Chronology of Data Breaches
Security Breaches 2005 - Present

Posted Date: April 20, 2005
Updated Date: December 31, 2013

Is this your first visit to our Chronology of Data Breaches?

  • Read our FAQ about what we define as a breached record, how we calculate the "total" records breached, our data sources, state breach notice laws, studies and other resources

  • Learn how to use our Chronology and take advantage of its sophisticated search and sort features

  • Get our RSS Feed to see when we add new breaches to the list

What would you like to do?


Click or unclick the boxes then select go.


Select features, then click GO.



Help Guide

Can't find the sort feature you're looking for? Click here to download a CSV file of the data breach list as it exisits today.
Breach Total
815,842,526 RECORDS BREACHED
(Please see explanation about this total.)
from 4,489 DATA BREACHES made public since 2005

Save or Print PDF of Entire Breach List including introduction.Save or Print a PDF of Entire Breach List (including introductory FAQ)

Filter breach list before saving or printing PDF. Conduct a search of the Chronology using its sorting features, and Save or Print a PDF of your search results (Select filters)

If you do not have access to PDF, you can print the Chronology in landscape view.

Date Made Public Name Entity Type
October 21, 2010 Norman Pediactric Associates and Norman Urology
Norman, Oklahoma
MED PHYS

Unknown

Hundreds of intact medical records and Social Security numbers of oncology patients were found at the Norman Recycling Center. Both organizations believe a common paper shredding company is at fault.  The files were returned to the organizations and affected patients will be contacted.

 
Information Source:
PHIPrivacy.net
records from this breach used in our total: 0

October 19, 2010 WESTMED Medical Group
Purchase, New York
MED PORT

578 (No reports of SSNs or financial information)

A laptop with patient information was stolen in August.

 
Information Source:
HHS via PHIPrivacy.net
records from this breach used in our total: 0

October 13, 2010 San Diego Regional Center
San Diego, California
MED PORT

Unknown

Call 1-888-865-5940 for more information about this incident.

A back-up tape created for the purpose of disaster recovery testing and training was lost during shipping to the California Department of Developmental Services by UPS. Consumers' first and last names, Social Security numbers, contact, diagnostic and medical information may have been exposed. Extracting information from the tape requires sophisticated technology, according to the breach notice letter.

 
Information Source:
Security Breach Letter
records from this breach used in our total: 0

October 27, 2010 Mount Sinai School of Medicine
New York, New York
MED STAT

1,500 (No reports of SSNs or financial information)

A hard drive from the World Trade Center Medical Monitoring and Treatment Program at Mt. Sinai Hospital was lost or taken from a computer in the Mental Health Center.  The information included emails with protected health information, patients' names, and possibly treatment and contact information.

 
Information Source:
PHIPrivacy.net
records from this breach used in our total: 0

October 2, 2010 Has-Camino Travel Agency
South Pasadena, California
BSR STAT

Unknown

A former employee and her husband were arrested on suspicion of stealing computers from her former employer. The computers contained the personal information of clients and were stolen during an office burglary.

 
Information Source:
Databreaches.net
records from this breach used in our total: 0

October 28, 2010 Minor Family Clinic
Phoenix, Arizona
MED UNKN

128 (No SSNs or financial information reported)

An insurance fraud scheme used medical information from the Clinic. Fraudulent charges to patients' insurance companies totaled $108,000. Two people have been indicted, but their method for accessing patient information has not been reported.

 
Information Source:
PHIPrivacy.net
records from this breach used in our total: 0

October 28, 2010 Individual Tax Preparer
Laurinburg, North Carolina
BSF PHYS

Unknown

Eight cabinets full of tax records were stolen from a residence.  The records belonged to a deceased tax preparer named Ester Gaino and go back to at least five years ago.  It seems that the thief or thieves were looking for information that could be used to commit identity theft.

 
Information Source:
Databreaches.net
records from this breach used in our total: 0

October 29, 2010 Southwest Seattle Orthopaedic and Sports Medicine
Burien, Washington
MED HACK

9,493 (No SSNs or financial information reported)

A hacking incident may have exposed the personal information of patients on September 4.

