Chronology of Data Breaches
Security Breaches 2005 - Present

Posted Date: April 20, 2005
Updated Date: December 31, 2013

Is this your first visit to our Chronology of Data Breaches?

  • Read our FAQ about what we define as a breached record, how we calculate the "total" records breached, our data sources, state breach notice laws, studies and other resources

  • Learn how to use our Chronology and take advantage of its sophisticated search and sort features

  • Get our RSS Feed to see when we add new breaches to the list

What would you like to do?


Click or unclick the boxes then select go.


Select features, then click GO.



Help Guide

Can't find the sort feature you're looking for? Click here to download a CSV file of the data breach list as it exisits today.
Breach Total
815,842,526 RECORDS BREACHED
(Please see explanation about this total.)
from 4,489 DATA BREACHES made public since 2005

Save or Print PDF of Entire Breach List including introduction.Save or Print a PDF of Entire Breach List (including introductory FAQ)

Filter breach list before saving or printing PDF. Conduct a search of the Chronology using its sorting features, and Save or Print a PDF of your search results (Select filters)

If you do not have access to PDF, you can print the Chronology in landscape view.

Date Made Public Name Entity Type
May 18, 2005 Jackson Community College
Jackson, Michigan
EDU HACK

8,000

A hacker may have downloaded the passwords and Social Security numbers of employees and students.  The College sent new, high security passwords to students and employees.

 
Information Source:
Dataloss DB
records from this breach used in our total: 8,000

February 28, 2007 Gulf Coast Medical Center
Tallahassee, Florida
MED PORT

8,000

Patient information including names and Social Security numbers were compromised when a computer went missing in February in Tallahassee, FL. A very similar and previously uncovered breach happened in November of 2006.

 
Information Source:
Dataloss DB
records from this breach used in our total: 8,000

June 18, 2007 Texas A&M University
Corpus Christi, Texas
EDU PORT

8,000

A professor vacationing off the coast of Africa took data with him on a small computer storage device which was lost or stolen. It is thought to contains SSNs and dates of birth for students enrolled in the spring, summer and fall semesters of 2006

 
Information Source:
Dataloss DB
records from this breach used in our total: 8,000

May 16, 2008 Spring Independent School District (Spring, TX)
Spring, Texas
EDU PORT

8,000

A laptop computer containing the personal information of students was stolen from a employee's car. The car burglars made off with her school laptop and an external flash drive. The flash drive contains students' Social Security numbers, personal information, schools those students attend, as well as their grade level and birthdates. The drive also contained the Texas Assessment of Knowledge and Skills test results.

 
Information Source:
Dataloss DB
records from this breach used in our total: 8,000

April 1, 2009 State of Maryland
, Maryland
GOV PHYS

8,000

The names, Social Security numbers and other personal information of about 8,000 state employees could be compromised. The potential problem came to light when a torn and empty envelope from the company that manages the state's health savings account program arrived by U.S. mail. The envelope was missing an invoice that contains confidential information.

 
Information Source:
Dataloss DB
records from this breach used in our total: 8,000

December 8, 2005 Federal Reserve Bank of Dallas
Dallas, Texas
GOV PHYS

8,000

A courier truck dropped canceled personal and business checks on northbound Central Expressway near Woodall Rodgers Freeway around 4 a.m.  The incident closed the freeway exit until 7 a.m.  Employees from the Federal Reserve, the courier company and the Texas Department of Transportation removed many checks, though some disappeared.  Some unaffiliated people also returned checks to the authorities.  A very similar incident happened in August of 2005.

 
Information Source:
Dataloss DB
records from this breach used in our total: 8,000

November 27, 2010 University of Tennessee Medical Center
Knoxville, Tennessee
MED PHYS

8,000

An administrative report that should have been shredded was accidentally thrown in the trash. Reports are usually left in a storage location for 45 days and then discarded properly. The Hospital became aware of the breach on October 4. Anyone looking through the report would find names, Social Security numbers and other patient information.

