Chronology of Data Breaches
Security Breaches 2005 - Present

Posted Date: April 20, 2005
Updated Date: December 31, 2013

Is this your first visit to our Chronology of Data Breaches?

  • Read our FAQ about what we define as a breached record, how we calculate the "total" records breached, our data sources, state breach notice laws, studies and other resources

  • Learn how to use our Chronology and take advantage of its sophisticated search and sort features

  • Get our RSS Feed to see when we add new breaches to the list

What would you like to do?

Chronology of Data Breaches

Custom Sort
Select your desired results. Then click "Go!"

Click or unclick the boxes then select go.


Select features, then click GO.



Help Guide

Can't find the sort feature you're looking for? Click here to download a CSV file of the data breach list as it exisits today.
Breach Total
815,842,526 RECORDS BREACHED
(Please see explanation about this total.)
from 4,488 DATA BREACHES made public since 2005

Save or Print PDF of Entire Breach List including introduction.Save or Print a PDF of Entire Breach List (including introductory FAQ)

Filter breach list before saving or printing PDF. Conduct a search of the Chronology using its sorting features, and Save or Print a PDF of your search results (Select filters)

If you do not have access to PDF, you can print the Chronology in landscape view.

Date Made Public Name Entity Type
March 10, 2008 Blue-Cross Blue-Shield of Western New York
Buffalo, New York
MED PORT

40,000

A laptop hard-drive containing vital information about members has gone missing. Blue-Cross Blue-Shield of Western New York says it is notifying its members about identity theft concerns after one of it's company laptops went missing.

 
Information Source:
Dataloss DB
records from this breach used in our total: 40,000

May 17, 2010 Silicon Valley Eyecare Optometry and Contact Lenses
Santa Clara, California
MED STAT

40,000

A computer and a plasma TV were stolen from the office on Friday April 2nd, 2010. The computer server contained patient names, addresses, phone numbers, email addresses, birth dates, family member names, medical insurance information, medical records, and in some cases, Social Security numbers.  The data were password protected.

 
Information Source:
Databreaches.net
records from this breach used in our total: 40,000

November 7, 2008 Arizona's Department of Economic Security
Phoenix, Arizona
GOV PORT

40,000

(DES) is notifying the families of about 40,000 children that their personal data may have been compromised following the theft of several hard drives from a commercial storage facility. The information stored on the stolen disks included the names, addresses and phone numbers of families whose children were referred to the DES for early intervention services over the past several years. In the cases of families that had applied for and received services from the agency, their records also included Social Security numbers.

 
Information Source:
Dataloss DB
records from this breach used in our total: 40,000

May 1, 2009 LexisNexis, Investigative Professionals
Miamisburg, Ohio
BSO CARD

40,000

Companies Lexis Nexis and Investigative Professionals have notified up to 40,000 individuals whose sensitive and personally identifiable information may have been viewed by individuals who did not have legitimate access. The data breach is linked to a Nigerian scam artist who used the information to incur fraudulent charges on victims' credit cards. Of the 40,000 individuals whose information was accessed, up to 300 were compromised and used to obtain fraudulent credit cards. The private information viewed included names, dates of birth and possibly Social Security numbers.

 
Information Source:
Dataloss DB
records from this breach used in our total: 40,000

September 12, 2011 Vacationland Vendors, Inc.
WIsconsin Dells, Wisconsin
BSR HACK

40,000

Vacationland Vendors, Inc. arcade equipment used in Sevierville, Tennessee was also affected.

A hacker gained unauthorized access to Vacationland Vendors' card processing systems at Wilderness Waterpark Resort in the Dells and Wilderness at the Smokies in Sevierville.  The breach occurred on march 22.  Customers who used a credit or debit card at one of the resorts between December 12, 2008 and May 25, 2011 were affected.  

 
Information Source:
Databreaches.net
records from this breach used in our total: 40,000

July 30, 2013 US Airways, Advanced Data Processing
Tempe, Arizona
BSO DISC

40,000

A programming error at Advanced Data Processing (ADP) caused employee names, Social Security numbers, and total taxable W-2 wages for the tax years 2010, 2011, and 2012 to be exposed.  A group of other US Airway employees were able to download the payroll information of their colleagues.  ADP corrected the issue in early May and notified US Airways in early June.

 
Information Source:
Media
records from this breach used in our total: 40,000

October 29, 2010 University of Hawai'i West O'ahu (UHWO)
Pearl City, Hawaii
EDU DISC

40,101

Students from the University of Mānoa were also affected.