 
Information Source:
HHS via PHIPrivacy.net
records from this breach used in our total: 0

October 29, 2010 Japanese Foundation of Los Angeles
Los Angeles, California
BSR HACK

Unknown

An unnamed third-party vendor that hosted the organization's jflac.org website experienced a security incident. Customers who made purchases related to Japanese Language Proficiency Testing for 2009 and 2010 may have had their names, dates of birth and credit card information accessed. The servers containing customer data were shut down and taken offline after the incident was discovered. The incident occurred on or around September 18, 2010 and the organization aimed to notify all affected customers by October 25.

 
Information Source:
Databreaches.net
records from this breach used in our total: 0

November 1, 2010 Thai Cafe
Indianapolis, Indiana
BSR PHYS

Unknown

An Indianapolis school noticed that their dumpster was being used by someone else. A box of personal information from the Thai Cafe was found to have been illegally dumped. School officials discovered complete payroll stubs from 2000 inside the box and contacted the restaurant owner. The ex-spouse of the restaurant owner apologized for the illegal dumping and claimed that the disposal was handled by a third party.

 
Information Source:
Databreaches.net
records from this breach used in our total: 0

November 2, 2010 Seton Hall University
South Orange, New Jersey
EDU DISC

1,500 (No SSNs or financial information reported)

An Excel spreadsheet with academic information was accidentally emailed to 400 students. Fifteen hundred students had their names, addresses, emails, student ID numbers, majors, credit hours and GPAs exposed. Students who received the attachment were instructed not to view or distribute it. Students were also informed to meet with the associate dean for Undergraduate Student Services and Enrollment Management if they had already opened the attachment.

 
Information Source:
Databreaches.net
records from this breach used in our total: 0

November 4, 2010 Bare Escentuals
San Francisco, California
BSR PORT

Unknown

Sensitive employee data was on an employee's stolen laptop. The employee information on the laptop included name, Social Security number, postal address and historic salary data.

 
Information Source:
Databreaches.net
records from this breach used in our total: 0

May 5, 2005 Arbella Mutual Insurance Company
Quincy, Massachusetts
BSF DISC

Unknown

The Massachusetts Registry of Motor Vehicles was the breached entity.

A customer discovered that he could view the Registry of Motor Vehicles database by visiting a website printed on the bottom of his insurance paperwork.  He was able to look up people by name and then obtain their address, date of birth, license number, driving history and even their Social Security number most times.  The company corrected the problem quickly.  The company believes the error was temporary and that few outsiders were able to access the information.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

June 21, 2005 CVS
Woonsocket, Rhode Island
BSR DISC

Unknown

CASPIAN, a consumer privacy group, notified CVS of a security hole that allowed people to access information about purchases made by customers who used a CVS Corp. loyalty card. Anyone with someone's card number, zip code and the first three letters of the customer's last name could have a list of recent purchases sent to an email account. The company removed Internet access to the information. Fifty million loyalty cards have been issued.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

June 29, 2005 Medica Health Plans
Minnetonka, Minnesota
MED INSD

Unknown

It was discovered that two employees had engaged in unauthorized activities for an extended period of time.  The computer administrators were fired for sabotaging the company's computers and downloading data.  Sensitive information for 1.2 million Medica members may have been accessed.  The former employees prolonged their activities and avoided heavier punishment by hiding and destroying evidence of their activities. 

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

August 12, 2005 Verizon
New York, New York
BSR DISC

Unknown

A website flaw allowed customers to check the account details of other customers if they knew their phone numbers. Users' minutes and cell phone models could be viewed in this manner. This unintentional feature may have gone unnoticed for five years due to a glitch.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

August 9, 2005 Federal Reserve Bank of Dallas
Dallas, Texas
GOV PHYS

Unknown

A truck driver lost thousands of Federal Reserve Bank checks headed to Houston. It seems that the back door of the truck was not closed when the driver left the loading area. Paid and canceled checks with Social Security numbers, names, addresses and signatures were scattered on the highway between Dallas and Houston. Most of the checks were not recovered.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

