conditions within the last four years were on the laptop. The laptop was thrown out on June 11 and found in a landfill on June 16.

 
Information Source:
HHS via PHIPrivacy.net
records from this breach used in our total: 0

August 6, 2010 United HealthGroup
Minneapolis, Minnesota
MED PHYS

735 (No SSNs or financial information reported)

It appears that a breach involving paper records and categorized by the Health and Human Services (HHS) website as "theft, unauthorized access" occurred when patient documents were stolen on March 2. The incident was reported to HHS on August 4. Little more is known about the incident.

 
Information Source:
HHS via PHIPrivacy.net
records from this breach used in our total: 0

August 6, 2010 United HealthGroup
Minneapolis, Minnesota
MED PHYS

16,291 (No SSNs or financial information reported)

United HealthGroup reported a breach of paper records to Health and Human Services in June. The breach occurred on January 26.

 
Information Source:
HHS via PHIPrivacy.net
records from this breach used in our total: 0

September 29, 2010 Cheesecake Factory, PGA Tour Grill, Outback Steakhouse
Washington, District Of Columbia
BSR INSD

Unknown

Two people have been charged with conspiring to commit bank fraud and aggravated identity theft. They paid servers at multiple restaurants in the Washington D.C. area to use skimming devices to collect customer credit card information. The stolen information was used to fraudulently make purchases.

 
Information Source:
Databreaches.net
records from this breach used in our total: 0

September 28, 2010 US Bank
Eau Claire, Wisconsin
BSF CARD

Unknown

A scanner was found at an ATM. It was left undetected between 12:30pm and 4:20pm on Friday, September 17. A customer reported the device the next day when it was placed at the same location again. It appears that one customer was directly affected by unauthorized charges. The bank is in the process of canceling cards that were used on September 17 and 18 of 2010.

 
Information Source:
Databreaches.net
records from this breach used in our total: 0

September 24, 2010 Comprehensive Accounting
Farmington Hills, Michigan
BSF PHYS

Unknown

An employee error reportedly caused thousands of intact client files to be left in an easily accessible dumpster.  The files contained client information and employee Social Security numbers, names, addresses, W2s, bank statements and profit reports from 1990 and after.  The files were removed from the dumpster and are scheduled to be shredded.

 
Information Source:
Databreaches.net
records from this breach used in our total: 0

October 4, 2010 Gulf Pines Hospital
Port St. Joe, Florida
MED PHYS

Unknown

Former employees are concerned that the hospital was not properly cleared before being sold. People reported abandoned files in the middle of the hospital. An emergency room log, driver's license information, Social Security numbers and other personal files were left in the hospital. Patient medical records were removed. The buyer of the property was contacted, but did not return phone calls.

 
Information Source:
PHIPrivacy.net
records from this breach used in our total: 0

October 6, 2010 Gastroenterology Consultants
Omaha, Nebraska
MED PHYS

Unknown

A local news station responded to a report about patient files being left in a recycling dumpster outside of the clinic. Hundreds of documents with patient names, Social Security numbers, addresses and detailed medical information were found and secured by KMTV Action 3 News. The files appear to be from 2002 and 2003.

 
Information Source:
PHIPrivacy.net
records from this breach used in our total: 0

September 13, 2010 City of Shreveport
Shreveport, Louisiana
GOV PHYS

Unknown

Personal city government documents were easily accessible during a public auction. Buyers looking for city furniture were able to search through city payroll information, law enforcement reports and a variety of other documents which contained people's names, contact information and Social Security numbers. City employees admit the exposure was a mistake and removed the documents within an hour of notification. It is believed that the documents escaped from a stack that was scheduled to be burned.

 
Information Source:
Databreaches.net
records from this breach used in our total: 0

September 16, 2010 SanDiegoFit.com
San Diego, California
BSR STAT

Unknown

On August 30, a computer with customer information was stolen from the building. The password-protected computer had customer names, addresses, phone numbers and credit card numbers.

 
Information Source:
Databreaches.net
records from this breach used in our total: 0

September 16, 2010 Cardinal Health
Dublin, Ohio
MED PORT

Unknown

After an investigation into the status of decommissioned computers, it was determined that the locations of 11 were unknown. One laptop contained HR data. Current and former employee identification numbers, Social Security numbers and dates of birth may have been exposed. The investigation began in June when an employee was caught selling a laptop with sensitive information on eBay. Cardinal gave notice of the breach on September 7.

 
Information Source:
Databreaches.net
records from this breach used in our total: 0

September 14, 2010 JP Morgan Chase Bank
Greenburgh, New York
BSF CARD

Unknown

On August 17, a customer notified bank employees that a camera was on an ATM. An arrest was made on August 26 when a man was caught using a skimming device at another Chase bank. On September 14, Razvan Apostal was charged with eight counts of Criminal Possession of a Forged Instrument, and one count of Unlawful Possession of a Skimming Device.

