Chronology of Data Breaches
Security Breaches 2005 - Present

Posted Date: April 20, 2005
Updated Date: December 31, 2013

Is this your first visit to our Chronology of Data Breaches?

  • Read our FAQ about what we define as a breached record, how we calculate the "total" records breached, our data sources, state breach notice laws, studies and other resources

  • Learn how to use our Chronology and take advantage of its sophisticated search and sort features

  • Get our RSS Feed to see when we add new breaches to the list

What would you like to do?

Chronology of Data Breaches

Custom Sort
Select your desired results. Then click "Go!"

Click or unclick the boxes then select go.


Select features, then click GO.



Help Guide

Can't find the sort feature you're looking for? Click here to download a CSV file of the data breach list as it exisits today.
Breach Total
867,188,052 RECORDS BREACHED
(Please see explanation about this total.)
from 4,253 DATA BREACHES made public since 2005

Save or Print PDF of Entire Breach List including introduction.Save or Print a PDF of Entire Breach List (including introductory FAQ)

Filter breach list before saving or printing PDF. Conduct a search of the Chronology using its sorting features, and Save or Print a PDF of your search results (Select filters)

If you do not have access to PDF, you can print the Chronology in landscape view.

Date Made Publicsort icon Name Entity Type
September 23, 2013 Stanford University
Stanford, California
EDU HACK

Unknown

Stanford University ID holders (SUNet) users had their account passwords and other information exposed.  The breach occurred sometime during the summer of 2013 and continued into the fall.  The full extent of the breach was not revealed.  SUNet users were instructured to change their passwords before accessing the system again.

 
Information Source:
Media
records from this breach used in our total: 0

September 23, 2013 Summit Community Care Clinic
Frisco, Colorado
MED DISC

921 (No Social Security numbers or financial information reported)

An administrative error led to the exposure of patient email addresses.  Email addresses were placed in the visible "TO:" field instead of the blind "BCC:" field.  The email was an invitation to a monthly patient advisory meeting and was sent on July 22.

 
Information Source:
HHS via PHIPrivacy.net
records from this breach used in our total: 0

September 20, 2013 Murphy USA
Little Rock, Arkansas
BSR CARD

Unknown

Murphy USA stations in Conway Arkansas and Durant, Oklahoma were also affected.  It is unclear if this is related to the breach that occurred at Murphy USA gas stations in 2011 in Virginia.

Two men pleaded guilty to one count each of conspiracy to commit wire fraud.  They placed skimming devices on gas pumps at Murphy USA station in Conway and Little Rock, Arkansas as well as Durant, Oklahoma.  This allowed them to collect credit card information and create fraudulent credit cards.  The breach occurred between April 2012 and January 2013 and led to fraudulent charges of about $400,000. It's estimated that between 50 and 500 people were affected.

 
Information Source:
Media
records from this breach used in our total: 0

September 19, 2013 DiscountMugs.com (BEL USA LLC)
Medley, Florida
BSR HACK

Unknown

Customers who placed an order online or by phone between March 1, 2013 and July 15, 2013 may have had their information exposed.  Customer names, debit and credit card numbers, addresses, phone numbers, expieration dates and CVV codes may have been accessed by hackers.

 
Information Source:
Media
records from this breach used in our total: 0

September 19, 2013 Edgewater Hospital
Chicago, Illinois
MED PHYS

Unknown

A curious resident entered an abandoned building that used to be Edgewater Hospital and found a room filled with thousands of patient records.  A local news team investigated and found that photos had been taken of the situation four years earlier in 2009 by the Illinois State Health Department.  The records included patient names, Social Security numbers, dates of birth, and addresses.  Edgewater Hospital had been abandoned for more than a decade.

 
Information Source:
PHIPrivacy.net
records from this breach used in our total: 0

September 18, 2013 Logan Community Resources, Inc.
South Bend, Indiana
MED UNKN

2,900 (No SSNs or financial information reported)

An August 24, 2012 breach resulted in the exposure of patient information.

 
Information Source:
HHS via PHIPrivacy.net
records from this breach used in our total: 0

September 18, 2013 Minne-Tohe Health Center/Elbowoods Memorial Health Center
New Town, North Dakota
MED UNKN

10,000 (No SSNs or financial information reported)

An October 1, 2011 breach resulted in the exposure of protected health information.