 
Information Source:
PHIPrivacy.net
records from this breach used in our total: 8,000

December 19, 2007 Vitale, Caturano and Company
Boston, Massachusetts
BSF PORT

8,000

On December 14, an accountant's laptop was stolen from his or her car while it was parked in a garage onsite. A file containing 8,000 to 9,000 names, deferred income account balances and Social Security numbers of members of the International Brotherhood of Electrical Workers Local 103 benefit plan was stored on the laptop.

 
Information Source:
Dataloss DB
records from this breach used in our total: 8,000

April 25, 2012 University of Alabama - Birmingham (UAB)
Birmingham, Alabama
EDU DISC

8,000

Former students with questions may call 1-855-822-8510 or email info-help@uab.edu.

People who were undergraduate students at UAB between 1995 and 2006 may have had their information accessed online.  The information included Social Security numbers and academic records.  It was accidentally made available on a publicly accessible server for an unspecified amount of time.  The breach was discovered on March 27. 

 
Information Source:
Dataloss DB
records from this breach used in our total: 8,000

September 5, 2013 Medical University of South Carolina (MUSC), Dreyer Medical Clinic, Blackhawk Consulting Group
Charleston, South Carolina
MED HACK

10,000 (about 8,000 from MUSC and Dreyer Medical Clinic)

A hacker from outside of the United States accessed customer information from Blackhawk Consulting Group, a credit card processing vendor.  The information included financial information from customers who paid the Medical Univeristy of Southern Carolina with a credit card online or over the phone between June 30 and August 21. No patient information was accessed. Some of Blackhawk Consulting Group's other customers were affected and a total of 10,000 people may have had their information exposed.

UPDATE (09/09/2013): Specifically, names, billing addresses, email addresses, payment card numbers, expiration dates, and CCV2 numbers were exposed by a Blackhhawk Consulting Group hack in August. 

 
Information Source:
Media
records from this breach used in our total: 8,000

October 11, 2013 Hope Family Health
Westmoreland, Tennessee
MED PORT

8,000

The August 4 theft of an unencrypted laptop from an employee's home may have resulted in the exposure of patient information.  Current and former patients may have had their names, Social Security numbers, dates of birth, and billing addresses exposed.  The information came from financial records, patient account information, and billing records dating back to 2005.

 
Information Source:
Media
records from this breach used in our total: 8,000

November 7, 2014 Jessie Trice Community Health Center
Miami, Florida
MED HACK

8,000

Jessie Trice Community Health Center announced a data breach when members of an identity theft ring accessed the personal information of 8,000 patients.

The informaton accessed included names, dates of birth and Social Security Numbers. No medical information was compromised according to the facility.

The FBI and the IRS are currently investigating the breach.

More Information: http://www.clinical-innovation.com/topics/privacy-security/identity-thef...

 
Information Source:
Media
records from this breach used in our total: 8,000

February 2, 2010 P.F. Chang's Bistro
Scottsdale, Arizona
BSR STAT

8,181

According to notification letters from the company: "Password protected electronic equipment belonging to the Company was stolen" on December 19 of 2009.  Some current and former employee information was on the equipment. Employee dates of birth and Social Security numbers may be at risk. Reports state that 73 employees from New Hampshire, 1,823 from Massachusetts, and 3,080 from New York were affected.

UPDATE (8/09/10): Another 3,205 people who are residents of Maryland were affected.

 
Information Source:
Databreaches.net
records from this breach used in our total: 8,181

November 25, 2013 University of California, San Francisco (UCSF)
San Francisco, California
MED PORT

8,294

The September 25 car theft of a physician's laptop may have resulted in the exposure of patient information.  The laptop may or may not have been encrypted and the physician is based in the Division of Gastroenterology at UCSF's School of Medicine. Patient names, Social Security numbers, dates of birth, and medical record numbers were on the laptop.  