Unencrypted files that were placed on the faculty web server exposed student information. Student names, Social Security numbers, birth dates, addresses and academic information were placed on the server in December of 2009.  Students who attended UHWO in Fall of 1994 or graduated between 1988 and 1993 were affected. A much larger number of students who attended the University of Hawai'i Mānoa between 1990 and 1998 were also affected. The files were removed on October 18 after a privacy group notified the University. The server was quickly removed from the network.  The faculty member who accidentally placed the file on the server retired before the breach was discovered. 

UPDATE (11/19/10): A former student is filing a class-action lawsuit on behalf of students affected by the University of Hawaii's multiple breaches.  The man attended the Mānoa campus between 1990 and 1998 and claims that he was affected by the this breach and one that occurred in June of 2009.  The names of four other people are attached to his Social Security number and his credit has been used in Georgia. Around 259,000 private records have been exposed by the University of Hawai'i since 2005.

UPDATE (1/27/2012): The University of Hawaii will provide two years of credit protection services and credit restoration services to settle a class-action lawsuit involving data breaches that affected nearly 100,000 students, faculty, alumni, and staff between 2009 and 2011.  The settlement is still subject to court approval.

 
Information Source:
Databreaches.net
records from this breach used in our total: 40,101

June 3, 2010 Penn State
University Park, Pennsylvania
EDU DISC

15,806, 25,000 more later discovered

The Pennsylvania State University sent data breach notification letters to 15 806 individuals who at one time had their personal information, including Social Security numbers, stored in a university database. Penn State issued a press release statement on Wednesday informing the university community that a computer in its Outreach Market Research and Data office was found to be actively communicating with a botnet CNC. According to the statement, the database used by the office had previously contained Social Security numbers on individuals. The university, which discontinued use of SSNs for identification purposes in 2005, nevertheless found that an archived copy of the information went undetected in the computer’s cache.

UPDATE (6/8/10): An additional 25,000 individuals may have been affected.

 
Information Source:
Dataloss DB
records from this breach used in our total: 40,806

March 5, 2006 Georgetown University
Washington, District Of Columbia
EDU HACK

41,000

A server was attacked that housed personal information including names, birthdates and Social Security numbers of District seniors served by the Office on Aging.  Georgetown managed the server as part of a grant to manage information services provided by the D. C. Office of Aging. 

 
Information Source:
Dataloss DB
records from this breach used in our total: 41,000

June 30, 2006 National Institutes of Health Federal Credit Union
Rockville, Maryland
BSF UNKN

Very few of 41,000 members affected [not included in total]

NIHFCU and law enforcement are investigating the identity theft of some of its 41,000 members. No details were given on the type of information stolen, or how it was stolen.

 
Information Source:
Media
records from this breach used in our total: 41,000

December 15, 2009 U.S. Army
Fort Belvoir, Virginia
GOV PORT

42,000

http://www.army.mil/-news/2009/12/16/31955-laptop-containing-personal-information-about-mwr-customers-stolen/

A laptop computer belonging to a Family and Morale, Welfare and Recreation Command (FMWRC) employee was stolen.  Types of information compromised included name, Social Security number, home address, date of birth, encrypted credit card information, personal e-mail address, personal telephone number and family member information.

 
Information Source:
Dataloss DB
records from this breach used in our total: 42,000

December 17, 2007 West Penn Allegheny Health System
Pittsburgh, Pennsylvania
MED PORT

42,000

    (866) 559-6309 Monday through Friday from 10 a.m. to 6 p.m. or e-mail the hospital at askquestions@wpahs.org.

The names, Social Security numbers, phone numbers, addresses and patient care information of 42,000 patients were all on a laptop computer stolen from a nurse's home. Only home care and hospice patients could be impacted, not patients at the hospitals.

 
Information Source:
Dataloss DB
records from this breach used in our total: 42,000

July 17, 2008 Bristol-Myers Squibb
Jacksonville, Florida
BSO PORT

42,000

A backup computer-data tape containing employees' personal information, including Social Security numbers, was stolen recently. The backup data tape was stolen while being transported from a storage facility. The information on the tapes included names, addresses, dates of birth, Social Security numbers and marital status, and in some cases bank-account information. Data for some employees' family members also were on the tape.