 
Information Source:
HHS via PHIPrivacy.net
records from this breach used in our total: 0

September 18, 2013 St. Francis Health Network, Advantage Health Solutions
Indianapolis, Indiana
MED UNKN

2,575 (No SSNs or financial information reported)

Advantage Health Solutions and St. Francis Health Network (Franciscan Alliance ACO) were affected by a breach.

 
Information Source:
HHS via PHIPrivacy.net
records from this breach used in our total: 0

September 15, 2013 International SOS Assistance, Inc.
Philadelphia, Pennsylvania
GOV HACK

Unknown

An unauthorized user or users accessed at least one U.S. system that hosts traveler information.  The type of information that may have been accessed was not reported and International SOS is still investigating the incident.

UPDATE (10/23/2013): The breach occurred on August 24 and was confirmed on August 28.  Names and passport numbers were exposed.  Some travelers also had their Social Security numbers exposed.

 
Information Source:
Media
records from this breach used in our total: 0

September 13, 2013 MNsure
St. Paul, Minnesota
MED DISC

2,400 

An agency employee accidentally sent the information of 2,400 insurance agents to two other MNsure employees via email.  MNsure instructed the employees to delete the information.  Names, Social Security numbers, and addresses were part of the breach.

UPDATE (12/12/2013): It was also discovered that the health insurance exchange has vulnerabilities that may allow hackers to see information travelling between a user's computer to the MNsure website.

 
Information Source:
Media
records from this breach used in our total: 2,400

September 13, 2013 Argotec
Greenfield, Massachusetts
BSR UNKN

Unknown

An unspecified incident occurred on or around July 26 that may have exposed the confidential information of current and former employees.  Names, Social Security numbers, and bank account information may have been exposed.  Current employees were sent notification on August 6.

 
Information Source:
Media
records from this breach used in our total: 0

September 11, 2013 Edgewood Partners Insurance Center (EPIC)
San Mateo, California
BSF PORT

Unknown

Five laptops were stolen during a July 16 office burglary.  The laptops contained confidential information and were password-protected but unencrypted.  Current and former employees and their beneficiaries and dependents, contractors, and job applicants were affected. Names, Social Security numbers, addresses, dates of birth, drivers' license numbers, benefits information, bank account information, and health information were exposed.

 
Information Source:
Media
records from this breach used in our total: 0

September 11, 2013 Kaiser Permanente
Oakland, California
MED DISC

Unknown

Participants in a Wellness Screening competition pilot may have had their information exposed.  A Kaiser Permanente employee accidentally included confidential information in an email sent to a member of the pilot planning team. In addition to a summary of the competition, it included names, Kaiser Permanente medical record numbers, phone numbers, email addresses, names of employers, department names, and dates and times of health screenings.  The pilot planning team member was not authorized to receive the confidential information.

 
Information Source:
California Attorney General
records from this breach used in our total: 0

September 11, 2013 FSV Payment Systems, Paymast'r Services
Boulder, Colorado
BSF HACK

Unknown

Between July 22 and July 28, an unauthoried party accessed a website that contained sensitive information.  Names, Social Security numbers, addresses, drivers' license numbers, and Payroll Card numbers may have been accessed.  The website was shutdown once the breach was discovered. Paymast'rServices, PaycheckPLUS! Payroll cards issued by MetaBank were affected.

 
Information Source:
California Attorney General
records from this breach used in our total: 0

September 10, 2013 Pierce County Housing Authority
Tacoma, Washington
BSO DISC

979

A human error resulted in the exposure of client information.  A client found a file with Social Security numbers on the website.  The site was shut down while the file was removed.  It is unclear how long the information was available and the error was caused by a former employee. 

 
Information Source:
Media
records from this breach used in our total: 979

September 10, 2013 Outdoor Network, LLC, Boats.net, Partzilla.com
Lake Placid, Florida
BSR HACK

Unknown

Those with questions may call (888) 829-6550.

