Chronology of Data Breaches
Security Breaches 2005 - Present

Posted Date: April 20, 2005
Updated Date: December 31, 2013

Is this your first visit to our Chronology of Data Breaches?

  • Read our FAQ about what we define as a breached record, how we calculate the "total" records breached, our data sources, state breach notice laws, studies and other resources

  • Learn how to use our Chronology and take advantage of its sophisticated search and sort features

  • Get our RSS Feed to see when we add new breaches to the list

What would you like to do?


Click or unclick the boxes then select go.


Select features, then click GO.



Help Guide

Can't find the sort feature you're looking for? Click here to download a CSV file of the data breach list as it exisits today.
Breach Total
815,842,526 RECORDS BREACHED
(Please see explanation about this total.)
from 4,495 DATA BREACHES made public since 2005

Save or Print PDF of Entire Breach List including introduction.Save or Print a PDF of Entire Breach List (including introductory FAQ)

Filter breach list before saving or printing PDF. Conduct a search of the Chronology using its sorting features, and Save or Print a PDF of your search results (Select filters)

If you do not have access to PDF, you can print the Chronology in landscape view.

Date Made Public Name Entity Type
July 14, 2010 VHS Genesis Lab
Berwyn, Illinois
MED PHYS

500 (No SSNs or financial information involved)

Over 500 client invoices went missing. It does not appear that the month's worth of invoices were mailed. They contained health information such as names, dates of birth, and medical testing information.

 
Information Source:
PHIPrivacy.net
records from this breach used in our total: 0

July 14, 2010 University of Pittsburgh Student Health Services
Pittsburgh, Pennsylvania
EDU INSD

8,000 (Not included because no specific type of financial information stated)

An employee dishonestly took documents containing names and financial information. The employee was fired.

 
Information Source:
PHIPrivacy.net
records from this breach used in our total: 0

July 14, 2010 Tomah Memorial Hospital
Tomah, Wisconsin
MED INSD

600

A nurse used patient names and account numbers to illegally obtain narcotics. The nurse was fired.

 
Information Source:
PHIPrivacy.net
records from this breach used in our total: 0

June 29, 2010 Ridgefield High School
Ridgefield, Connecticut
EDU HACK

Unknown (the students of a few teachers)

Two students were arrested for hacking into their school's computer system. Their goal appears to be changing their own grades; but they had access to the grades and personal information of other students.

 
Information Source:
Databreaches.net
records from this breach used in our total: 0

July 20, 2010 Long Island Consultation Center (LICC)
Rego Park, New York
MED PORT

800 (0 reports of SSNs or financial information)

A computer device containing doctor reports was reported missing from a secured area at LICC on May 24th. Names, dates of birth, diagnostic information and treatment information of some patients may have been included on the device.

 
Information Source:
PHIPrivacy.net
records from this breach used in our total: 0

July 1, 2010 NYU Langone Medical Center Hospital for Joint Diseases
New York, New York
MED PORT

2,563 (no SSNs or financial information reported)

An unencrypted portable USB was lost or stolen sometime around May 12th. It contained patient names, medical record numbers, sex, age, procedure, attending physician, time of arrival in recovery room and time of discharge from recovery room.

 
Information Source:
PHIPrivacy.net
records from this breach used in our total: 0

July 20, 2010 South Shore Hospital, Active Data Solutions
South Weymouth, Massachusetts
MED PORT

800,000 (unknown number of SSNs and financial information)

South Shore's statement can be found here:http://www.southshorehospital.org/news/notice/news_statement.htm

Computer files containing personal, health and financial information of volunteers, patients, vendors, business partners and employees from January 1996 through January 2010 may have been lost by a professional data management company. Depending on the person's association with the hospital, the information exposed could be full name, address, phone number, date of birth, Social Security number, driver's license number, medical record number, patient number, bank account information, credit card number, diagnoses and treatment.

UPDATE (9/10/10): Archive Data Solutions (formerly Iron Mountain Data Products) was revealed to be the company responsible for disposing of South Shore Hospital's records. Archive Data Solutions subcontracted the process to Graham Magnetics, who then lost the tapes in shipping.  The tapes may have also had patient information from Harbor Medical Associates and patient and vendor information from South Shore Physician Hospital Organization.