 
Information Source:
Dataloss DB
records from this breach used in our total: 42,000

October 14, 2006 T-Mobile USA Inc.
Bellvue, Washington
BSO PORT

43,000 current and former employees

A laptop computer holding personally identifiable information of approximately 43,000 current and former T-Mobile employees disappeared from a T-Mobile employee's checked luggage. T-Mobile has reportedly sent letters to all those affected. The data are believed to include names, addresses, SSNs, dates of birth and compensation information.

 
Information Source:
Dataloss DB
records from this breach used in our total: 43,000

November 16, 2010 Messiah College
Grantham, Pennsylvania
EDU PORT

43,000

An external hard drive was lost or stolen. Current, former and prospective students and their parents may have had their names, Social Security numbers, dates of birth and transcripts exposed. The information was from the financial aid department and spans from 1994 to 2010. Social Security numbers were not collected for all individuals involved, but exact number of individuals who had their Social Security or financial information exposed was not given.

UPDATE (11/21/10): The drive was found by the employee responsible for it.  The likelihood that someone was able to access the information on the drive for a malicious purpose is very low or nonexistent. 

 
Information Source:
Databreaches.net
records from this breach used in our total: 43,000

August 17, 2011 Yale University
New Haven, Connecticut
EDU DISC

43,000

A computer file containing the names and Social Security numbers of former faculty, staff and students was accidentally made accessible online.  The file contained information from 1999 and could be located through a Google search for 10 months.  A change in Google's search engine made the file accessible from September 2010 to July 1, 2011.  A person who performed a Google search on his name discovered the breach on June 30.

 
Information Source:
Databreaches.net
records from this breach used in our total: 43,000

May 21, 2013 Lifeline (Federal Communications Commission), TerraCom Inc., YourTel America Inc.
Washington, District Of Columbia
GOV DISC

127,000 (44,000 Social Security numbers exposed)

TerraCom customers who have questions may call 1-855-297-0243.

Around 44,000 application forms and 127,000 supporting documents for Lifeline were posted online.  Lifeline is a federal program that provides discount internet and phone service for low-income Americans.  Information such as name, Social Security number, scans of food-stamp cards, driver's licenses, tax records, pay stubs, and parole letters was available online. the information had been available since at least March and was removed April 26.

UPDATE (05/23/2013): The story was originally released by Scripps Howard News Service when a reporter found completed Lifeline applications by searching Google for TerraCom-related information.  Terracom and Yourtel are threatening to hold Scripps accountable for costs associated with the breach.  These alleged costs include potentially complying with more than 20 state data breach notification laws.

 
Information Source:
Media
records from this breach used in our total: 44,000

November 30, 2007 Prudential Financial
Fort Washington, Pennsylvania
BSF INSD

44,023

An employee who had authorized access to personal information was arrested and charged with stealing personal information and identity theft. The employee took client names, Social Security numbers, dates of birth, addresses and bank account information.

 
Information Source:
Dataloss DB
records from this breach used in our total: 44,023

May 27, 2005 Cleveland State University
Cleveland, Ohio
EDU PORT

44,420

A laptop containing personal information from applicants, current students, and former students was stolen from the University's admissions office.  The information included Social Security numbers and addresses from as far back as 2001.  Letters were sent to those affected.  

UPDATE (12/24/05):CSU found the stolen laptop

 
Information Source:
Dataloss DB
records from this breach used in our total: 44,420

March 5, 2012 Digital Playground
Van Nuys, California
BSR HACK

72,794 (44,663 credit card numbers obtained)

A group of hackers accessed customer details, credit card numbers, and administrator information.  At least a) 28 administrator names, usernames, email addresses, and encrypted passwords, b) 85 affiliate usernames, plain-text passwords, c) 100 user email addresses, usernames, and plain-text passwords, and d) 82 .gov and .mil email addresses and plain-text passwords were posted. The hackers criticized the ease of obtaining the credit card numbers, expiration dates, cvvs, and customer billing addresses which were all in plain text.  The hackers chose not to post customer credit card numbers.

 
Information Source:
Databreaches.net
records from this breach used in our total: 44,663

February 12, 2005 Science Applications International Corp. (SAIC)
San Diego, California
BSO STAT

45,000 employees

On January 25 thieves broke into a SAIC facility and stole computers containing personal information of past and current employees. Stolen information included names, Social Security numbers, addresses, phone numbers and records of financial transactions.