A website breach exposed an unspecified number of customer names, addresses, credit card numbers, credit card expiration dates, and CVV codes.  Hackers put malware on Outdoor Network's Boats.net and Partzilla.com websites and were able to access information from credit card transactions between December 2012 and July 2013.

 
Information Source:
Media
records from this breach used in our total: 0

September 10, 2013 University of South Florida (USF) Health
Tampa, Florida
EDU INSD

140

Police searched the car of a University custodial employee and found USF Physicians Group patient billing information.  Names, Social Security numbers, and dates of birth had been exposed.  The employee no longer works for the University and patients were sent a notification letter in late July.

 
Information Source:
Media
records from this breach used in our total: 140

September 10, 2013 TrendNet
Torrance, California
BSR HACK

700 (No Social Security numbers or financial information exposed)

The FTC case can be found herehttp://www.ftc.gov/os/caselist/1223090/130903trendnetorder.pdf

FTC fined TrendNet for having inadequate security practices and marketing their products to consumers as secure.  TrendNet's website was breached by a hacker or hackers.  This allowed them to bypass users' login credentials and access wireless camera feeds.  At least 700 people who purchased TrendNet security cameras had their live camera feeds hacked. Some of their feeds were published online by hackers.

 
Information Source:
Media
records from this breach used in our total: 0

September 7, 2013 Rockland Federal Credit Union
Rockland, Massachusetts
BSF HACK

Unknown

Those with questions may call 781-878-0232.

Rockland Federal Credit Union is sending customers new debit cards with new PINs as a result of a merchant who discovered a breach in their computer system.  All old debit cards will be deactivated on September 26.

 
Information Source:
Media
records from this breach used in our total: 0

September 6, 2013 Georgia Department of Labor
Marrieta, Georgia
GOV DISC

4,457

An employee accidentally emailed a document with the names and Social Security numbers of 4,457 Cobb-Cherokee Career Center customers to 1,000 people.  Recipients were notified and instructed to delete the email immediately without reading it.

UPDATE (09/06/2013): The employee who accidentally sent the email attachment was suspended. The Georgia Department of Labor is also reviewing its internal policies for handling sensitive information.

 
Information Source:
Media
records from this breach used in our total: 4,457

September 6, 2013 Office of Dr. Hankyu Chung
San Jose, California
MED PORT

2,182 (No Social Security numbers or financial information reported)

A June 17 office burglary resulted in the theft of two laptops.  One of the laptops contained names, telephone numbers, dates of birth, visit dates, health complaints, physical examination notes, diagnoses, testing information, medication information, and other medical record information.  The thief or thieves were able to get into the office by opening an unlocked door.  No identity theft protection services are being offered to affected patients.

UPDATE (11/08/2013): HHS received a report stating that 2,182 patients were affected by the breach.

 
Information Source:
California Attorney General
records from this breach used in our total: 0

September 6, 2013 Conexis, State of Virginia
Blacksburg, Virginia
EDU DISC

13,000

Employees of the state of Virginia who are enrolled in the Commonwealth's 2014 Flexible Spending Account had their information exposed.  Conexis erroneously sent summary reports of Blue Cross/Blue Shield Flexible Spending Account Services to 11 state human resources and payroll employees.  The reports included participants from across the state rather than from specific locations related to the human resources and payroll employees' work.  The human resources and payroll employees who received information that was not intended for them signed a certification confirming that they had deleted or destroyed the information.

 
Information Source:
Media
records from this breach used in our total: 13,000

September 6, 2013 James A. Haley Veterans Hospital
Tampa, Florida
MED INSD

106

A volunteer allegedly stole the names and Social Security numbers of 106 patients and used the information to file $550,000 worth of fraudulent tax returns.  The volunteer had a co-conspirator and the breach began in late January of 2012.  

 
Information Source:
Media
records from this breach used in our total: 106

September 6, 2013 Illinois Department of Healthcare and Family Services
Springfield, Illinois
MED DISC

3,100 (No Social Security numbers or financial information reported)

A contractor sent Family Health Network ID cards to the wrong addresses in July of 2013.  A total of 3,100 clients had their names, Medicaid numbers, and dates of birth exposed.