 
Information Source:
Databreaches.net
records from this breach used in our total: 0

September 8, 2010 SeaChange International
Anton, Massachusetts
BSR INSD

Unknown

A temporary administrative assistant admitted to stealing the identity of one employee in July. It is unclear how many employees had their information accessed by the temp, but SeaChange sent notification of the incident to employees in 26 states shortly after discovering the breach.

 
Information Source:
Databreaches.net
records from this breach used in our total: 0

October 8, 2010 AmeriCorps
Washington, District Of Columbia
GOV DISC

Unknown

A website flaw dating back to 2006 may have allowed people to view applicant and participant personal information. Individuals who manipulated the website URL and guessed or knew user log-in names could have accessed participant and applicant contact information, names, and partial or full Social Security numbers.

 
Information Source:
Databreaches.net
records from this breach used in our total: 0

October 12, 2010 HomeCall Inc.
Rockville, Maryland
MED PORT

Unknown

A portable point of care device was stolen from an employee. Client names, addresses, Social Security numbers, medical record numbers, diagnoses and treatment information were on the unencrypted device.

 
Information Source:
PHIPrivacy.net
records from this breach used in our total: 0

October 12, 2010 Alliance Inc.
Baltimore, Maryland
MED PORT

Unknown

A laptop containing client information was stolen from an employee's car on May 3. Client names, addresses, Social Security numbers and diagnoses may have been exposed. The incident was reported on May 10.

 
Information Source:
PHIPrivacy.net
records from this breach used in our total: 0

October 11, 2010 Wright-Patterson Air Force Base
Dayton, Ohio
GOV PHYS

2,123 (No reports of SSNs or financial information)

Paper records were improperly disposed of on July 29.  The incident affected 2,123 patients.

 
Information Source:
HHS via PHIPrivacy.net
records from this breach used in our total: 0

October 11, 2010 Private Counseling and Psychotherapy Practice
Bronx, New York
MED STAT

9,000 (No SSNs or financial information reported)

The September 6 theft of a desktop computer resulted in the exposure of patient information.

 
Information Source:
HHS via PHIPrivacy.net
records from this breach used in our total: 0

October 11, 2010 Alliance HealthCare Services, Inc.
Newport Beach, California
MED PORT

1,474 (No SSNs or financial information reported)

Patients from Oroville hospital in Oroville, CA and Eden Medical Center in Castro Valley, CA were affected.

One or more portable devices were lost or stolen between July 31 and August 5.

 
Information Source:
HHS via PHIPrivacy.net
records from this breach used in our total: 0

October 11, 2010 UnitedHealth Group
Minneapolis, Minnesota
MED PHYS

1,270 (No SSNs or financial information reported)

A breach involving UnitedHealth Group and its business associate CareCore National was posted on the Health and Human Services (HHS) website.  Unauthorized persons were able to access paper records on or around July 8. 

 
Information Source:
HHS via PHIPrivacy.net
records from this breach used in our total: 0

October 11, 2010 Private Medical Practice
Wichita, Kansas
MED PORT

1,200 (No SSNs or financial information reported)

Paper records and at least one laptop with patient information were stolen during an August 20 theft.

 
Information Source:
HHS via PHIPrivacy.net
records from this breach used in our total: 0

October 11, 2010 St. James Hospital and Health Centers
Chicago, Illinois
MED PHYS 967 (No SSNs or financial information reported)
The improper disposal of paper documents may have left the health information of patients of Saint James Hospital and Health Centers exposed. The incident occurred on or around August 10.  
Information Source:
HHS via PHIPrivacy.net
records from this breach used in our total: 0

October 11, 2010 Private Medical Practice
Inglewood, California
MED STAT

928 (No SSNs or financial information reported)

A desktop computer was stolen on or around August 17.

 
Information Source:
HHS via PHIPrivacy.net
records from this breach used in our total: 0

October 14, 2010 Plymouth Road Department of Children's Services
Johnson City, Tennessee
GOV PHYS

Unknown

A person or persons broke into the building during the weekend of October 10. Personal information of clients may have been viewed or recorded, but does not appear to have been stolen. Police believe their suspect entered the building to retrieve a car title document.

 
Information Source:
Databreaches.net
records from this breach used in our total: 0

October 14, 2010 RBC Bank
Lake County, Florida
BSF INSD

Unknown

A bank employee used customer credit card information to open fraudulent loans in their names. The deceased and elderly were targeted. The employee has not yet been arrested and appears to have been using the money to pay for the legal defense of her son.

 
Information Source:
Databreaches.net
records from this breach used in our total: 0

October 12, 2010 ING
Wilmington, Delaware
BSF DISC

Unknown

The location listed is ING's headquarters.