 
Information Source:
Dataloss DB
records from this breach used in our total: 45,000

May 22, 2007 University of Colorado, Boulder
Boulder, Colorado
EDU HACK

45,000

 Hotline: (303) 492-1655

A hacker launched a worm that attacked a University computer server used by the College of Arts and Sciences. Information for 45,000 students enrolled at UC-B from 2002 to the present was exposed, including SSNs. The breach was discovered May 12. Apparently anti-virus software had not been properly configured.

 
Information Source:
Dataloss DB
records from this breach used in our total: 45,000

June 23, 2009 Cornell University
Ithaca, New York
EDU PORT

45,277

A stolen Cornell University computer has compromised the personal information of thousands of members of the University community. The computer contains the names and Social Security numbers of current and former students as well as current and former faculty and staff members.

 
Information Source:
Dataloss DB
records from this breach used in our total: 45,277

May 29, 2008 State Street Corp, Investors Financial Services
Boston, Massachusetts
BSF STAT

45,500

Computer equipment containing personal information on customers and employees of a State Street unit was stolen. The computer equipment was stolen from a vendor hired by Investors Financial Services to provide legal support services. The personal information included names, addresses and Social Security numbers.

 
Information Source:
Dataloss DB
records from this breach used in our total: 45,500

August 13, 2010 Holyoke Medical Center, Caritas Carney Hospital, Milton Hospital, Milford Hospital
Georgetown, Massachusetts
MED PHYS

45,600

At least 32,750 files were found at the Georgetown Transfer Station in Georgetown, MA. Holyoke Medical Center is located in Holyoke, MA. Carney Hospital is located in Dorchester, MA. Milton Hospital is located in Milton, MA. Milford Hospital is located in Milford, MA.

 

A large pile of medical records was found at Georgetown Transfer Station public dump. The reports contained names, addresses, diagnosis, Social Security numbers, and insurance information. A medical billing company known as Goldthwait Associates is believed to be responsible. The medical records are mostly from pathology patients served at the hospitals between 2007 and March of 2010.

UPDATE (9/2/10): Holyoke reported that 24,750 patients were affected.  The exact number of patients affected from other medical centers is still unknown. Between 8,000 and 12,000 patients of Milton Hospital were affected.

UPDATE (10/11/10): Milton Pathology Associates, P.C. reported that a prior owner of Goldthwait Associates improperly disposed of patient information. Eleven thousand patients were affected.  Milford Regional Medical Center reports that the incident affected 19,750 patients.

UPDATE (01/07/2013): People associated with Goldthwait Associates, Chestnust Pathology Services, Milford Pathology Associates, Milton Pathology Associates, and Pioneer Valley Pathology Associates agreed to collectively pay $140,000 to settle allegations related to the breach.

 
Information Source:
PHIPrivacy.net
records from this breach used in our total: 45,600

April 4, 2007 University of California, San Francisco (UCSF)
San Francisco, California
EDU HACK

46,000

(415) 353-8100, isecurity@ucsf.edu

An unauthorized party may have accessed the personal information including names, Social Security numbers, and bank account numbers of students, faculty, and staff associated with UCSF or UCSF Medical Center over the past two years by compromising the security of a campus server.

 
Information Source:
Dataloss DB
records from this breach used in our total: 46,000

February 8, 2012 West Virginia Chiefs of Police Association, Alabama Department of Public Safety, Texas Department of Public Safety, City of Mobile Police Department, Texas Police Chiefs Association, Texas Police Association
, West Virginia
BSR HACK

46,943 (46,000 SSNs reported)

No city is listed.  Board members, members, and organization officers live throughout West Virginia. People in Mobile, Alabama and Texas were also affected.

A hacker obtained and revealed 156 home addresses, phone numbers, cell phone numbers, email addresses, and usernames of police officers associated with the West Virginia Chiefs of Police Association. Retired police chiefs, and every current police chief in West Virginia had their information exposed. The hacker was associated with Anonymous.

UPDATE (08/24/2012): A hacker associated with the attack on West Virginia Chiefs of Police Association and several other law enforcement associations was caught and sentenced to 27 months in federal prison.  He was also ordered to pay $14,062.17 in restitution.  Alabama Department of Public Safety spreadsheets with information on sex crimes and a database listing descriptions of offenders' cars were posted online. Over 46,000 citizens in the state of Alabama may have had their names, Social Security numbers, license plate numbers, dates of birth, phone numbers, addresses, and criminal records accessed by hackers who attacked the City of Mobile Police Department. A total of 787 police officer names, usernames, plain text passwords, addresses, and other agency information from The Texas Police Association was posted online.  The Wisconsin Chiefs of Police Association, the Texas Department of Public Safety, the Dallas Police Department, and the Texas Police Chiefs Association also experienced hack attacks.