 
Information Source:
Media
records from this breach used in our total: 0

September 5, 2013 Medical University of South Carolina (MUSC), Dreyer Medical Clinic, Blackhawk Consulting Group
Charleston, South Carolina
MED HACK

10,000 (about 8,000 from MUSC and Dreyer Medical Clinic)

A hacker from outside of the United States accessed customer information from Blackhawk Consulting Group, a credit card processing vendor.  The information included financial information from customers who paid the Medical Univeristy of Southern Carolina with a credit card online or over the phone between June 30 and August 21. No patient information was accessed. Some of Blackhawk Consulting Group's other customers were affected and a total of 10,000 people may have had their information exposed.

UPDATE (09/09/2013): Specifically, names, billing addresses, email addresses, payment card numbers, expiration dates, and CCV2 numbers were exposed by a Blackhhawk Consulting Group hack in August. 

 
Information Source:
Media
records from this breach used in our total: 8,000

September 5, 2013 Boston Public School (BPS), Plastic Card Systems
Boston, Massachusetts
GOV PORT

20,000 (No SSNs or financial information reported)

Boston Public School students across 36 schools may have had their information compromised by the loss of a flash drive.  The flash drive was misplaced sometime around August 9 by BPS's ID card vendor Plastic Card Systems.

 
Information Source:
Media
records from this breach used in our total: 0

September 5, 2013 North Texas Comprehensive Spine and Pain Center
Sherman, Texas
GOV INSD

3,000

A former employee stole an external hard drive that contained the medical information of patients.  There has been no evidence that the information on the hard drive was improperly used.

UPDATE (09/15/2013): Close to 3,000 patients were notified of the potential breach. Names, Social Security numbers, dates of birth, addresses, and diagnoses were exposed.

 
Information Source:
Media
records from this breach used in our total: 3,000

September 3, 2013 InterContinental Mark Hopkins San Francisco
San Francisco, California
BSO PORT

Unknown

A July 4 burglary resulted in the exposure of guest information.  The names, addresses, email addresses, phone numbers, and credit and debit card numbers of guests were on a computer hard drive that was stolen.  The hotel learned of the possibility of a breach of guest data on July 14 and alerted guests around August 8.

 
Information Source:
Media
records from this breach used in our total: 0

September 3, 2013 St. Anthony
St. Louis, Missouri
MED PORT

2,600 (No SSNs or financial information reported)

Patients with questions may call 800-524-7262 extension 1575.  

The July 29 car burglary of a laptop computer and flash drive resulted in the exposure of patient information.  Patient names, dates of birth, and other information contained in medical records were exposed.

 
Information Source:
Media
records from this breach used in our total: 0

September 2, 2013 Creative Banner Assemblies
Minneapolis, Minnesota
BSO HACK

232

A website breach that occurred on June 1 and was discovered on July 22 resulted in the exposure of customer informaiton.  Names, addresses, phone numbers, unencrypted credit card information, and other information stored on temporary data files may have been accessed due to malicious code on the website.

 
Information Source:
Media
records from this breach used in our total: 232

August 31, 2013 John F. Kennedy International Airport
New York, New York
BSO INSD

Unknown

Seven contract baggage handlers were arrested for stealing valuables from customer luggage.  The thefts were caught on camera between April 1 and August 28.  Items such as iPads, iPhones, cash, and jewelrey were discovered in the defendants' homes and cars.

 
Information Source:
Media
records from this breach used in our total: 0

August 30, 2013 Osprey Packs
Cortez, Colorado
BSR HACK

Unknown

Customer information may have been exposed when Osprey Packs' Pro Deal website was hacked.  Customer names, phone numbers, email addresses, billing and shipping addresses, and credit card information may have been exposed.  Osprey Packs learned of the issue on August 7, 2013 when a customer discovered unauthorized activity on their credit card and connected it to Osprey Packs.  Other customers have also noticed fraudulent charges.  The attack may have happened as early as July 9, 2013.

 
Information Source:
Media
records from this breach used in our total: 0

August 30, 2013 Olson & White Orthodontics
O'Fallon, Missouri
MED STAT

10,000

Those with questions may call Olson & White at 855-479-9542.