An isolated administration error caused an encrypted file with the personnel information of one client's employees to be made available to the HR department of another client. A password-based registration system was already in place to prevent the wrong addressee from opening encrypted email, however, the email was addressed to the wrong client. The total number of employees who may have had their names and Social Security numbers exposed is unknown, but 473 residents of Maryland were notified of the incident.  On June 3, the other HR department notified ING that they had been sent the wrong information.

 
Information Source:
Databreaches.net
records from this breach used in our total: 0

October 12, 2010 Trade Center Management Associates
Washington, District Of Columbia
BSO PORT

Unknown

A June theft at the facility exposed employee information. Employee names, Social Security numbers and some employee fingerprints were on the stolen equipment. It is unknown how many people were affected, but 284 Maryland residents were notified.

 
Information Source:
Databreaches.net
records from this breach used in our total: 0

October 12, 2010 State Farm Insurance
Bloomington, Illinois
BSF INSD

Unknown

The location listed is that of the State Farm Insurance headquarters.

A dishonest Florida State Farm agent was caught selling customer information to a third party. The former employee was terminated and arrested. The agent's buyer and purpose for wanting the information was not reported.

 
Information Source:
Databreaches.net
records from this breach used in our total: 0

October 12, 2010 Farmers Insurance
San Diego, California
BSF STAT

Unknown

The March 16 theft of office computers may have exposed policyholder information. Names, addresses, Social Security numbers, telephone numbers and driver's license numbers were on the computers. Clients were notified on July 26.

 
Information Source:
Databreaches.net
records from this breach used in our total: 0

October 18, 2010 Jackson Hewitt
Jacksonville, Florida
BSF PHYS

Unknown

Clients and employees of the Jackson Hewitt at the Southside office plaza were affected.

An employee discovered old customer and employee documents in the dumpster behind the office.  The documents included employees' W-2 forms, personal bank statements and some tax information from customers.  The former owner admitted to being responsible and eventually had the documents shredded.

 
Information Source:
Databreaches.net
records from this breach used in our total: 0

October 19, 2010 Chen Financial, KC Realty, and SBC Financial
Westminster, California
BSF INSD

Unknown

Kathy Chen and co-conspirators took advantage of real estate clients at Chen's three businesses.  Chen primarily obtained personal data from unsuspecting borrowers who new immigrants or senior citizens.  The personal and credit information was then used to obtain 47 fraudulent loans amounting to $17,500,000.  Clients in Kern, Orange and San Bernardino counties were affected between 2005 and 2007.  Chen was sentenced to 68 years in prison for identity theft, grand theft, forgery and conspiracy charges. Her two co-conspirators have not been arrested.

 
Information Source:
Databreaches.net
records from this breach used in our total: 0

October 19, 2010 Carolina West Wireless
Beaumont, Texas
BSO UNKN

Unknown

The Carolina West Wireless headquarters is located in Wilkesboro, North Carolina.

Authorities found customer information in the car of two men.  It is not known if the information was obtained through hacking, from an insider, by collecting documents from the company or by other methods.

 
Information Source:
Databreaches.net
records from this breach used in our total: 0

October 20, 2010 University of Arkansas for Medical Sciences
Little Rock, Arkansas
MED PORT

Unknown

A digital camera used for recording newborn information was stolen from an employee at the hospital. The information included newborn photos, mother names and contact information, dates of birth, insurance status and medical record numbers. The photos are taken as a security measure in case an infant is abducted. Infants born at the hospital between July and October were affected.

 
Information Source:
PHIPrivacy.net
records from this breach used in our total: 0

October 19, 2010 Cumberland Gastroenterology P.S.C.
Somerset, Kentucky
MED PHYS

2,207 (No SSNs or financial information reported)

Paper records were stolen on September 18. The records contained protected health information.

 
Information Source:
HHS via PHIPrivacy.net
records from this breach used in our total: 0

October 21, 2010 LoneStar Audiology Group
Houston, Texas
MED PORT

585 (No SSNs or financial information reported)

The August 11 theft of a laptop resulted in the exposure of patient health information.

 
Information Source:
HHS via PHIPrivacy.net
records from this breach used in our total: 0

October 21, 2010 Norman Pediactric Associates and Norman Urology
Norman, Oklahoma
MED PHYS

Unknown

Hundreds of intact medical records and Social Security numbers of oncology patients were found at the Norman Recycling Center. Both organizations believe a common paper shredding company is at fault.  The files were returned to the organizations and affected patients will be contacted.

 
Information Source:
PHIPrivacy.net
records from this breach used in our total: 0

Breach Total
815,842,526 RECORDS BREACHED
(Please see explanation about this total.)
from 4,488 DATA BREACHES made public since 2005
Showing 551-600 of 4488 results


X

Sign In!

Loading