 
Information Source:
Databreaches.net
records from this breach used in our total: 46,000

May 1, 2007 JP Morgan
Chicago, Illinois
BSF PORT

47,000

A computer tape containing personal information of wealthy bank clients and some employees was delivered to a secure off-site facility for storage but was later reported missing.

 
Information Source:
Dataloss DB
records from this breach used in our total: 47,000

July 16, 2008 Greensboro Gynecology Associates
Greensboro, North Carolina
MED PORT

47,000

A backup tape of patient information was stolen from an employee who was taking the tape to an off-site storage facility for safekeeping. The stolen information included patients' names, addresses, Social Security numbers, employers, insurance companies, policy numbers and family members.

 
Information Source:
Dataloss DB
records from this breach used in our total: 47,000

June 24, 2013 Florida State University, Florida Department of Education
Tallahassee, Florida
EDU DISC

47,000

The information of 47,000 Florida teachers was publicly accessible for 14 days after a data transfer at Florida State University.  The information was from teachers participating in state prep programs.  The Department of Education used Florida State University as the contractor for the transfer of teacher data.

UPDATE (06/26/2013): People who participated in Florida teacher preparation programs during the 2009 -2010 and 2011-2012 academic years were affected.

 
Information Source:
Media
records from this breach used in our total: 47,000

November 24, 2014 Sony Pictures
New York, New York
BSO HACK

47,000

Sony Pictures Entertainment has suffered a data breach when hackers posted threatening messages on company computers.

According to a report the threat "began with a skull appearing on screens, and then a strangely ominous message telling users they’d been hacked by something called #GOP. It gets more bizarre as the message claims this is just the beginning and then threatens to release documents by 11 PM this evening."

The company has completely shut down all email communications and employees are not allowed to use company computers while the entertainment giant works through where and what the threat is and if it is real. The original threat did not give specifics or communicate any kind of "ransom" for the data that had supposedly been hacked.

More Information: https://deadline.com/2014/11/sony-computers-hacked-skull-message-1201295...

 

UPDATE (12/5/2014): A data security analyst has discovered information leaked by the hacker (s) goes beyond what was originally reported.

According to the security company Identity Finder, showed that leaked files included vast amount of personal data on "more than 47,000 celebrities, freelancers, and current and former Sony employees".

"An analysis of 33,000 leaked Sony Pictures documents by data security software firm Identity Finder showed that the leaked files included the personal information, salaries and home addresses for employees and freelancers who worked at the studio. Some of the celebrities include Sylvester Stallone, director Judd Apatow and Australian actress Rebel Wilson, according to the Wall Street Journal, which first reported on the analysis".

Additional information such as contracts, termination dates, termination reason and other data was also leaks. Unfortunately these files were in Excel format without any password protection.

More Information: http://www.cnet.com/news/sony-hack-said-to-leak-47000-social-security-nu...

UPDATE (12/16/2014): "Sony Pictures Entertainment has been sued by two self-described former employees who accuse the movie studio of failing to protect Social Security numbers, healthcare records, salaries and other data from computer hackers who attacked it last month.

 

The proposed class action lawsuit against Sony Corp's studio was filed on Monday in federal court in Los Angeles. It alleges that the company failed to secure its computer network and protect confidential information."

More Information: http://www.reuters.com/article/2014/12/16/sony-cybersecurity-classaction...

 
Information Source:
Media
records from this breach used in our total: 47,000

May 12, 2006 Mercantile Potomac Bank
Gaithersburg, Maryland
BSF PORT

48,000

A laptop containing confidential information about customers, including Social Security numbers and account numbers was stolen when a bank employee removed it from the premises, in violation of the bank's policies. The computer did not contain customer passwords, personal identification numbers (PIN numbers) or account expiration dates. The bank contacted affected customers and offered them one year of free credit monitoring services.

 
Information Source:
Dataloss DB
records from this breach used in our total: 48,000

February 9, 2009 Federal Aviation Administration
Washington, District Of Columbia
GOV HACK

43,000 Total increased to 48,000

Hackers broke into the Federal Aviation Administration's computer system, accessing the names and Social Security numbers of employees and retirees.