After investigating the incident the hospital decided not to mail notices or offer credit monitoring and identity theft services to those who may have been affected by the loss.  It was determined that the risk of the data being accessed was extremely low and that notifications inside the hospital, on websites, via email and in newspapers would be enough.  In addition, the Attorney General's office of Massachusetts has spoken out against the hospital's decision to skip precautions.

UPDATE (5/24/2012): South Shore Hospital will pay $750,000 to settle HIPAA violation and state law charges.  The breach involved the loss of two of three boxes containing 473 unencrypted back-up computer tapes with sensitive information sometime between February 2010 and June of 2010.  A total of $250,000 in civil penalty fines and a payment of $225,000 for an education fund to be used by the Attorney General's Office to promote education concerning the protection of personal information and protected health information was determined. South Shore Hospital was given a credit of $275,000 to reflect the cost of security measures it had already taken subsequent to the breach.

 
Information Source:
PHIPrivacy.net
records from this breach used in our total: 0

July 19, 2010 LV Financial Services
Orlando, Florida
BSF PHYS

Unknown

Dozens of boxes of files from medical offices that hired LV to collect unpaid bills were found in an Orlando public dumpster. The files contained names, addresses, Social Security numbers, driver's license copies and credit reports. The collection agency went out of business in 2005 and the location of the files prior to this incident is unknown.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

July 22, 2010 Colorado Department of Health Care Policy and Financing
Denver, Colorado
GOV PORT

105,470 (0 SSNs and financial information reported)

A hard drive containing personal information for clients enrolled in state-provided health insurance was stolen from the Colorado Office of Information Technology. The information included names, state ID number and the name of the client's program. The Agency is certain that contact information, financial information and Social Security numbers were not involved.

 
Information Source:
Databreaches.net
records from this breach used in our total: 0

July 23, 2010 University of California San Francisco (UCSF) Medical Center
San Francisco, California
EDU INSD

Unknown

A former employee used the Social Security numbers of his colleagues to obtain vouchers for Amazon.com purchases. He secretly used the Social Security numbers to create hundreds of accounts and complete 382 online StayWell health surveys in exchange for $100 online vouchers.

UPDATE (10/28/10): The former employee pled guilty to wire fraud and improper use of Social Security numbers.  He was sentenced to 12 one year and one day in prison. 

 
Information Source:
Databreaches.net
records from this breach used in our total: 0

July 26, 2010 Natchez Police Department
Natchez, Mississippi
GOV INSD

Unknown

A police officer with the Natchez department fraudulently used and encouraged others to use stolen credit and debit cards.

 
Information Source:
Databreaches.net
records from this breach used in our total: 0

July 27, 2010 Rite Aid Corporation
Camp Hill, Pennsylvania
BSR PHYS

Unknown

Etters, PA is also mentioned as Rite Aid's headquarters

Rite Aid paid one million dollars to settle HIPAA privacy violations. Rite Aid also agreed to update corporate policies and procedures so that patient medical information would be properly disposed, employees would be properly trained in disposal of patient information, and employees would be held accountable if they did not dispose of patient information properly.

 
Information Source:
PHIPrivacy.net
records from this breach used in our total: 0

July 28, 2010 Time Warner Cable
New York, New York
BSR INSD

Unknown

A former employee was convicted of installing spyware on three company computers. The employee intended to capture the passwords of users who had access to a customer database and a billing system.

 
Information Source:
Databreaches.net
records from this breach used in our total: 0

July 27, 2010 Cooper University Hospital
Camden, New Jersey
MED PORT

Unknown

A flash drive with the personal information of graduate medical residents and fellows was reported missing on July 23.  The personal information included Social Security numbers, dates of birth, race, gender, addresses, phone numbers, marital status, emergency contacts and more. Students enrolled between 2008 and 2010 and current members of staff were affected.

 
Information Source:
Databreaches.net
records from this breach used in our total: 0

July 27, 2010 Citigroup Inc.
New York, New York
BSR DISC

117,600 (No incidents reported)

Citigroup's mobile banking application for Apple's iphone has a security flaw that saves user account numbers, bill payments and security access codes into a hidden file on the iphone and the user's computer.  An upgrade that will fix the problem is available.

 
Information Source:
Media
records from this breach used in our total: 0

July 29, 2010 University of Virginia
Charlottesville, Virginia
EDU PORT

Unknown

A transient was ordered to spend time in a men's diversion program after pleading guilty to stealing credit cards and electronics. One of the laptops he stole was a University-owned laptop. The man served 12 months in jail before being sentenced and slept in his car and in the University library during the time of the thefts.

