Chronology of Data Breaches
Security Breaches 2005 - Present

Posted Date: April 20, 2005
Updated Date: December 31, 2013

Is this your first visit to our Chronology of Data Breaches?

  • Read our FAQ about what we define as a breached record, how we calculate the "total" records breached, our data sources, state breach notice laws, studies and other resources

  • Learn how to use our Chronology and take advantage of its sophisticated search and sort features

  • Get our RSS Feed to see when we add new breaches to the list

What would you like to do?


Click or unclick the boxes then select go.


Select features, then click GO.



Help Guide

Can't find the sort feature you're looking for? Click here to download a CSV file of the data breach list as it exisits today.
Breach Total
815,842,526 RECORDS BREACHED
(Please see explanation about this total.)
from 4,489 DATA BREACHES made public since 2005

Save or Print PDF of Entire Breach List including introduction.Save or Print a PDF of Entire Breach List (including introductory FAQ)

Filter breach list before saving or printing PDF. Conduct a search of the Chronology using its sorting features, and Save or Print a PDF of your search results (Select filters)

If you do not have access to PDF, you can print the Chronology in landscape view.

Date Made Public Name Entity Type
December 1, 2014 Highlands-Cashier Hospital
Highlands, North Carolina
MED DISC

25,000

Highlands-Cashier hospital in North Carolina informed patients of a data breach to their servers that contained patient data. The disclosure of the data was due to an error by one of their third party vendors, TruBridge a subsidiary of Computer Programs and Systems, Inc. when they were contracted to complete some specialized computer services.

A data security screening caught the disclosure on September 29, 2014 that exposed patient information between May 2012 through September 2014.

The information exposed included patient names, addresses, dates of birth, treatment information, diagnosis, helath insurance information and Social Security numbers. All of this information could be accessed via the Internet.

For those who might have been affected you can call 1-888-227-14161-888-227-1416  Monday through Friday between 9:00 a.m and 9:00 p.m Eastern Time.

More Information: http://www.phiprivacy.net/highlands-cashiers-hospital-discovers-patient-...

 

 
Information Source:
PHIPrivacy.net
records from this breach used in our total: 25,000

August 12, 2011 Reznick Group, AssureCare Risk Management Inc, Colonial Healthcare Inc, Gypsum Management and Supply
Plymouth, Minnesota
BSF HACK

25,330

The location listed is that of Assurecare Risk Management Inc.  Though 25,330 Gypsum employees were affected, the total number of individuals affected across companies was not reported.

Reznick's former service provider AssureCare reported a breach of a server that contained Reznick information.  The information from employee benefits plans from 2001 to 2006 could have been accessed by outside parties.  Current and former employees and their spouses may have had their names, Social Security numbers, addresses, dates of birth and medical information exposed.  The server was accessed by external intruders on May 9 and May 10 of 2011.

UPDATE (10/13/2011): Employees enrolled in Gypsum's health and dental care plans were also affected.

 
Information Source:
PHIPrivacy.net
records from this breach used in our total: 25,330

June 22, 2006 U.S. Department of Agriculture (USDA)
Washington, District Of Columbia
GOV HACK

26,000

http://www.firstgov.gov/usdainfo.shtml

During the first week in June, a hacker broke into the Department's computer system and may have obtained names, Social Security numbers and photos of current and former employees and contractors.

 
Information Source:
Dataloss DB
records from this breach used in our total: 26,000

December 8, 2005 J-Sargeant Reynolds Community College
Richmond, Virginia
EDU DISC

26,000

The names, Social Security numbers and addresses of students taking non-credit classes from 2000 to 2003 were posted online for months.  The information was compiled for a mailing list, but an employee posted it on the College's server.  A student informed officials of the mistake after accessing the information online.  The College began the process of removing the information from the web.

 
Information Source:
Dataloss DB
records from this breach used in our total: 26,000

August 9, 2006 Hoffman-La Roche Inc, McCladrey and Pullen LLP
Washington, District Of Columbia
BSR PORT

26,000

A laptop computer belonging to an employee of McCladrey and Pullen LLP was stolen on July 18. McCladrey conducts audits of Roche Savings and Pay Deferral Plan. The laptop included names, Social Security numbers, affiliation with the plan, plan account balance and 2005 plan withdrawal amounts.

