Chronology of Data Breaches
Security Breaches 2005 - Present

Posted Date: April 20, 2005
Updated Date: December 31, 2013

Is this your first visit to our Chronology of Data Breaches?

  • Read our FAQ about what we define as a breached record, how we calculate the "total" records breached, our data sources, state breach notice laws, studies and other resources

  • Learn how to use our Chronology and take advantage of its sophisticated search and sort features

  • Get our RSS Feed to see when we add new breaches to the list

What would you like to do?


Click or unclick the boxes then select go.


Select features, then click GO.



Help Guide

Can't find the sort feature you're looking for? Click here to download a CSV file of the data breach list as it exisits today.
Breach Total
864,188,052 RECORDS BREACHED
(Please see explanation about this total.)
from 4,252 DATA BREACHES made public since 2005

Save or Print PDF of Entire Breach List including introduction.Save or Print a PDF of Entire Breach List (including introductory FAQ)

Filter breach list before saving or printing PDF. Conduct a search of the Chronology using its sorting features, and Save or Print a PDF of your search results (Select filters)

If you do not have access to PDF, you can print the Chronology in landscape view.

Date Made Public Name Entity Type
November 16, 2010 Chili's
Dallas, Texas
BSR HACK

Unknown

Chili's email club service provider InterMundo Media experienced a server breach. No financial information or Social Security numbers were collected for club membership, but full names, email addresses and dates of birth could have been accessed.

 
Information Source:
Databreaches.net
records from this breach used in our total: 0

November 21, 2010 Coliseum Hospital
Macon, Georgia
MED INSD

Unknown

A former employee was able to enter a secured area and log onto a hospital computer while attending a social event. The former employee's access code had been left active and patient records were viewed during the incident.

 
Information Source:
PHIPrivacy.net
records from this breach used in our total: 0

November 19, 2010 1st Source Bank
South Bend, Indiana
BSF UNKN

Unknown

The Bank's third-party payment service provider had a breach incident.  Customer account numbers and expiration dates may have been exposed.  The Bank sent affected customers a new pin and debit card.

 
Information Source:
Databreaches.net
records from this breach used in our total: 0

November 19, 2010 American Association of Retired Persons, AARP Insurance
Washington, District Of Columbia
BSF DISC

Unknown

Any customers who receive another customer's information should call 800-784-5789.

A client received another client's information in an insurance policy letter. He attempted to trace the mistake and notified the organization that underwrites AARP's life insurance program, New York Life Insurance. It is unknown how this error occurred and client names, phone numbers, policy numbers, check account information and dates of birth could have been exposed.

 
Information Source:
Databreaches.net
records from this breach used in our total: 0

November 20, 2010 Desert Rose Resort
Las Vegas, Nevada
BSR HACK

Unknown

Some guests and employees were affected by a breach or breaches that occurred between June 2010 and October 2010. Credit and debit card information was stolen and misused.  The method that criminals used to access the information was not disclosed.

UPDATE (11/30/10): Other hotels owned by Desert's parent company Shell Vacation Resorts may have been affected.

UPDATE (12/22/10): A notice on Shell's website states that the breach occurred because of a malicious software infection.  It was determined that the management system software program of Shell Vacation properties was infected with the malware.

 
Information Source:
Security Breach Letter
records from this breach used in our total: 0

September 5, 2006 TLM Partners LP
Palm Beach, Florida
BSF PORT

Unknown

Two backup computer tapes were stolen from a vehicle during a June 8 theft. The tapes contained names, addresses and Social Security numbers. The tapes were discovered missing on July 6 and an unknown number of affected clients were notified on July 11. At least two New York residents were affected.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

September 27, 2006 New York Life Insurance Company
Boston, Massachusetts
BSF STAT

Unknown

A life insurance agent reported that two desktops were stolen from his office.  Customer names, Social Security numbers, addresses, dates of birth and policy numbers may have been exposed. An unspecified number of customers nationwide were affected.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