 
Information Source:
Media
records from this breach used in our total: 8,294

August 31, 2010 P.K. Yonge
Gainesville, Florida
EDU PORT

8,300

The July 23 theft of a laptop in California resulted in the exposure of current and former student and employee personal information.  The information included Social Security numbers and some driver's license numbers.  The information dates back to 2000.

 
Information Source:
Databreaches.net
records from this breach used in our total: 8,300

December 2, 2010 University of Arizona
Tucson, Arizona
EDU PORT

8,300

An external hard drive was discovered to be missing from a secure records room. It was lost sometime in October or earlier. The hard drive contained former student withdrawal and disciplinary action records. Some Social Security numbers may have also been exposed. The relocation of the records room is one possible cause of the loss.

 
Information Source:
Databreaches.net
records from this breach used in our total: 8,300

December 11, 2012 Pepperdine University
Malibu, California
EDU PORT

8,300

A University laptop was stolen from an employee's locked car.  Pepperdine learned of the theft on November 12, 2012.  The laptop may have contained names, Social Security numbers, addresses, and/or dates of birth.

UPDATE (12/11/2012): As many as 8,300 people may have been affected.  The laptop had been used for work related to the IRS and contained data from as far back as 2008.  About 75 percent of the people affected were students.

 
Information Source:
California Attorney General
records from this breach used in our total: 8,300

January 12, 2010 Suffolk County National Bank
Long Island, New York
BSF HACK

8,373

Hackers have stolen the login credentials for more than 8,300 customers of small New York bank after breaching its security and accessing a server that hosted its online banking system. The intrusion at Suffolk County National Bank happened over a six-day period that started on November 18. It was discovered on December 24 during an internal security review. In all, credentials for 8,378 online accounts were pilfered, a number that represents less than 10 percent of SCNB's total customer base.

 
Information Source:
Dataloss DB
records from this breach used in our total: 8,373

July 24, 2006 New York City Department of Homeless Services
New York, New York
GOV DISC

8,400

The personal information of 8,400 homeless persons, including SSNs, was leaked in an e-mail attachment July 21, when accidentally sent to homeless advocates and city officials.

 
Information Source:
Dataloss DB
records from this breach used in our total: 8,400

June 18, 2010 St. Francis Federal Credit Union
Tulsa, Oklahoma
BSF PORT

8,400

Saint Francis Federal Credit Union has notified 8,400 customers that a backup tape containing customer information was lost.  SFFCU believes the tape was accidentally destroyed and that no member information has been misused as a result of the loss.

 
Information Source:
Databreaches.net
records from this breach used in our total: 8,400

July 24, 2006 Wolters Kluwer
Torrance, California
BSO PORT

8,500

A laptop with Social Security numbers, addresses, and some health plan information for current and former employees was stolen from a docking station at a private office on or around May 29. The laptop may have also included bank account information for 600 employees who had joined the company during 2006. Employees were notified in July.

 
Information Source:
Dataloss DB
records from this breach used in our total: 8,500

October 16, 2012 University of Georgia (UGA)
Athens, Georgia
EDU HACK

8,500

The passwords of two University of Georgia (UGA) IT employees were reset and misused by an intruder.  Names, Social Security numbers, and other sensitive data of current and former school employees may have been exposed. The breach may have begun as early as September 28, 2012.

 
Information Source:
Media
records from this breach used in our total: 8,500

September 19, 2007 University of Michigan School of Nursing
Ann Arbor, Michigan
MED PORT

8,585

Backup tapes containing patient information like Social Security numbers, patient names and addresses were stolen from the School of Nursing two weeks ago.

 
Information Source:
Dataloss DB
records from this breach used in our total: 8,585

June 10, 2010 Durham County Government
Durham, North Carolina
GOV PHYS

8,700

A group of people obtained a list of Durham employees which included Social Security numbers, birth dates, and employment information.  They then used their personal information to commit credit card fraud and identity theft.  Police report that more than 200 employees were victims.