 
Information Source:
Dataloss DB
records from this breach used in our total: 26,000

June 25, 2012 Towards Employment
Cleveland, Ohio
NGO PORT

26,000

Those with questions may call 216-297-4470 or go to the Towards Employment website: towardsemployment.org

The May theft of a laptop that contained Towards Employment client data may have exposed personal information.  The laptop was password protected and contained the names, Social Security numbers, and addresses of clients. Towards Employment is altering its policy so that only the last four digits of clients' Social Security numbers are tracked and used.

 
Information Source:
Media
records from this breach used in our total: 26,000

July 21, 2010 Lincoln National Life Insurance
Radnor, Pennsylvania
BSF DISC

26,840

A vendor printed a user name and password for agents and authorized brokers in a brochure.  The brochure was also posted on an agent's public website.  The login information enable access to a website containing medical records and other personal information from individuals seeking life insurance.  Applicant name, Social Security number, address, policy number, driver's license number and credit information is also on the website. 

 
Information Source:
Databreaches.net
records from this breach used in our total: 26,840

July 7, 2005 Michigan State University
East Lansing, Michigan
EDU HACK

27,000

Student information was compromised during an attack on the College of Education server.  The information included Social Security numbers, names, addresses, student courses, and personal identification numbers.  The breach occurred in April and students were emailed in July.

 
Information Source:
Dataloss DB
records from this breach used in our total: 27,000

February 16, 2006 Blue Cross and Blue Shield
Jacksonville, Florida
MED INSD

27,000

A contractor sent names and Social Security numbers of current and former employees, vendors and contractors to his home computer in violation of company policies.  A judge ordered the former computer consultant to reimburse the Jacksonville-based health insurer $580,000 for expenses related to his theft.

 
Information Source:
Dataloss DB
records from this breach used in our total: 27,000

June 29, 2006 AllState Insurance Huntsville branch
Huntsville, Alabama
BSF STAT

27,000

Over Memorial Day weekend, a computer containing personal data including images of insurance policies, correspondence and Social Security numbers was stolen.

 
Information Source:
Dataloss DB
records from this breach used in our total: 27,000

February 4, 2010 Ceridian Corporation
Bloomington, Minnesota
BSF HACK

27,000

A hacker attack at payroll processing firm Ceridian Corp. of Bloomington has potentially revealed the names, Social Security numbers, and, in some cases, the birth dates and bank accounts of 27,000 employees working at 1,900 companies nationwide. In a Jan. 29 letter to an affected worker obtained by the Star Tribune, Ceridian said a hacker attacked its Internet payroll system Dec. 22 and 23.

UPDATE (6/1/2011): The Federal Trade Commission reached a settlement agreement with Ceridian.  According to the FTC, Ceridian did not adequately protect its network from reasonably foreseeable attacks and failed to encrypt the sensitive personal information that was stored on its network.  The settlement requires the company to establish a comprehensive information security program and to undergo 20 years of independent security audits.  Ceridian provides payroll and HR services.

 
Information Source:
Dataloss DB
records from this breach used in our total: 27,000

July 17, 2007 Kingston Technology Co.
Fountain Valley, California
BSO HACK

27,000

A security breach may have compromised the names, addresses and credit card details of online customers. Kingston Technology is a computer memory vendor. The breach may have gone undetected for nearly 2 years.

 
Information Source:
Dataloss DB
records from this breach used in our total: 27,000

August 3, 2009 National Finance Center
Washington, District Of Columbia
GOV DISC

27,000

An employee with the National Finance Center mistakenly sent an Excel spreadsheet containing the employees' personal information to a co-worker via e-mail in an unencrypted form. The names and Social Security numbers of at least 27,000 Commerce Department employees were exposed.

 
Information Source:
Media
records from this breach used in our total: 27,000

April 18, 2014 University Pittsburgh Medical Center
Pittsburgh, Pennsylvania
MED HACK

27000

The University Pittsburgh Medical Center (UPMC) informed employees of a data breach that compromised employee's personal data, including their Social Security number and  the potential for fraudulent tax returns being filed in their name.

The number of employees affected was approximately 800. The full extent of the information exposed has not been communicated, however, due to the tax fraud, information such as names, addresses and Social Security numbers were assumed to be involved.