October 8, 2005 Blockbuster
New York, New York
BSR PHYS

Unknown

Hundreds of files were dumped in clear garbage bags on the street. Recent membership applications revealed customer names, birth dates, addresses, phone numbers, driver's license numbers, credit card number, credit card expiration date and signatures. For some strange reason, the applications also included customer Social Security numbers. The files were dumped after the store went out of business.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

October 20, 2005 Vermont Technical College
Randolph Center, Vermont
EDU DISC

Unknown

Names, Social Security numbers, addresses, SAT scores and ethnicity of all students enrolled during 2003 were posted online from January 2004 until the mistake was discovered in October of 2005.  Someone accidentally sent the data to a publicly accessible place.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

November 7, 2005 Papa John's
Louisville, Kentucky
BSR DISC

Unknown

An error made thousands of customer comments and internal corporate emails available to anyone searching the Internet.  Customer comments submitted between September 29 and November 7 were viewable and had customer names, addresses, phone numbers and email addresses attached.  The company stated that "customer feedback over the last five weeks...could be viewed by a user who would have to enter a very specific, unpublished URL."  The system now requires a password.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

November 6, 2010 Murphy USA
Shelbyville, Indiana
BSR PHYS

Unknown

A file cabinet with personal information was found in a dumpster near Murphy USA gas station. Most of the files belonged to former employees of the gas station. Dozens of copies of Social Security cards, driver's licenses, contact information and other personnel information were retrieved. A representative from the gas station said that the files should have been shredded and that they are searching for the employee responsible.

 
Information Source:
Databreaches.net
records from this breach used in our total: 0

December 21, 2005 Sunrise Volkswagen
Lynbrook, New York
BSR PHYS

Unknown

Bank credit applications with names, Social Security numbers, addresses, telephone numbers, employment information and signatures were obtained by unauthorized access between December 15 and 16.  

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

November 8, 2010 Arista OB-GYN Clinic
Woodstock, Georgia
MED PHYS

Unknown

Private medical records were dumped outside a closed office. A news team found several hundred documents that appeared to mostly be patient records with names, addresses, sonograms, copies of checks and detailed medical information. The dumpster was confiscated and searched by police. Files were also found under the dumpster. The doctor could face felony charges.

 
Information Source:
PHIPrivacy.net
records from this breach used in our total: 0

November 9, 2010 New Hanover County
Wilmington, North Carolina
GOV DISC

Unknown

A list of 9,845 property owner accounts was published online. Social Security numbers were attached to 163 of the accounts, though some people had multiple accounts. The list of delinquent accounts was mistakenly published before the Social Security numbers were removed. It is unclear how long the information was available online.

 
Information Source:
Databreaches.net
records from this breach used in our total: 0

January 15, 2006 Illinois Education Association
Springfield, Illinois
NGO STAT

Unknown

Two laptops, six desktops and a digital camera were stolen from the Illinois Education Association office sometime prior to the week of January 3. Some of the computers contained Social Security numbers of members. Many member organizations were affected. Over 2,400 members from the Elgin Area School District were affected.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

February 16, 2006 University of Washington Medical Center
Seattle, Washington
MED HACK

Unknown

The hacked system serves users at Harborview Medical Center, University of Washington Medical Center, University of Washington School of Medicine, UW Medicine Neighborhood Clinics and UW Physicians.

A hacker broke into the UW Medicine computer system in June of 2004. The incident was not discovered until December of 2005. The hacker may have accessed and copied patient and business records for 18 months. The goal of the hacker appears to have been to use the system for its computing power and data storage.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

February 20, 2006 Alltel Corporation
Little Rock, Arkansas
BSR PHYS

Unknown

Customer files with cell phone records, Social Security numbers, addresses and phone numbers were found in a dumpster. A landscaper discovered the files and alerted a news crew. A spokesperson for the company said that this is against their official electronic policy.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

February 22, 2006 New Hampshire Department of Motor Vehicles
, New Hampshire
GOV HACK

Unknown

Malware was discovered on the DMV server during a routine security check. Though there is no evidence of misuse, credit card information could have been accessed. It is unknown how the malware application got onto the computer. The FBI confiscated the computer.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