October 6, 2006 StarCite Inc.
Philadelphia, Pennsylvania
BSO PORT

Unknown

A laptop containing personal information of employees was stolen from a hotel room on September 13. The information included name, Social Security number, date of birth, address, date of hire, occupation, salary, supplemental insurance information, and identified the type and tier of medical and/or dental coverage.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

November 24, 2010 Sta-Home Health & Hospice
Jackson, Mississippi
MED STAT

1,104 (No SSNs or financial information reported)

A September 15 office burglary resulted in the theft of a desktop computer. The computer once held protected health information of people with state Medicaid claims. Some files included encoded names and diagnostic codes. Medicaid account numbers, financial information and Social Security numbers were not exposed.

 
Information Source:
HHS via PHIPrivacy.net
records from this breach used in our total: 0

December 1, 2010 State Department of Labor and Industries, Washington State Employees Credit Union, Court of Appeals
Tacoma, Washington
GOV PHYS

Unknown

Confidential paper files from at least three tenants of the state-owned Rhodes Building were found in an unsecured recycling bin. Some documents included names, Social Security numbers, checking account information, health information and dates of birth. A news report claimed the documents numbered in the dozens. Representatives for some of the organizations claimed that the files were supposed to be shredded.

 
Information Source:
Databreaches.net
records from this breach used in our total: 0

December 3, 2010 Manor Care of Indy (South), LLC
Indianapolis, Indiana
MED PHYS

845 (No SSNs or financial information reported)

The protected health information of 845 individuals may have been viewed or obtained by an unauthorized person or persons.

 
Information Source:
HHS via PHIPrivacy.net
records from this breach used in our total: 0

December 3, 2010 Prime Home Care, LLC
Omaha, Nebraska
MED STAT

1,716 (No SSNs or financial information reported)

The September 13 theft of a desktop may have left patient information exposed.

 
Information Source:
HHS via PHIPrivacy.net
records from this breach used in our total: 0

November 23, 2010 Triple-C, Inc. (TCI), Triple-S Salud, Inc. (TSS)
San Juan, Puerto Rico
MED HACK

406,000 (No SSNs or financial information reported)

Approximately 398,000 members in the North and Metro-North districts of Puerto Rico's government health insurance plan (HIP) were affected. The information of an additional 5,500 HIP beneficiaries, 2,500 Medicare beneficiaries and IPA from three HIP districts serviced by TSS was accessed.

An internet database managed by TCI containing information of some people insured by Triple-S Salud, Inc. was accessed by employees of a competitor. People insured by TSS under the Puerto Rican government's health insurance plan and independent practice associations (IPA) that provided services to those people may have had their information accessed. The breach was the result of the unauthorized use of one or more active user IDs and passwords for the TCI IPA database. TCI believes that financial information related to IPAs was the target of the attack and not the information of individuals. Multiple intrusions happened in September. A TCI competitor notified the organization on September 21.

 
Information Source:
PHIPrivacy.net
records from this breach used in our total: 0

December 5, 2010 American Check Cashers of Oklahoma, LLC
Tulsa, Oklahoma
BSF PHYS

Unknown

Hundreds of blank checks, bank and telephone statements, Social Security card copies and ID copies were found in a dumpster by someone from a a neighboring store. The documents date from 2004 to 2009. The owner of the business said that the mistake occurred when some sensitive documents were sorted in with non-sensitive documents and dumped rather than shredded. It is unclear whether the sorting error was made by the shredding company or the business. Ninety-six of the documents were kept by the neighboring store's owner. He agreed to return the documents to their owners and destroy the ones he cannot return.

 
Information Source:
Databreaches.net
records from this breach used in our total: 0

December 4, 2010 Phoenix
Baltimore, Maryland
BSF INSD

Unknown

Phoenix was composed of tax businesses named Phoenix Tax World, 101 Taxes, 420 Income Tax Services and 1 One 1 Taxes.