UPMC was aware of the breach in February and thought that the breach included only 27 individuals, but soon became aware that the breach was much larger. An investigation is currently being conducted.

UPDATE (4/21/2014): The extent of the data breach at UPMC thought to be around 800 employees, is much more extensive than originally believed. The current numbers are around 27,000 employees affected. UPMC is offering Lifelock for 12 months for those affected. A letter went out to those individuals with the information. For additional questions, UPMC has provided a toll free hotline (1-855-306-8274) or email JohnHouston@upmc.edu. A class action lawsuit has been filed against UPMC.

UPDATE (5/14/2014): On Friday May 9, 2014 the law firm of Kraemer, Manes & Associates sued University Pittsburgh Medical Center (UPMC) and Ultimate Software Group of Weston, Fla., over the loss of employee data and subsequent identity thefts. They are seeking class-action status in U.S. District Court, and would represent current and former UPMC employees who have been affected by the breach.

 
Information Source:
Media
records from this breach used in our total: 27,000

July 13, 2012 American Express Travel Related Services Company, Inc. (AXP)
Los Angeles, California
BSF CARD

27,257

A man was arrested in his Los Angeles home for allegedly purchasing and using stolen payment card numbers.  The credit and debit card numbers from American Express, Visa, MasterCard, and Discover were in the man's possession between January 11, 2012 and February 26, 2012.  The payment card numbers came from hacking the computer systems of a restaurant and a restaurant supply business in the Seattle area.  Two people who were associated with the hacking incidents had already been arrested. The man who purchased the payment card numbers is charged with conspiracy to access protected computers to further fraud, to commit access device fraud, and to commit bank fraud; eight counts of bank fraud; six counts of access device fraud; five counts of aggravated identity theft; and two counts of accessing a protected computer without authorization.

UPDATE (07/20/2012): Customer names and payment card expiration dates were also compromised.

 
Information Source:
Databreaches.net
records from this breach used in our total: 27,257

June 23, 2006 U.S. Navy
Washington, District Of Columbia
GOV UNKN

28,000

Navy personnel were notified on June 22 that a civilian website contained files with personal information of Navy members and dependents including names, birth dates and Social Security numbers.

 
Information Source:
Dataloss DB
records from this breach used in our total: 28,000

November 7, 2007 Carolinas Medical Center, NorthEast
Concord, North Carolina
MED PORT

28,000

A paramedic left a computer on the back bumper of an ambulance and then drove away. The laptop contains names, addresses, phone numbers and Social Security numbers of approximately 28,000 people who have been cared for by the Cabarrus County EMS over the last four years.

 
Information Source:
Dataloss DB
records from this breach used in our total: 28,000

March 18, 2009 Walgreens Health Initiative
Deerfield, Illinois
MED DISC

28,000

(866) 292-9063

Names, dates of birth and Social Security numbers of roughly 28,000 state retirees were e-mailed to the Kentucky Retirement Systems without being properly encrypted for security purposes by its pharmacy benefit provider. The e-mail contained dates of birth, Social Security numbers and health insurance claim numbers but not personal health information. The file contained information only on members who were both Medicare-eligible and used the retiree pharmacy benefit through Walgreens in 2007.

 
Information Source:
Dataloss DB
records from this breach used in our total: 28,000

May 18, 2009 NJ Department of Labor and Workforce Development
Trenton, New Jersey
GOV DISC

28,000

Unemployed New Jersey residents may have had their name and Social Security number accidentally delivered to an employer for which you did not work. The error occurred when department staff last month sent first-quarter reports to businesses that included a list of former employees receiving unemployment benefits. Because some companies had laid off a significant number of employees, the reports were longer than usual, requiring staff members to stuff the envelopes by hand rather by machine. Some reports were placed in the wrong envelopes.

 
Information Source:
Dataloss DB
records from this breach used in our total: 28,000

May 30, 2012 American Pharmacist Association (APhA), Pharmacist.com
Washington, District Of Columbia
NGO HACK

28,000

Hackers associated with the group Anonymous posted donations, emails, personal account information, server information, and other information from APhA's online database.  The hackers also claim to have accessed the records of 16,000 patients by hacking the website, but did not post that information. Anonymous claims that the organization was targeted due to its connection to government officials.