 
Information Source:
Databreaches.net
records from this breach used in our total: 8,700

January 30, 2009 Indiana Department of Administration
Indianapolis, Indiana
GOV DISC

8,775

Social Security numbers of current and former state employees were accidentally posted on a state Web site for about two hours. The Social Security numbers were erroneously included in a contract solicitation file posted on the department's procurement Web site.

 
Information Source:
Dataloss DB
records from this breach used in our total: 8,775

September 20, 2006 City of Savannah, Georgia
Savannah, Georgia
GOV DISC

8,800 individuals whose identities were captured by red-light cameras

(912) 651-6565, http://www.savannahga.gov/security

Because of a hole in the firewall, a City server exposed personal information online for 7 months. Individuals identified by the Red Light Camera Enforcement Program are affected -- name, address, driver's license number, vehicle identification number, and SSNs of those individuals whose driver's license number is still the SSN.

 
Information Source:
Dataloss DB
records from this breach used in our total: 8,800

March 3, 2008 DaVita Inc.
Denver, Colorado
MED PORT

8,800

A laptop containing employee information was stolen from an employee's vehicle.  The information included Social Security numbers and medical insurance information.

 
Information Source:
Dataloss DB
records from this breach used in our total: 8,800

March 14, 2014 Health Source of Ohio
Milford, Ohio
MED PHYS

8,800

Health Source of Ohio reported a breach of patients' personal information when a file containing specific data was accidentally made visible online. According to authorities the file was viewed 47 times.

The file included names, account numbers, addresses, phone numbers, Social Security numbers, birthdates, credit card numbers and limited healthcare information. According to the center not all patients information included financial or Social Security numbers. A specific number was not provided of the 8,800, who may have suffered a breach of their financial information or SSN.

Patients who were affected are advised to contact HSO at 1-800-495-7647

 
Information Source:
Media
records from this breach used in our total: 8,800

April 29, 2011 Omnicare Inc.
Covington, Kentucky
MED PORT

8,845

The location listed is the headquarters.  The breach affected patients in South Carolina.

 

Those with questions may call a representative at 800-949-6337 ext 10622.

The January 19, 2011 theft of a laptop resulted in the exposure of patient information.  The laptop was used by a Consultant Pharmacist who routinely visits nursing homes and rehabilitation facilities in South Carolina to assist physicians in prescribing appropriate medication therapies. Social Security numbers and an undisclosed amount of health information from residents were stored in a database on the laptop.

 
Information Source:
PHIPrivacy.net
records from this breach used in our total: 8,845

February 27, 2010 California Business Bureau Inc., Medical Billing Services
Monrovia, California
MED INSD

8,861

A former employee accessed unencrypted files between December of 2006 and March of 2008. The files contained patient Social Security numbers, names, addresses, and dates of birth.

 
Information Source:
PHIPrivacy.net
records from this breach used in our total: 8,861

March 12, 2005 Las Vegas Department of Motor Vehicles (LV DMV)
Las Vegas, Nevada
GOV STAT

8,900

A computer and holographic laminate materials were stolen from the Donovan office of the DMV in North Las Vegas.

UPDATE. The equipment was recovered on June 1.

 
Information Source:
Dataloss DB
records from this breach used in our total: 8,900

December 10, 2013 Office of Dr. Stephen Imrie
San Jose, California
MED PORT

8,900

Those with questions may call 1-888-407-4736.

The September 23 home burglary of a password-protected laptop and other items may have exposed patient information.  The laptop contained patient first and last names, Social Security numbers, dates of birth, telephone numbers, surgical information, medical history, and other information related to patient records.

 
Information Source:
California Attorney General
records from this breach used in our total: 8,900

January 28, 2013 RR Donnelley, UnitedHealthcare, Boy Scouts of America
Chicago, Illinois
MED STAT

8,911

UnitedHealthcare has established a hotline for those with questions: 1-866-896-4209.