Sometime between late 2005 and April of 2009 the owner of the business and a co-conspirator prepared more than 600 fraudulent individual federal income tax returns on behalf of clients. A book with the names, Social Security numbers and dates of birth of various children was found at the owner's home during a police search. The children's information was used to claim false deductions for fictional dependents of her clients. The owner pleaded guilty to conspiracy to file false tax returns and aggravated identity theft.

 
Information Source:
Databreaches.net
records from this breach used in our total: 0

December 3, 2010 Mesa County, Western Colorado Drug Task Force
Grand Junction, Colorado
GOV DISC

200,000 (Unknown number of SSNs)

A former employee accidentally posted sensitive information in a place that was publicly accessible on the Internet. The home addresses of sheriff's deputies, names of confidential drug informants, confidential emails between officers and other sensitive information were accessible from April until the discovery in November. The FBI is investigating which computer users may have accessed the information. The breach was discovered on November 24 when an individual searched the Internet and found one of the files mentioning his or her name.

 
Information Source:
Databreaches.net
records from this breach used in our total: 0

November 30, 2010 Farber Enterprises
Harlingen, Texas
BSF PHYS

Unknown

Farber Enterprises is located in Kerrville, Texas.

Hundreds of documents were abandoned near a bridge in the Harlingen area.  The documents contained receipts, invoices, canceled checks, Social Security numbers, addresses and phone and driver's license numbers. A man whose information was found said that he had applied for employment with Farber two or three years ago.

 
Information Source:
Databreaches.net
records from this breach used in our total: 0

December 10, 2010 Memorial Hospital of Gardena
Gardena, California
MED PHYS

771 (No SSNs or financial information reported)

The Hospital reported that the unauthorized access or disclosure of paper records affected patients. The incident occurred on or around October 14.

 
Information Source:
HHS via PHIPrivacy.net
records from this breach used in our total: 0

December 10, 2010 Albert Einstein Healthcare Network
Philadelphia, Pennsylvania
MED STAT

613 (No SSNs or financial information reported)

The October 21 theft of a desktop computer may have exposed the protected health information of patients.

 
Information Source:
HHS via PHIPrivacy.net
records from this breach used in our total: 0

December 10, 2010 Kings County Hospital Center
Brooklyn, New York
MED STAT

542 (No SSNs or financial information reported)

The August 22 theft of a desktop computer may have exposed the protected health information of patients.

 
Information Source:
HHS via PHIPrivacy.net
records from this breach used in our total: 0

December 10, 2010 Newark Beth Israel Medical Center, Professional Transcription Company (PTC), Inc.
Newark, New Jersey
MED DISC

1,744 (No SSNs or financial information reported)

Clinical reports with patient names, medical record numbers, hospital account numbers, physician names, dates of birth, diagnosis and other clinical information were accidentally placed on a website by PTC. It is possible that the reports were accessible from January 1 through September. PTC assists the Medical Center in transcribing dictated physician reports.

 
Information Source:
HHS via PHIPrivacy.net
records from this breach used in our total: 0

December 10, 2010 Ochsner Health System , H.E.L.P. Financial Corporation
New Orleans, Louisiana
MED PHYS

9,475 (No SSNs or financial information reported)

The location listed is Ochsner's headquarters. Patients may call 1-877-365-1663 with questions. The senior public relations specialist can be reached at 504-842-9143.

On October 4, Oschner was contacted by several patients claiming they had received the patient information of someone else. Letters had been sent on by HELP on September 27 that included incorrect names, medical record numbers, account numbers and account balances. HELP assists Oschner patients with payment arrangements for outstanding hospital and clinical account balances. A programming error at HELP caused the mistake. No patient will be able to access another patient's medical or financial records using the incorrect information from the letters they received.