UPDATE (6/09/2012): Some names and addresses were also posted.  The data posted included information on over 28,000 visitors, donors, and members.

UPDATE (07/18/2012): The website was defaced on May 28.  APhA immediately noticed and shut down the website and related computer servers.  However, names, addresses, and credit card information (excluding security codes) stored on computer servers may have been accessed between April 23 and May 28.

 
Information Source:
Dataloss DB
records from this breach used in our total: 28,000

April 1, 2008 Okemo Mountain Resort
Ludlow, Vermont
BSO HACK

28,168

(866) 756-5366

The Ludlow ski area announced that its computer network was breached by an intruder who gained access to credit card data including cardholder names, account numbers and expiration dates.

 
Information Source:
Dataloss DB
records from this breach used in our total: 28,168

August 22, 2006 Beaumont Hospital
Troy, Michigan
MED PORT

28,473

A vehicle of a home health care nurse was stolen from outside a senior center Aug. 5. Although it was recovered nearby, a laptop left in the rear of the car was not recovered. It contained names, addresses, SSNs, and insurance information of home health care patients.

UPDATE (8/23/06). The laptop was returned Aug. 23 by a woman who said she found it in her yard.

 
Information Source:
Dataloss DB
records from this breach used in our total: 28,473

June 5, 2007 vFinance Investments Inc.
Boca Raton, Florida
BSF HACK

29,000

A database that contained customer information was accessed through the www.vfinance.com website by an unauthorized person. The goal of the attack seems to have been to deface the website.  

 
Information Source:
Dataloss DB
records from this breach used in our total: 29,000

December 28, 2012 Gibson General Hospital
Princeton, Indiana
MED PORT

29,000

The November 27 theft of a laptop may have resulted in the exposure of patient information.  Names, Social Security numbers, addresses, and clinical information may have been exposed.  Patients who have received services since 2007 may have been affected.

 
Information Source:
PHIPrivacy.net
records from this breach used in our total: 29,000

October 10, 2013 City of Wichita - Electronic Procurement Website
Wichita, Kansas
GOV HACK

29,000

Hackers accessed the city of Wichita's electronic procurement website.  Current and former vendors who had worked with the city and employees who had been reimbursed for expenses  since 1997 were affected.  Social Security numbers, taxpayer ID numbers, and bank account information may have been exposed.

UPDATE (11/22/2013): This breach was a result of the Dun & Bradstreet Credibility Corp. breach.  Nearly 29,000 local vendors and employers were affected by the hacking incident that occurred during the weekend of October 5.

 
Information Source:
Media
records from this breach used in our total: 29,000

February 6, 2009 Kaiser Permanente
Oakland, California
MED INSD

29,500

(877) 281-3573

A law enforcement agency seized a computer file with Kaiser data from a person who was subsequently arrested. The suspect was not a Kaiser employee. Kaiser Permanente is notifying nearly 30,000 Northern California employees that the security breach may have led to the release of their personal information. The stolen information included names, addresses, dates of birth and Social Security numbers for Kaiser employees.

UPDATE (9/28/2011): A former benefits clerk from Service Employees International Union-affiliated United Healthcare Workers West (SEIU-UHW) was sentenced to 12 years and four months in prison for stealing Kaiser union employee information.

 
Information Source:
Databreaches.net
records from this breach used in our total: 29,500

April 22, 2014 Iowa State University
Ames, Iowa
EDU HACK

29,780

Iowa State University has reported a data breach of one of their systems that exposed a large amount of data of individuals who were enrolled in the university over the past 17-year period.

Social Security numbers of approximately 30,000 people who enrolled in certain classes between 1995 and 2012 along with university ID numbers for nearly 19,000 additional people. Authorities believe that the person or persons motivation was apparently to generate enough computing power to create the virtual currency bitcoin.

The university is offering AllClear ID for 12 months free for those whose Social Security numbers were affected. AllClear representatives can be reached at 1-877-403-02811-877-403-0281.

Here is the link to the universities information regarding the breach http://www.news.iastate.edu/news/2014/04/22/serverbreach

For those who suspect fraud or question whether a request you receive is legitimate, please contact the ISU Foundation at 515-294-4607515-294-4607, the ISU Alumni Association at 515-294-6525515-294-6525, or Iowa State’s computer security team at serverbreach@iastate.edu.