February 16, 2006 The Princeton Review
New York, New York
BSR DISC

Unknown

An unauthorized user attempted to obtain the IDs and passwords of a small number of account holders. A small number of the accounts may have contained names, Social Security numbers, dates of birth, email addresses, mailing addresses and information from college applications. The unauthorized user may have had access to the information before the February 10 incident was discovered. At least 35 New York residents were affected.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

March 22, 2006 District of Columbia Board of Elections and Ethics
Washington, District Of Columbia
GOV DISC

Unknown

The Social Security numbers of registered voters in the District of Columbia were accessible. D.C. residents' voting histories were mailed with Social Security numbers that were poorly hidden or not hidden at all. The problem occurred because residents were asked to use their Social Security numbers as voter IDs. The policy was changed to include only the last four digits of Social Security numbers.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

March 30, 2006 Snyder, Cohn, Collyer, Hamilton and Associates, P.C., Murry's Inc.
Bethesda, Maryland
BSF PORT

Unknown

US Protect Corporation was also involved.

A laptop was stolen from Snyder on February 9. Snyder provided the accounting services for Murry's pension plan and others. The laptop may have contained Social Security numbers, dates of birth and pay information.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

April 1, 2006 Shorter College
Rome, Georgia
EDU HACK

Unknown

A student was arrested for computer theft and hacking the College's computer network.  The student may have accessed student, staff and faculty information.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

April 10, 2006 Broward County Records Division
Fort Lauderdale, Florida
GOV DISC

Unknown

Broward County public records with Social Security numbers, driver's license information and bank account details were made available online.  The information has been available online for several years.  A new statute that will require county recorders to remove Social Security numbers and financial information from public documents before posting documents online will take effect in 2007.  The sensitive information that has already been posted will eventually be removed. Individuals can speed up the process of having their specific information removed by submitting a written request.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

April 24, 2006 University of Virginia
Charlottesville, Virginia
EDU STAT

Unknown

A stolen computer contained the information of students who took engineering classes. The information included names, grades and student identification numbers. Hundreds of students are at risk of identity theft since Social Security numbers were used as student identification numbers.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

April 20, 2006 Bear Stearns & Company Inc.
New York, New York
BSF DISC

Unknown

Customers seeking further information may call (212) 272-4275.

Bear Stearn's realized that unauthorized users could access customer accounts. Former customers could still log into on-line accounts if their account numbers had been recycled and given to new users. Such information included account holdings and activities, account statements and IRS Forms 1099-DIV and 1099-INT (which included name, address, account number and Social Security number).

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

April 12, 2006 Greenpoint Mortgage Funding Inc., KPMG International
Novato, California
BSF PORT

Unknown

Laptop computers were stolen from two employees of KPMG who were working with data from Greenpoint. The laptops are believed to have contained customer names, Social Security numbers and FICO scores. At least 32 people from New York alone were affected by the early March theft. Customers were notified during the middle of April.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

April 26, 2006 Sterling Renaissance Festival
Syracuse, New York
BSO HACK

Unknown

Customers with questions may call (315) 947-5782.

Someone was able to access online orders of Brandywine Limited multiple times between 4/18/06 and 4/20/06. The online order forms include customer names, addresses, credit card numbers and credit card information. Some customers may have also had their telephone numbers and email addresses exposed.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

April 19, 2006 Aflac
Columbus, Georgia
BSF PORT

Unknown

A laptop used to submit insurance applications was stolen from a field associate's home during a burglary.  It may have contained the names and Social Security numbers of policyholders and certificate holders.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

April 24, 2006 College of New Paltz
New Paltz, New York
EDU HACK

Unknown

A hacker accessed the Campus' primary web server and set up a file sharing system. The server involved also contained access databases that had names and Social Security numbers.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

May 11, 2006 Healthcare Business Resources (HBR)
Durham, North Carolina
MED DISC

Unknown

Google accessed confidential information on the HBR website and made the information available on the internet. Socail Security numbers, names, phone numbers, dates of birth, addresses and diagnostic information were accessible through Google. Access to the information is now restricted to authorized users with secure identification and passwords. The information was available between August 2005 and January of 2006.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

May 26, 2006 California Department of Financial Institutions
, California
GOV PORT

Unknown

The California Department of Financial Institutions has offices in Sacramento, San Francisco, Los Angeles and San Diego.