 
Information Source:
HHS via PHIPrivacy.net
records from this breach used in our total: 0

December 10, 2010 Genesco Inc.
Nashville, Tennessee
BSF HACK

Unknown

Customers who used credit or debit cards at United States Journeys, Journeys Kidz, Johnston and Murphy, Shi by Journeys and some Underground Stations stores may have had their information gathered during a criminal intrusion of Genesco's computer network. It is possible that credit and debit card numbers, expiration dates and card verification codes were accessed.

UPDATE (01/17/2013): Genesco has spent $2.1 million on consulting and legal fees related to the breach.

UPDATE (03/08/2013): Genesco also owns Lids.  Genesco sued VISA for $13 million in unnecessary fines associated with the data breach.  VISA fined banks for their role in failing to comply with industry-wide credit card security standards.  The banks then took money from Genesco to address fines and breach recovery.

 
Information Source:
Databreaches.net
records from this breach used in our total: 0

December 9, 2010 Methodist Theological School in Ohio
Delaware, Ohio
EDU PORT

Unknown

The October 13 theft of a laptop resulted in the exposure of personal information of some people with a connection to MTSO.  Names, Social Security numbers, dates of birth, financial payments received and letter grades for completed courses may have been stored on the laptop.  The laptop was stolen from a locked off-campus site.

 
Information Source:
Databreaches.net
records from this breach used in our total: 0

December 8, 2010 Illinois Secretary of State Drivers License Division
Libertyville, Illinois
GOV INSD

Unknown

An executive turned himself into authorities after being accused of selling Libertyville customer database information to identity thieves in exchange for sports tickets and gift cards.  The executive faces three counts of conspiracy to commit identity theft.

 
Information Source:
Databreaches.net
records from this breach used in our total: 0

December 13, 2010 Mountain Vista Medical Center
Mesa, Arizona
MED PORT

2,284 (No SSNs or financial information reported)

On October 13, multiple memory data cards were discovered to be missing from two endoscopy machines. The information of patients who had procedures performed between January of 2008 and October 12 of 2010 was on the data cards. The information included full name, hospital record number, date of birth, gender, age, date and type or procedure and image(s) related to the procedure.

 
Information Source:
PHIPrivacy.net
records from this breach used in our total: 0

December 14, 2010 Home Depot
Tallahassee, Florida
BSR INSD

Unknown

A loss prevention officer reported that an employee was using a skimming device to steal the credit card information of customers. The officer reported the employee on December 8 and the employee was caught in the act of using a skimmer on December 10. The number of customers affected by these incidents and the length of time the employee worked at the store have not been reported.

 
Information Source:
Databreaches.net
records from this breach used in our total: 0

December 13, 2010 Liberty Tax Service
Portsmouth, Virginia
BSF PHYS

Unknown

Personal tax documents were left exposed in a dumpster. The tax documents had Social Security numbers, addresses and financial information. The company did not reveal how the documents may have found their way into the dumpster, but said that it was against company policy to leave them exposed and intact. At least one person had their tax information from 2008 exposed.  The number of documents was described as "mounds".

 
Information Source:
Databreaches.net
records from this breach used in our total: 0

December 10, 2010 Walgreens
Deerfield, Illinois
BSR HACK

Unknown

A hacker managed to obtain Walgreens' email marketing list.  People on the list were sent realistic-looking phishing emails that directed them to a web page under hacker control.  The only information that was stolen during the hack was the email list.  People who fell victim to the phishing scam may have entered other personal information into the phony web page.