 
Information Source:
Media
records from this breach used in our total: 29,780

January 24, 2008 Fallon Community Health Plan
Worcester, Massachusetts
MED PORT

29800

A vendor computer containing personal information on patients of Fallon Community Health Plan has been stolen. The data included names, dates of birth, some diagnostic information and medical ID numbers. Some of which may be based on Social Security numbers.

 
Information Source:
Dataloss DB
records from this breach used in our total: 29,800

May 18, 2005 University of Iowa
Iowa City, Iowa
EDU HACK

30,000

A computer containing credit card numbers and campus ID numbers for University Book Store customers was breached by a hacker.

 
Information Source:
Dataloss DB
records from this breach used in our total: 30,000

December 23, 2009 Penn State University
University Park, Pennsylvania
EDU HACK

30,000

The University sent out letters notifying those potentially affected by malware infections, which are believed responsible for breaches. The areas and extent of the records involved in the malicious software attack included Eberly College of Science, 7,758 records; the College of Health and Human Development, 6,827 records; and one of Penn State's campuses outside of University Park, approximately 15,000 records.

 
Information Source:
Dataloss DB
records from this breach used in our total: 30,000

June 16, 2006 Union Pacific
Omaha, Nebraska
BSO PORT

30,000

On April 29th, an employee's laptop was stolen that contained data for current and former Union Pacific employees, including names, birth dates and Social Security numbers.

 
Information Source:
Dataloss DB
records from this breach used in our total: 30,000

January 13, 2007 North Carolina Department of Revenue
Raleigh, North Carolina
GOV PORT

30,000 taxpayers

A laptop computer containing taxpayer data was stolen from the car of a NC Dept. of Revenue employee in mid-December. The files included names, SSNs or federal employer ID numbers , and tax debt owed to the state.

 
Information Source:
Dataloss DB
records from this breach used in our total: 30,000

August 15, 2007 Sky Lakes Medical Center, Verus Inc.
Klamath Falls, Oregon
MED DISC

30,000

The company that maintained the hospital's online bill payment system, transferred patient information from one server to another to perform maintenance but didn't take security measures, leaving information such as names, addresses and Social Security numbers exposed.

 
Information Source:
Dataloss DB
records from this breach used in our total: 30,000

February 12, 2008 Long Island University
Brookville, New York
EDU PHYS

30,000

Students tax forms mailed to them last week in were in defective mailers. The mailers containing each student's annual 1098-T Tuition Statement were supposed to have adhesive on all four sides. But one side of each envelope was missing adhesive. The statement contains the student's name, address and Social Security number.

 
Information Source:
Dataloss DB
records from this breach used in our total: 30,000

March 20, 2008 Pennsylvania Department of State
Harrisburg, Pennsylvania
GOV DISC

30,000

The state was forced to pull the plug on a voter registration Web site after it was found to be exposing sensitive data about voters. Because of a Web programming error, the Web site was allowing anyone on the Internet to view data such as the voter's name, date of birth, driver's license number, and political party affiliation. On some forms, the last four digits of Social Security numbers could also be seen.

 
Information Source:
Media
records from this breach used in our total: 30,000

July 16, 2009 Moores Cancer Center
San Diego, California
MED HACK

30,000

A hacker breached the Center's computers and gained access to patients' personal information.  A letter was sent to 30,000 patients informing them that their personal information may have been in the compromised databases.  Types of information in breach included names, dates of birth, medical record number, diagnosis and treatment dates and some Social Security numbers.  The majority of patients' information did not include Social Security numbers.

 
Information Source:
Dataloss DB
records from this breach used in our total: 30,000

October 27, 2010 Houston Independent School District (HISD)
Houston, Texas
EDU HACK

232,000 (30,000 employees)

The HISD may have experienced a hacking incident over the weekend of October 24.  Employees and students were unable to access the Internet, online classes and email until late Tuesday afternoon.  Payroll information of workers and academic information of students may have been compromised along with other personal information.

UPDATE (12/2/10): HISD announced an overhaul of the computer system following the breach. Private employee, vendor and student data dating back 10 years could have been accessed by the hacker. Investigators have determined that the private data of one HISD student was viewed by the hacker.  The investigation is ongoing.