An unencrypted desktop computer was stolen from an RR Donnelley facility sometime between mid September and the end of November, 2012.  RR Donnelley is a vendor of UnitedHealthcare.  It is unclear why the breach was not noticed until December 3, 2012.  The stolen computer contained UnitedHealthcare member information that was related to participation in the Boy Scouts of America 2003 health benefit plan.  Names, Social Security numbers, and addresses may have been exposed.

UPDATE (10/01/2013): A total of 8,911 Boy Scouts of America Employee Benefit Plan participants were notified of the breach.

 
Information Source:
California Attorney General
records from this breach used in our total: 8,911

September 17, 2005 North Fork Bank (now Capital One Bank)
New York, New York
BSF PORT

9,000

A laptop containing mortgage data was stolen from a North Fork Bank office on the weekend of July 24 of 2005.  Personal information included names, addresses, and mortgage account numbers.  Affected customers were contacted and offered one year of free credit monitoring services from Equifax.

 
Information Source:
Dataloss DB
records from this breach used in our total: 9,000

December 4, 2009 Eastern Illinois University
Charleston, Illinois
EDU HACK

9,000

A computer was compromised by a virus. It caused the University’s Office of Admissions server to be infected with a number of viruses, including several that could allow an external person to access the server. The incident was discovered during a routine security check. The investigation later determined the breach extended to two other computers with personal data from student files or applications.

 
Information Source:
Dataloss DB
records from this breach used in our total: 9,000

December 4, 2009 Eastern Illinois University
,
EDU HACK

9,000

A computer was compromised by a virus. That caused the University’s Office of Admissions server to be infected with a number of viruses, including several that could allow an external person to access the server. The incident was discovered during a routine security check. The investigation later determined the breach extended to two other computers with personal data from student files or applications.

 
Information Source:
Dataloss DB
records from this breach used in our total: 9,000

February 25, 2010 Wyoming Department of Health
Cheyenne, Wyoming
GOV DISC

9,000

The personal information of about 9,000 children in the state's children's health insurance program could have been exposed on the Internet. The error resulted in the names, birthdays, Social Security numbers, addresses and phone numbers of Kid Care CHIP participants being accessible on an unsecured Web page for months.

 
Information Source:
Dataloss DB
records from this breach used in our total: 9,000

April 11, 2007 New Horizons Community Credit Union, Protiviti
Denver, Colorado
BSF PORT

9,000

http://www.ncua.gov/news/press_releases/2007/MR07-0411.htm

A laptop computer that contained personal information of members who had loans with the credit union was stolen from Protiviti, a consultant employed by Bellco Credit Union conducting due diligence to prepare a possible acquisition bid.

 
Information Source:
Dataloss DB
records from this breach used in our total: 9,000

March 8, 2010 McNair Eye Center
Heber Springs, Arkansas
MED STAT

9,000

A computer server with patient personal information was stolen.

 
Information Source:
PHIPrivacy.net
records from this breach used in our total: 9,000

May 22, 2008 HealthSpring Inc.
Franklin, Tennessee
MED PORT

9,000

A laptop computer containing personal information of about 450 state residents was stolen. The laptop, believed to contain names, dates of birth and Social Security numbers of about 9,000 individuals, was stolen from a HealthSpring employee's locked car.

 
Information Source:
Dataloss DB
records from this breach used in our total: 9,000

August 13, 2008 Charter Communications
Greenville, South Carolina
BSO PORT

9,000

Computers were stolen from the company's Greenville offices and contained records of more than 9,000 Charter employees nationwide. The information included Social Security numbers, dates of birth and driver's license numbers.

 
Information Source:
Dataloss DB
records from this breach used in our total: 9,000

September 12, 2008 Tennessee State University
Nashville, Tennessee
EDU PORT

9,000

A flash drive containing the financial information and Social Security numbers of students was reported missing. The flash, which contained financial records of TSU students dating back to 2002.

 
Information Source:
Dataloss DB
records from this breach used in our total: 9,000

June 24, 2011 California Department of Public Health (CDPH)
Sacramento, California
GOV PORT

9,000

Additional information can be found at the CDPH's website.  Current and former employees with questions may also call (877) 421-9634.