 
Information Source:
Databreaches.net
records from this breach used in our total: 0

October 14, 2006 CBA Information Solutions, Washington Savings Bank
Bowle, Maryland
BSF UNKN

Unknown

An unauthorized user gained access to the log in information of Washington Savings Bank. The unauthorized user could have accessed customer and non-customer names, Social Security numbers, addresses and credit histories. The breach occurred between September 15 and September 21. At least 20 New York residents were affected, but the nationwide total was not reported.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

October 12, 2006 Sears Holding Corporation
Winter Park, Florida
BSF PORT

Unknown

A laptop was stolen from the office on September 28. Certain customers had their information on an access database file that was on the laptop. Names, telephone numbers, addresses, account number, account types and account expiration dates were exposed.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

December 12, 2010 Gawker
New York, New York
BSO HACK

1,300,000 (No SSNs or financial information reported)

Hackers gained access to the Site's database.  Staff and user emails and passwords, the site code and staff messages were made accessible to anyone.  The group claiming responsibility calls themselves Gnosis.  Gawker encouraged users to change their passwords after their information was exposed.  This may also mean changing passwords for other sites where users have similar screen names and passwords.  Gnosis claims they had access to the site for a long time and exposed Gawker's information "because of their outright arrogance."

 
Information Source:
Databreaches.net
records from this breach used in our total: 0

December 11, 2010 Kaplan University
Chicago, Illinois
EDU INSD

Unknown

The former dean of law and legal studies was convicted of making threats to students, staff and executives via email.  The former University employee hacked into a colleague's email account and sent threats about identity theft and more to people during 2007.  The former employee claims he was framed after threatening to expose the University's misconduct.  

 
Information Source:
Databreaches.net
records from this breach used in our total: 0

November 20, 2006 Bank of Jena, Experian
Jena, Louisiana
BSF HACK

Unknown

An unauthorized user was able to access Experian consumer information through the Bank of Jena. Names, Social Security numbers, addresses, dates of birth and account numbers could have been accessed. At least 29 New York residents were affected, but the total number of residents affected nationwide was not revealed.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

December 15, 2010 California Department of Public Health
West Covina, California
MED PORT

2,550 (Unknown number of SSNs)

A magnetic tape was lost during shipping between West Covina and Sacremento on or around September 27. The health care facility staff and residents who were determined to have been affected were notified on November 23.  Employee emails, employee background reports, investigative reports, names and diagnosis information on health care facility residents and Social Security numbers for CDPH workers were on the tape. 

 
Information Source:
PHIPrivacy.net
records from this breach used in our total: 0

December 14, 2010 Department of Education Federal Student Aid (FSA) Division
Dolton, Illinois
GOV INSD

Unknown

A former FSA employee repeatedly accessed the National Student Loan Database System (NSLDS) during her employment. The employee searched and viewed confidential student loan records of several hundred people without reason between April of 2006 and May of 2009. The former employee pleaded guilty and is scheduled to be sentenced on February 22 of 2011.

 
Information Source:
Media
records from this breach used in our total: 0

December 1, 2006 First Banks Inc
Louisville, Kentucky
BSF PORT

Unknown

A laptop was stolen from the locked office of an employee during a nighttime burglary on November 20. Loan applications, financial statements and credit reports with client names, addresses and Social Security numbers were on the laptop. At least two New York residents were affected, but the total number of affected clients nationwide was not revealed.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

December 7, 2006 CIGNA HealthCare Corp
Pittsburgh, Pennsylvania
MED INSD

Unknown

A former employee used customer credit card information.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

January 3, 2007 Academic Magnet High School
North Charleston, South Carolina
EDU PORT

500 (No SSNs or financial information reported)

A recent burglary makes it the third time that computers were stolen during campus burglaries. Two other incidents occurred in November. Student information was on the laptop stolen in the recent burglary. School officials felt that risk of identity theft was extremely low because the information was password protected and encrypted.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

January 20, 2007 Greenville South Carolina County School District
Greenville, South Carolina
EDU PHYS

Unknown

Boxes of personnel records were inadvertently left unsecured during renovations. Ten boxes held the names and Social Security numbers of teachers employed by the district between 1972 and 1990. Other boxes contained personnel records through 1998. District officials secured the boxes after receiving an anonymous call about the mistake.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

January 10, 2007 Advent Software Inc.
San Francisco, California
BSR PORT

Unknown

A laptop was stolen from the office on or around November 20. It contained employee Social Security numbers and addresses. Employees were notified in December. At least 21 New Hampshire residents were affected, but the total number of affected individuals nationwide was not revealed.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

January 9, 2007 Mercer Health and Benefits
,
BSF PORT

10,500 (No SSNs or financial information reported)

A laptop computer was stolen from a vehicle.  