 
Information Source:
Databreaches.net
records from this breach used in our total: 30,000

September 22, 2005 Internal Revenue Service (IRS)
San Francisco, California
GOV PHYS

30,000

Taxpayers in Alaska, Arizona, California, Hawaii, Idaho, Montana, Nevada, Ohio, Oregon, Utah, Virginia, Washington and Wyoming may have been affected.

A truck carrying checks with tax information for the self-employed was involved in an accident on the San Mateo Bridge. Wind blew about 30,000 pieces of mail into the bay and beyond. The IRS agreed to waive penalties and interest for anyone whose payment was affected.

 
Information Source:
Dataloss DB
records from this breach used in our total: 30,000

October 29, 2006 New York University
New York, New York
EDU PORT

30,000

Backup CDs from the Continuing Medical Education program at NYU Medical Center were lost or stolen.  Names, Social Security numbers, addresses, telephone and fax numbers, student ID numbers, debit or credit card information and degree information for students participating in the program between 1999 and the discovery of the loss may have been exposed.

 
Information Source:
Dataloss DB
records from this breach used in our total: 30,000

March 19, 2012 Kaiser Foundation Health Plan
Oakland, California
MED DISC

30,000

Someone purchased a hard drive in September of 2011 and immediately notified law enforcement that it contained confidential information.  The external hard drive did not come from a Kaiser Permanente office.  It contained employee data that was as recent as 2009.  Current and former employees may have had their names, Social Security numbers, dates of birth, and addresses exposed. There is no evidence that the information from the hard drive was used for illegal purposes as of March of 2012.

UPDATE (3/22/2012): The external hard drive was purchased at a thrift store.  Phone numbers, pay stubs, COBRA Error, Trust Fund Paid Hours, or Fidelity Savings Plan Deduction reports may have also been on the hard drive.

UPDATE (4/16/2012): At least one source lists the total number of affected current and former employees as 30,000.

UPDATE (2/4/2014): Attorney General Kamala Harris has agreed to drop a data breach lawsuit against the Oakland based managed care provider, Kaiser, if they agreed to a $150,000 fine paid to the state and improved their information handling practices.

Originally the suite contended that the health care provider violated the three-month notification law. Kaiser learned of the violation in December 2011 but did not send letters to 20,539 affected Californians until mid-March 2012. The law requires data-holders disclose any breach "in the most expedient time possible and without unreasonable delay".

 

 
Information Source:
California Attorney General
records from this breach used in our total: 30,000

March 16, 2012 University of Tampa
Tampa, Florida
EDU DISC

30,000

A server management error caused files containing sensitive information to be made publicly accessible between July of 2011 and the breach's discovery on March 13, 2012.  A classroom exercise revealed that the information was compromised and the University of Tampa's IT office was immediately informed of the discovery.  The University of Tampa then notified Google and asked that the cached file be removed from the search engine.

One file included 6,818 records of students who attended in Fall of 2011.  Two other files contained the information of an additional 29,540 people and included University ID numbers, names, Social Security numbers, and photos.  Some people also had their dates of birth exposed.The IT office at the University of Tampa concluded that the files had only been accessed by the people who reported the breach.

UPDATE (3/22/2012): Additionally, 22,722 current and former faculty, staff, and students who were associated with the University between January 29, 2000 and July 11, 2011 may have had their information exposed. The IT office confirmed that these files had only been accessed by University insiders as well. The University will not cover the cost of credit monitoring services for those who were affected.

 
Information Source:
Databreaches.net
records from this breach used in our total: 30,000

February 6, 2014 The Home Depot
Atlanta, Georgia
BSR INSD

30000

Three Home Depot employees were arrested for allegedly stealing personal information of some 300 employees, and were initially detected last fall and those employees whose files were notified of the breach. One of the three employees was caught using her Home Depot email to send the stolen information.

Security investigators fear that this breach may have affected as manay as 20,000 individuals. Information stolen included Social Security numbers and birthdates. Allegedly the employees opened numerous fraudlent accounts with the stolen personal information.