The July 22 office theft of several computers resulted in the exposure of patient health information.  Names, addresses, X-rays, photos, and diagnostic findings were exposed.

UPDATE (09/04/2013): Two desktops were stolen.  Social Security numbers were also exposed.

 
Information Source:
Media
records from this breach used in our total: 10,000

August 30, 2013 Harbor Freight Tools
Wichita Falls, Texas
BSR HACK

300

Anyone who has shopped at Harbor Freight within the last three months (June, July, and August of 2013) may be at risk for credit or debit card fraud.  Online and in store customers were affected.  Tens of thousands of dollars were taken from between 300 and 600 member accounts.

UPDATE (11/04/2013): Customers who made purchases in stores between May 6, 2013 and June 30, 2013 may have had their card account numbers, expiration dates, and card verification numbers exposed.  

 
Information Source:
Media
records from this breach used in our total: 300

August 29, 2013 University of Texas, Texas Health Science Center at Houston Medical School
Houston, Texas
MED PORT

596 (No SSNs or financial information reported)

An unencrypted laptop that was housed in a locked closet was discovered missing on August 2.  The computer contained names, dates of birth, medical record numbers, and hand and arm image data taken between February 2010 and July 13.  The laptop had not been used since July 19.

 
Information Source:
Media
records from this breach used in our total: 0

August 29, 2013 Republic Services
Phoenix, Arizona
BSO PORT

82,160

An unspecified number of current and former employees were affected by the theft of a laptop.  The laptop was stolen from an employee's home on August 10.  The laptop contained names and Social Security numbers.

UPDATE (09/03/2013): As many as 82,160 current and former employees may have been affected.

 
Information Source:
Media
records from this breach used in our total: 82,160

August 29, 2013 LabMD
Atlanta, Georgia
MED HACK

9,000

An FTC complaint states that a LabMD spreadsheet with insurance billing data of over 9,000 customers was discovered on a public file sharing network. Social Security numbers, insurance information, medical treatment codes, and dates of birth were exposed by the cyber security issue.  Identity thieves were found to have acquired the personal information of at least 500 LabMD customers.

UPDATE (11/15/2013): LabMD disputed the FTC probe and alleged that the government funded the breach to retaliate against LabMD.

 
Information Source:
Media
records from this breach used in our total: 9,000

August 29, 2013 Midwest Supplies
Roseville, Minnesota
BSR HACK

Unknown

Customer names, addresses, email addresses, phone numbers, credit card numbers, expiration dates, and security codes may have been exposed after Midwest Supplies' website was hacked.  All affected customers were offered a $25 coupon for future purchases.

 
Information Source:
Media
records from this breach used in our total: 0

August 28, 2013 Advocate Medical Group, Advocate Health
Park Ridge, Illinois
MED STAT

4 million

The July 15 office theft of four unencrypted desktop computers resulted in the exposure of patient information. Approximately four million patients who were seen by Advocate Medical Group physicians between the early 1990s and July of 2013 were affected.  Names, Social Security numbers, addresses, and dates of birth were exposed.  Diagnoses, medical record numbers, medical service codes, and health insurance information was also exposed in some circumstances.

UPDATE (09/06/2013): A class-action lawsuit on behalf of patients in the Chicago area has been filed.  It claims that Advocate Medical Center should have done more to protect patient information.

 
Information Source:
Media
records from this breach used in our total: 4,000,000

August 28, 2013 Missouri Credit Union
Columbia, Missouri
BSF DISC

39,000

A file with customer information was accidentally published on Missouri Credit Union's website on August 5.  The names, Social Security numbers, account numbers, teller and call in passwords, and addresses of Missouri Credit Union members were accessed.  The file was accessed 10 times before the issue was discovered and it was taken off of the website.

 
Information Source:
Media
records from this breach used in our total: 39,000

August 28, 2013 Washington Inventory Service
Merriam, Kansas
BSO PHYS

Unknown

A box of hundred of employee records was found in a publicly accessible recycling dumpster.  The box was later recovered by an employee, but the records were still left behind.  

 
Information Source:
PHIPrivacy.net
records from this breach used in our total: 0

August 28, 2013 Office of Janna Benkelman
Denver, Colorado
MED PORT

1,500 (No SSNs or financial information reported)

Patients with questions may call 303-805-7168.