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

January 29, 2007 Public Storage Inc.
Glendale, California
BSO HACK

Unknown

Someone gained unauthorized access to electronic company personnel files. The files included Social Security numbers, dates of birth, home addresses and other active employee information.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

January 28, 2007 New York Academy of Medicine
New York, New York
EDU STAT

7,460 (0 complete SSNs)

A computer was stolen during an office burglary in October 28. The last four digits of research participants' Social Security numbers, full names and dates of birth were on a database on the computer. Some participants also had their addresses and laboratory data exposed.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

February 8, 2007 Fresenius Medical Care Holdings Inc., Fresenius Medical Care North America (FMCNA)
Waltham, Massachusetts
MED PORT

10 (No SSNs or financial information reported)

A laptop was stolen from the locked car of an employee on December 13 while it was parked outside of a restaurant. The laptop contained patient names, dates of birth, dates of service and insurance information.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

December 19, 2010 Stony Brook University
Stony Brook, New York
EDU DISC

61,001 (No SSNs or financial information reported)

Student and faculty network and student IDs were posted online on sbuchat.com. A file with all registered student and faculty ID numbers could be downloaded in a PDF or Excel format. A systems engineer undergraduate discovered a flaw in the SOLAR system that allowed him to change students' NetID passwords without knowledge of the original password. The student then accessed the complete list of student and faculty IDs and posted the information.

 
Information Source:
Databreaches.net
records from this breach used in our total: 0

December 17, 2010 Integrated Biometrics Technology (IBT)
Waco, Texas
BSO INSD

Unknown

A former employee who had worked as a live scan operator took thousands of background check applications she had processed and used them to obtain fraudulent credit cards and financial accounts.  The applications were from Fingerprint Applicant Services of Texas (FAST) and used for Texas licensing and certification. The former employee is alleged to have conspired with at least three other people.

 
Information Source:
Databreaches.net
records from this breach used in our total: 0

December 17, 2010 deviantART, Silverpop Systems Inc.
Hollywood, California
BSO HACK

13,000,000 (No SSNs or financial information exposed)

Mirroring the Gawker an McDonald's breaches earlier this month, hackers exposed the email addresses, user names and birth dates of the entire deviantART user database.  Hackers were able to breach deviantART's marketing company Silverpop Systems Inc. Passwords and sensitive information were not exposed, but the breach is expected to increase spam for registered users.

 
Information Source:
Databreaches.net
records from this breach used in our total: 0

December 16, 2010 Azteca
Okeechobee, Florida
BSR INSD

Unknown

A convenience store clerk was indicted on federal conspiracy, wire fraud, credit card fraud and aggravated identity theft charges. He is accused of using a skimmer device to obtain credit card information during normal customer credit card transactions. The stolen information was used to recode gift cards and other credit cards with magnetic strips to create counterfeits. The employee was outed after selling a card to someone who then informed the FBI.

 
Information Source:
Databreaches.net
records from this breach used in our total: 0

December 16, 2010 Wackenhut
Palm Beach Garden, Florida
BSO PORT

Unknown

Hard drives were stolen during shipment between Iraq and the US. The company became aware of the loss on November 29. The hard drives contained former employee full names, Social Security numbers, passport numbers, addresses and dates of birth.

 
Information Source:
Databreaches.net
records from this breach used in our total: 0

Breach Total
864,188,052 RECORDS BREACHED
(Please see explanation about this total.)
from 4,252 DATA BREACHES made public since 2005
Showing 651-700 of 4252 results


X

Sign In!

Loading