UPDATE (5/30/2014): Originally it was reported that up to 20,000 individuals may have been affected by this security breach. The number has now been increased to 30,000 individuals may have been affected. The first report that came out reported three Home Depot employees were involved, but according to the disclosure document sent on behalf of The Home Depot Corporation, one individual was arrested and The Home Depot will seek prosecution of the individual to the fullest extent of the law.

 
Information Source:
Media
records from this breach used in our total: 30,000

March 23, 2007 Group Health Cooperative Health Care System
Seattle, Washington
MED PORT

31,000

http://www.ghc.org/news/news.jhtml?reposid=/common/news/news/20070323-missing_laptops.html

Two laptops containing names, addresses, Social Security numbers and Group Health ID numbers of local patients and employees have been reported missing.

 
Information Source:
Dataloss DB
records from this breach used in our total: 31,000

September 22, 2009 Sagebrush Medical Plaza/Kern Medical Center
Bakersfield, California
MED PHYS

31,000

Thousands of patients at a Kern County health clinic have been warned their personal information could have been stolen. A break-in happened at the Sagebrush Medical Plaza in July, and Kern Medical Center officials have notified 31,000 patients to take precautions against possible identity theft. One or more unknown individuals broke into a locked storage area that contained confidential patient information. All patient information has now been moved to a location inside the clinic building.

 
Information Source:
Dataloss DB
records from this breach used in our total: 31,000

March 4, 2011 University of South Carolina
Sumter, South Carolina
EDU HACK

31,000

A computer security problem may have exposed the information of faculty, staff, retirees and students on eight University system campuses. Social Security numbers and other private information could end up on the internet.

 
Information Source:
Databreaches.net
records from this breach used in our total: 31,000

July 31, 2005 California State Polytechnic University (Cal PolyPomona)
Pomona, California
EDU HACK

31,077

Hackers gained access to two computers containing names, Social Security numbers and transfer records.  Applicants, current students, current and former faculty, and staff were affected.

 
Information Source:
Dataloss DB
records from this breach used in our total: 31,077

May 13, 2011 Anthem Blue Cross
Westlake Village, California
BSF DISC

31,125

Letters soliciting dental and vision coverage were mailed to current Anthem customers.  A priority code composed of the customer's Social Security number and two extra digits was printed on the outside of each envelope.  One customer noticed the error and contacted the media.  Anthem admits that an error occurred, but did not reveal the cause. Anthem is working to prevent this type of breach from happening again and was in the process of notifying customers of the error as of May 12. 

UPDATE (10/01/2012): Anthem experienced the marketing mailer error on April 27, 2011.  The State of California settled with Anthem in September of 2012. Anthem agreed to pay $150,000 and to make significant improvements to its data security procedures to prevent future errors of a similar type..

 
Information Source:
PHIPrivacy.net
records from this breach used in our total: 31,125

February 8, 2007 District Council 37 Health and Security Plan of New York City
New York, New York
GOV PORT

31,500

A CD containing prescription drug data was discovered missing from the organization's files.  People who had their prescription drugs filled through DC 37's prescription drug benefits plan may have had their names and Social Security numbers exposed.  Prescription information from between February 13 and February 22 of 2006 (the previous year) was also exposed.

 
Information Source:
Dataloss DB
records from this breach used in our total: 31,500

October 13, 2011 The Social Security Administration
Washington, District Of Columbia
GOV DISC

31,931

It appears that the Social Security Administration accidentally releases the names, Social Security numbers, and birth dates of thousands of living U.S. citizens each year in a database called the "Death Master File".  Social Security officials revealed that the number of U.S. citizens mistakenly listed each year is about 14,000, while 90 million are accurately reported.  A Scripps Howard News Service review of three recent copies revealed 31,931 living U.S. citizens who'd had their Social Security numbers released to U.S. business groups.

 
Information Source:
Databreaches.net
records from this breach used in our total: 31,931

January 10, 2005 George Mason University
Fairfax, Virginia
EDU HACK

32,000

Names, photos, and Social Security numbers of 32,000 students and staff were compromised because of a hacker attack on the University's main ID server.

 
Information Source:
Dataloss DB
records from this breach used in our total: 32,000

Breach Total
815,842,526 RECORDS BREACHED
(Please see explanation about this total.)
from 4,489 DATA BREACHES made public since 2005
Showing 4001-4050 of 4489 results


X

Sign In!

Loading