 
Information Source:
Dataloss DB
records from this breach used in our total: 48,000

September 28, 2007 Wal-Mart Stores Inc.
Bentonville, Arkansas
BSR INSD

48,686

A Wal-Mart associate took confidential information relating to a group of associates. The former associate was not authorized to retain the information after ending his employment with Wal-Mart. Associate names, Social Security numbers, Wal-Mart job codes and compensation information were exposed. The incident occurred on August 15.

 
Information Source:
Dataloss DB
records from this breach used in our total: 48,686

July 21, 2005 University of Colorado, Boulder
Boulder, Colorado
EDU HACK

49,000

Prospective students, current students, staff, faculty and University health care service recipients may have had their data exposed in a campus server breach.  The information included names, Social Security numbers, addresses, student ID numbers, birth dates, and lab test information. The University mailed letters and sent emails to the individuals affected.

UPDATE (08/20/2005) The number of students affected was increased from an estimate of 42,000 to 49,000.

 
Information Source:
Dataloss DB
records from this breach used in our total: 49,000

August 19, 2005 University of Colorado
Denver, Colorado
EDU HACK

49,000

A hacker may have gained access to personal information from June of 1999 to May of 2001, and fall of 2003 to summer of 2005.  The information included current and former student names, Social Security numbers, addresses and phone numbers.  The University contacted individuals who were affected.

 
Information Source:
Dataloss DB
records from this breach used in our total: 49,000

August 14, 2013 Michigan Department of Community Health, Michigan Cancer Consortium
Lansing, Michigan
MED HACK

49,000

A server for the Michican Cancer Consortium that housed names, Social Security numbers, dates of birth, cancer screening test results, and testing dates was hacked.  The Michigan Department of Community Health claimed that the breach should not fall under strict HIPAA regulations because testing records, rather than medical records, were affected.

 
Information Source:
Media
records from this breach used in our total: 49,000

April 11, 2008 New York-Presbyterian Hospital, Weill Cornell Medical Center
New York, New York
MED INSD

49,841

An admissions employee is accused of selling 2,000 patients' data in an identity theft scheme and accessing nearly 50,000 records illegitimately. Records contained names, phone numbers and, in some cases, Social Security numbers of patients. The employee has since been charged with one count of conspiracy involving computer fraud, identity document fraud, transmission of stolen property and sale of stolen property.

 
Information Source:
Dataloss DB
records from this breach used in our total: 49,841

November 4, 2005 Keck School of Medicine, University of Southern California (USC)
Los Angeles, California
EDU STAT

50,000

A computer server containing names and Social Security numbers of patients, donors and employees was stolen from a campus computer room.

 
Information Source:
Security Breach Letter
records from this breach used in our total: 50,000

February 9, 2010 California Department of Health Care Services
Sacramento, California
GOV DISC

50,000

The personal security of nearly 50,000 people may have been breached by the California Department of Health Care Services. Social Security numbers were printed on the address labels of letters that were mailed by the department. State employees mistakenly included the numbers in a list of patient addresses. The list was sent to an outside contractor, who printed and mailed the envelopes.

 
Information Source:
Dataloss DB
records from this breach used in our total: 50,000

September 25, 2006 General Electric (GE)
Fairfield, Connecticut
BSO PORT

50,000 employees

An employee's laptop computer holding the names and Social Security numbers of approximately 50,000 current and former GE employees was stolen from a locked hotel room while he was traveling for business.

 
Information Source:
Dataloss DB
records from this breach used in our total: 50,000

January 26, 2007 WellPoint's Anthem Blue Cross Blue Shield
Richmond, Virginia
MED PORT

50,000

(800) 284-9779

Cassette tapes containing customer information were stolen from a lock box held by one of its vendors. Data included names and SSNs.

 
Information Source:
Dataloss DB
records from this breach used in our total: 50,000

February 25, 2012 Piedmont Behavioral Healthcare (PBH), Alamance-Caswell LME (AC LME)
Concord, North Carolina
MED DISC

50,000

A miscommunication caused AC LME to lose access to servers containing sensitive health information.  An Alamance County employee mistakenly changed a lock on the facility that housed data servers for AC LME.  It appears that AC LME forgot to inform the county that AC LME was extending a contract for server maintenance.  Former consumers of AC LME, including those who became PBH consumers on October 1, 2011, may have had their personal health information stored on these servers. The servers are now in the possession of the county and could contain the names, Social Security numbers, medical record identification numbers, addresses, and diagnoses of AC LME consumers. LME officials have not had access to the server room without being monitored by a county employee or with the forensics team assigned to examine the servers.