The workers' compensation information of 9,000 current and former state employees was copied onto a private hard drive without authorization.  The hard drive was removed from the state offices by an employee, but was recovered.  The CDPH security system detected unusual activity on April 5 and the employee responsible was discovered.  The employee was placed on administrative leave until the completion of the investigation.  Most current CDPH and California Department of Health Care Services (DHCS) employees were affected.  an additional 3,000 employees of the former Department of Health Services (DHS) were also affected.  Names, Social Security numbers, addresses, dates of birth, ethnicity, addresses of individuals listed as next of kin of employees and other workers' compensation information was exposed. 

 
Information Source:
Databreaches.net
records from this breach used in our total: 9,000

August 29, 2013 LabMD
Atlanta, Georgia
MED HACK

9,000

An FTC complaint states that a LabMD spreadsheet with insurance billing data of over 9,000 customers was discovered on a public file sharing network. Social Security numbers, insurance information, medical treatment codes, and dates of birth were exposed by the cyber security issue.  Identity thieves were found to have acquired the personal information of at least 500 LabMD customers.

UPDATE (11/15/2013): LabMD disputed the FTC probe and alleged that the government funded the breach to retaliate against LabMD.

 
Information Source:
Media
records from this breach used in our total: 9,000

October 17, 2013 University of Arizona
Tucson, Arizona
EDU HACK

9,080

 A July 29 breach of the University of Arizona's College of Law website allowed intruders to access class rosters and applicant lists.  University of Arizona law students and applicants may have had their names, Social Security numbers, usernames, and passwords exposed. 

 
Information Source:
Media
records from this breach used in our total: 9,080

October 15, 2005 Montclair State University
Montclair, New Jersey
EDU DISC

9,100

Names and Social Security numbers of undergraduates were posted online for nearly four months.  An undergraduate alerted the University after running a Google.com search of his name.  The University warned all students of the problem.

 
Information Source:
Dataloss DB
records from this breach used in our total: 9,100

July 31, 2008 University of Texas, Dallas
Dallas, Texas
EDU HACK

9,100

http://www.utdallas.edu/infosecurity/

A security breach in UTD's computer network may have exposed Social Security numbers along with names, addresses, email addresses or telephone numbers: 4,406 students who were on the Dean's List or graduated between 2000 and 2003; 3,892 students who were contacted to take part in a survey by the Office of Undergraduate Education in 2002; 88 staff members from Facilities Management; 716 faculty and staff members listed in a space inventory record from 2001.

 
Information Source:
Dataloss DB
records from this breach used in our total: 9,100

September 28, 2012 University of Chicago
Chicago, Illinois
EDU DISC

9,100

A postcard mailed to University of Chicago employees contained their Social Security numbers. The cards were mailed on September 24 to remind employees about open enrollment, but also had Social Security numbers printed on the outside.

 
Information Source:
Databreaches.net
records from this breach used in our total: 9,100

January 20, 2006 University of Kansas (Kansas University)
Lawrence, Kansas
EDU DISC

9,200

A computer file with sensitive personal information was accessible to the public.  Students who applied and paid an application fee online between April 29, 2001 and December 16, 2005 had their names, Social Security numbers, birth dates, addresses, phone numbers and credit card numbers exposed.

 
Information Source:
Dataloss DB
records from this breach used in our total: 9,200

September 19, 2006 Life Is Good
Hudson, New Hampshire
BSR HACK

9,250

Hackers accessed the retailer's database which contained customer's credit card numbers. The company said no other personal information was in the database.

 
Information Source:
Dataloss DB
records from this breach used in our total: 9,250

Breach Total
815,842,526 RECORDS BREACHED
(Please see explanation about this total.)
from 4,489 DATA BREACHES made public since 2005
Showing 3701-3750 of 4489 results


X

Sign In!

Loading