On May 26, an examiner's laptop was stolen from a car. The laptop contained the personal data of bank customers.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

June 10, 2006 Nationwide Retirement Solutions
Phoenix, Arizona
BSF PORT

Unknown

The office theft of several laptop computers resulted in the exposure of personal information. City and county employees in Southern Arizona may have had their names, Social Security numbers, birth dates and addresses exposed.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

June 13, 2006 State of Minnesota
Minneapolis, Minnesota
GOV PORT

Unknown

Three laptops with sensitive information were lost or stolen from the office of a state auditor. The missing laptops may have contained Social Security numbers and other personal information on local government employees. There was no evidence of forced entry and the office is not normally accessible to the general public.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

June 26, 2006 King County Elections
Seattle, Washington
GOV DISC

Unknown

Public election records with Social Security numbers were made available online. Like in other counties, individuals can request that their specific information be removed by submitting a written request.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

November 12, 2010 Visiting Nurse Association of Southeastern Connecticut
Waterford, Connecticut
MED PORT

12,000 (No SSNs or financial information reported)

Patients in the area may call (860) 444-1111. The toll free number is (855) 732-3107.

Current and former patients received notification letters stating that their personal information was on a stolen laptop. The laptop was stolen from a nurse's car while it was parked at her home on September 30. The laptop was used to store patient addresses, medical information and names.

 
Information Source:
Databreaches.net
records from this breach used in our total: 0

November 15, 2010 Kayser-Roth Corporation
Greensboro, North Carolina
BSR PORT

Unknown

A laptop with employee information was stolen from the Corporate Payroll Department sometime between the end of the day on October 14 and the beginning of the day on October 15.  Names, addresses, bank account information and Social Security numbers of current and former employees may have been exposed.

 
Information Source:
Databreaches.net
records from this breach used in our total: 0

November 15, 2010 University of Nebraska
Lincoln, Nebraska
GOV DISC

Unknown

Thousands of students had their financial aid and loan information posted on the state treasurer's website. The office is refusing to remove the information for the time being because of limited staff resources. The treasurer's office also claims that the University was given ample time to edit the data so that student names and financial information were not included. Students who received loans, scholarships and other aid for the 2008-2009 school year had their information posted on the website. Some people are concerned that con artists could contact the students on the list and pretend to be a lender who holds their student loan information. Information for 2009-2010 school year spending was also submitted with detailed student information and is scheduled to be uploaded sometime in November.

 
Information Source:
Databreaches.net
records from this breach used in our total: 0

November 15, 2010 Henry Ford Health System
Detroit, Michigan
MED PORT

3,700 (No SSNs or financial information reported)

Those with questions may call (888) 313-1027.

An employee's laptop was stolen on September 24. It contained the information of patients who received prostate services between 1997 and 2008. The laptop was stolen from an unlocked urology medical office. No Social Security numbers, full medical records or health insurance identification numbers were on the stolen laptop. Patient names, medical record numbers, dates of birth and treatment information were on the laptop.

UPDATE (11/23/10): The breach affected 3,700 patients.

 
Information Source:
PHIPrivacy.net
records from this breach used in our total: 0

November 14, 2010 Aetna of Connecticut
Hartford, Connecticut
MED UNKN

2,345 (No SSNs or financial information reported)

A number of insured customers were affected by an unauthorized access or accidental disclosure of personal information in September.

 
Information Source:
HHS via PHIPrivacy.net
records from this breach used in our total: 0

November 14, 2010 Private Dental Practice
Flower Mound, Texas
MED PORT

4,700 (No SSNs or financial information reported)

The August 5 theft of a laptop resulted in the exposure of patient information.

 
Information Source:
HHS via PHIPrivacy.net
records from this breach used in our total: 0

Breach Total
815,842,526 RECORDS BREACHED
(Please see explanation about this total.)
from 4,489 DATA BREACHES made public since 2005
Showing 601-650 of 4489 results


X

Sign In!

Loading