 
Information Source:
HHS via PHIPrivacy.net
records from this breach used in our total: 50,000

May 30, 2014 Arkansas State University College of Education and Behavioral Science's Department of Childhood Services
Jonesboro, Arkansas
EDU HACK

50,000

Arkansas State University was notified by the Arkansas Department of Human Services of a data breach in their College of Education and Behavioral Science's Department of Childhood Services database, potentially exposing personally identifiable information.

According to A-State's Chief Information Officer Henry Torres,  “we have confirmed unauthorized access to data, but we have no reports regarding illegal use of the information in these files,” Torres said. “We took immediate measures to address this issue after being notified by DHS. We are cooperating with DHS and working with programmers to assess and resolve the situation.”

The breached involved a database related to the "Traveling Arkansas Professional Pathways (TAPP) Registry, which is a professional development system designed to track and facilitate training and continuing education for early childhood practictioners in Arkansas."

To date, the university has stated that Social Security numbers were compromised in the database, no other information as to the specific data was provided by the university.

 
Information Source:
Media
records from this breach used in our total: 50,000

June 29, 2006 Minnesota Department of Revenue
St. Paul, Minnesota
GOV PORT

50,400

http://www.taxes.state.mn.us/taxes/publications/press_releases/content/taxpayer_information.shtml

On May 16, a package containing a data tape used to back up the regional office's computers went missing during delivery. The tape contained personal information including individuals' names, addresses, and Social Security numbers.

UPDATE (7/20/06): The package was reported delivered 2 months later, but apparently had been temporarily lost by the U.S. Postal Service.

 
Information Source:
Dataloss DB
records from this breach used in our total: 50,400

December 17, 2009 North Carolina Libraries
Raleigh, North Carolina
EDU HACK

51,000

Library users at 25 campuses were the victims of a security breach in August. The libraries collect driver's license and Social Security numbers to help identify computer users. The information is stored on a central server in Raleigh. Other campuses affected are Alamance, Beaufort, Bladen, Blue Ridge, Brunswick, Central Carolina, College of the Albemarle, Gaston, Halifax, Haywood, Lenoir, Martin, Nash, Pamlico, Piedmont, Richmond, Roanoke-Chowan, Rowan-Cabarrus, Sandhills, Southwestern, Tri-County, Vance Granville and Wilson.

 
Information Source:
Dataloss DB
records from this breach used in our total: 51,000

August 4, 2006 PSA HealthCare
Norcross, Georgia
MED PHYS

51,000 current and former patients

(866) 752-5259

A company laptop was stolen from an employee's vehicle in a public parking lot July 15. It contained names, addresses, SSNs, and medical diagnostic and treatment information used in reimbursement claims.

 
Information Source:
Dataloss DB
records from this breach used in our total: 51,000

July 24, 2007 St. Vincent Hospital, Verus, Inc.
Indianapolis, Indiana
MED DISC

51,000

Saint Vincent used subcontractor Verus Inc. to set up an online bill payment for patients.  For a "brief" period of time, personal information was left unprotected and available online.  The security lapse compromised names, addresses and Social Security numbers.

 
Information Source:
Dataloss DB
records from this breach used in our total: 51,000

March 22, 2008 Agilent Technologies
Santa Clara, California
BSO PORT

51,000

A laptop containing sensitive and unencrypted personal data on current and former employees of Agilent Technologies was stolen from the car of an Agilent vendor. The data includes employee names, Social Security numbers, home addresses and details of stock options and other stock-related awards. Agilent blamed the San Jose vendor, Stock & Option Solutions, for failing to scramble or otherwise safeguard the data - in violation of the contracted agreement.

 
Information Source:
Dataloss DB
records from this breach used in our total: 51,000

June 27, 2008 Montgomery Ward
Cedar Rapids, Iowa
BSR HACK

51,000

Hackers extracted information from an online database that held credit card account information.

 
Information Source:
Dataloss DB
records from this breach used in our total: 51,000

Breach Total
815,842,526 RECORDS BREACHED
(Please see explanation about this total.)
from 4,488 DATA BREACHES made public since 2005
Showing 4101-4150 of 4488 results


X

Sign In!

Loading