An office burglary resulted in the exposure of patient information.  A laptop was stolen from the office of Janna Benkelman, a licensed professional counselor.  The laptop was password-protected. 

 
Information Source:
PHIPrivacy.net
records from this breach used in our total: 0

August 28, 2013 Infocrossing Inc, MO HealthNet, Missouri Department of Social Services
Jefferson City, Missouri
MED DISC

25,000

An error by Infocrossing, Inc. caused the personal information of a group of patients to be mailed to incorrect addresses.  The incident was discovered on June 6, 2013 and impacted correspondence sent between October 16, 2011 and June 7, 2013.  Names, dates of birth, MO HealthNet identification account numbers, county names, phone numbers, and the last four digits of Social Security numbers were exposed.

UPDATE (09/23/2013): The breach was originally thought to have affected fewer than 2,000 individuals and last between 2011 and 2013.  The Missouri Department of Social Services reported that the breach began when information was sent out in December of 2009. More than 25,000 Missouri residents were affected.

 
Information Source:
PHIPrivacy.net
records from this breach used in our total: 25,000

August 28, 2013 Brookdale University Hospital and Medical Center
Brooklyn, New York
MED PORT

2,700 (No SSNs or financial information reported)

The May 24 loss of a portable device resulted in the exposure of patient information.  

 
Information Source:
HHS via PHIPrivacy.net
records from this breach used in our total: 0

August 28, 2013 Standard Register, Brookdale University Hospital and Medical Center
Brooklyn, New York
MED PHYS

2,261 (No SSNs or financial information reported)

The exposure of patient paper records resulted in a breach that was reported in August 2012.

 
Information Source:
HHS via PHIPrivacy.net
records from this breach used in our total: 0

August 28, 2013 Health Plus Amerigroup, Brookdale University Hospital and Medical Center
Brooklyn, New York
MED DISC

28,187 (No SSNs or financial information reported)

An accidental exposure of protected health information affected patients. The information was accidentally disclosed to other facilities.  The breach was reported in September of 2012.

 
Information Source:
HHS via PHIPrivacy.net
records from this breach used in our total: 0

August 28, 2013 Young Family Medicine Inc.
Sidney, Ohio
MED PORT

2,045 (No SSNs or financial information reported)

The June 12 theft of a laptop resulted in the exposure of patient information.

 
Information Source:
HHS via PHIPrivacy.net
records from this breach used in our total: 0

August 28, 2013 Hancock OB/GYN
Greenfield, Indiana
MED INSD

1,396 (No SSNs or financial information reported)

Those with questions may call 1-866-221-0150.

An employee was found to have accessed physician notes without a work-related reason.  The breach began on November 9, 2011 and lasted until June 17, 2013.  Names, dates of service, medical record numbers, clinical information were exposed.

 
Information Source:
HHS via PHIPrivacy.net
records from this breach used in our total: 0

August 27, 2013 Bonneville Power Administration (BPA)
Portland, Oregon
GOV HACK

3,100

Up to 3,100 BPA employees were affected by a cyber attack.  The attack appears to be related to the attack on the Department of Energy's website.  Names, Social Security numbers, and dates of birth were distributed as a result of the Department of Energy breach.

 
Information Source:
Media
records from this breach used in our total: 3,100

August 27, 2013 University of Mississippi Medical Center
Jackson, Mississippi
MED DISC

2,279

An employee of the University of Mississippi Medical Center accidentally attached a spreadsheet with sensitive information to an email that went out to students.  The email was sent on August 21 and the spreadsheet contained student names, Social Security numbers, GPAs, race, gender, dates of birth, mailing addresses, and phone numbers.  The breach was discovered within hours and the University used a combination of asking students to delete the email and manually removing the email from students' webmail accounts.  The email was meant to alert students to changes being made to the school's health insurance.

 
Information Source:
Media
records from this breach used in our total: 2,279

Breach Total
867,188,052 RECORDS BREACHED
(Please see explanation about this total.)
from 4,253 DATA BREACHES made public since 2005
Showing 301-350 of 4253 results


X

Sign In!

Loading