 
Information Source:
Databreaches.net
records from this breach used in our total: 0

July 30, 2010 Texas Children's Hospital and Baylor College of Medicine
Houston, Texas
NGO PORT

694 (No SSNs or financial information reported)

A physician's laptop was stolen from an office on May 13th.  The laptop contained personal information on cardiology patients.  Affected persons were notified that their names, dates of service, medical record numbers, diagnoses and dates of birth were on the password-protected laptop.

UPDATE (9/2/10): Only 694 patients were affected.  The original notice on the website stated that 1600 patients were at risk.

 
Information Source:
PHIPrivacy.net
records from this breach used in our total: 0

July 31, 2010 The Center for Neurosciences
Tucson, Arizona
MED PORT

1,101 (No reports of SSNs or financial information)

A visitor stole a laptop from an electromyogram and nerve conduction studies exam room on December 15, 2009.  The computer contained names, dates of birth, referring physicians and reasons for neurophysiological tests.

 
Information Source:
PHIPrivacy.net
records from this breach used in our total: 0

March 23, 2010 Montefiore Medical Center
Bronx, New York
MED PORT

625 (Unknown number of SSNs and financial accounts)

A laptop containing private health information was stolen on February 20th.

 
Information Source:
PHIPrivacy.net
records from this breach used in our total: 0

August 1, 2010 Guttenberg Housing Authority
Guttenberg, New Jersey
GOV HACK

Unknown

An unauthorized individual may have accessed sensitive information on housing applicants and residents in late December 2009. The information may have included Social Security numbers, names and other personal identifying information.

 
Information Source:
Databreaches.net
records from this breach used in our total: 0

August 12, 2010 Tino's Greek Cafe
Austin, Texas
BSR CARD

Unknown

Thieves collected debit and credit card information from customers of Tino's.

 
Information Source:
Databreaches.net
records from this breach used in our total: 0

August 9, 2010 Cathedral Square Corporation
South Burlington, Vermont
NGO HACK

Unknown

Residents of CSC may have had their names, bank account numbers and routing numbers exposed if they paid their rent electronically. Staff Health Savings Account information may have also been accessed.

 
Information Source:
Databreaches.net
records from this breach used in our total: 0

August 9, 2010 Ameritas Investment Corp.
Madison, Wisconsin
BSF PORT

Unknown

On January 27, a backup tape was stolen when the office was burglarized. The backup tape contained names, addresses, Social Security numbers, dates of birth and policy numbers of clients.

 
Information Source:
Databreaches.net
records from this breach used in our total: 0

August 9, 2010 Paraco Gas
Rye Brook, New York
BSR STAT

Unknown

On March 16, a computer containing personal information was stolen.  The information included names, Social Security numbers, addresses, dates of birth and bank account numbers.

 
Information Source:
Databreaches.net
records from this breach used in our total: 0

August 13, 2010 Montana Mikes
Clinton, Oklahoma
BSR HACK

Unknown

Software that gathers credit card information was remotely installed on the Restaurant's computer system. The problem was fixed.

 
Information Source:
Databreaches.net
records from this breach used in our total: 0

August 10, 2010 Metropolitan Life Insurance Company (MetLife)
New York, New York
BSF INSD

Unknown

MetLife wrote "On January 5, 2010, we learned that one of our employees was sharing individual disability insurance applications with an unauthorized individual. We believe that the shared documents contained sensitive information including name, address, Social Security number, driver's license number, checking account information, and date of birth."

 
Information Source:
Databreaches.net
records from this breach used in our total: 0

August 10, 2010 Baltimore Chesapeake Bay Outward Bound Center
Baltimore, Maryland
NGO STAT

Unknown

After the theft of two office computers it was discovered that a file cabinet with employment documents was unlocked. The documents included names, Social Security numbers, addresses and bank account numbers. The robbery occurred sometime around February 1.

 
Information Source:
Databreaches.net
records from this breach used in our total: 0

August 10, 2010 Select Portfolio Servicing (SPS)
Salt Lake City, Utah
BSF DISC

Unknown

Unencrypted SPS client data was sent to a server. Files of client 1099A and 1099C forms were exposed from January to February.

 
Information Source:
Databreaches.net
records from this breach used in our total: 0

August 17, 2010 Spring Mill Partners
Conshohocken, Pennsylvania
BSF PORT

Unknown

Laptops with client information were stolen during a February office burglary.

 
Information Source:
Databreaches.net
records from this breach used in our total: 0

August 11, 2010 Thomson Reuters
New York, New York
BSO INSD

Unknown

Police found Thomson CompuMark customer information in the home of a former employee. The information included names, addresses and credit card information. The employee processed customer payments between May and December of 2009.

 
Information Source:
Databreaches.net
records from this breach used in our total: 0

August 11, 2010 NBC Universal
New York, New York
BSO PORT

Unknown

A laptop containing names, Social Security numbers and other personal information of current and former employees was stolen on February 4, and recovered on February 24.

 
Information Source:
Databreaches.net
records from this breach used in our total: 0

April 16, 2010 General Motors
Detroit, Michigan
BSR DISC

Unknown

An electronic file containing Social Security numbers, names and email addresses was accidentally sent.

 
Information Source:
Databreaches.net
records from this breach used in our total: 0

April 16, 2010 American Sales Company, Ahold USA
Buffalo, New York
BSR PORT

Unknown

A service provider lost an unencrypted DVD with employee names and Social Security numbers.

 
Information Source:
Databreaches.net
records from this breach used in our total: 0

November 24, 2009 Farmers Insurance
Nashville, Tennessee
BSF HACK

Unknown

A former insurance agent noticed that it was possible to extract client information from the website. The information included insurance policies, Social Security numbers, names and addresses. The former agent's home was searched by police when it was discovered that client information had been hacked.

 
Information Source:
Databreaches.net
records from this breach used in our total: 0

July 30, 2010 New York Urology Associates
Cheektowaga, New York
MED PHYS

Unknown

Someone reported that medical papers were blowing around a parking lot. The documents had Social Security numbers, addresses, and names.

 
Information Source:
NAID
records from this breach used in our total: 0

August 18, 2010 Beauty Dental, Inc.
Chicago, Illinois
MED PHYS

657 (No reports of SSNs or financial information)

The paper records of some individuals were lost or stolen on June 5.

 
Information Source:
HHS via PHIPrivacy.net
records from this breach used in our total: 0

August 18, 2010 Humana Inc, Matrix Imaging
Louisville, Kentucky
BSF PHYS

2,631 (No SSNs or financial information reported)

The location is listed as Humana's headquarters.

Paper records involving information from business associate Matrix Imaging were lost or stolen on June 25.

 
Information Source:
HHS via PHIPrivacy.net
records from this breach used in our total: 0

August 16, 2010 Private Dental Practice
Tacoma, Washington
MED STAT

Unknown

Around July 16, an office break in resulted in the loss of a computer with patient names, addresses, internal account numbers, telephone numbers, Social Security numbers and dates of birth.

 
Information Source:
PHIPrivacy.net
records from this breach used in our total: 0

May 1, 2009 Littleton Regional Hospital
Littleton, New Hampshire
MED INSD

Unknown

A patient complaint in March of 2009 resulted in the firing of an employee. An audit revealed that the employee inappropriately accessed patient records for unknown reasons at least three times between 2008 and May of 2009. The records contained names, contact information, dates of birth, insurance information and other health information.

UPDATE (8/10/10): Another employee was fired for a similar unauthorized access incident during May of 2010.

 
Information Source:
PHIPrivacy.net
records from this breach used in our total: 0

August 10, 2010 DC Chartered Health Plan
Washington, District Of Columbia
MED PORT

540 (No SSNs or financial information reported)

The May 26 theft of a laptop resulted in the exposure of private health information of 540 people.

 
Information Source:
HHS via PHIPrivacy.net
records from this breach used in our total: 0

August 17, 2010 American Fidelity Assurance Company
Edmond, Oklahoma
BSF PHYS

Unknown

The boxes were found in Edmond, Oklahoma and had the information of some Tulsa, Oklahoma residents as well.

Storage containers with Social Security numbers, names, dates of birth and other information were left on a curb in Edmond, Oklahoma. A couple went to the local news after having stored the hundreds of documents for a few years. The insurance papers are from 2003 and 2004 and have information on employees of multiple companies.

 
Information Source:
Databreaches.net
records from this breach used in our total: 0

August 16, 2010 Centric Software
Campbell, California
BSR PORT

Unknown

A laptop theft resulted in the exposure of employee names, Social Security numbers and possibly contact information and dates of birth.  The laptop was stolen frrom an employee's car on July 23.

 
Information Source:
Databreaches.net
records from this breach used in our total: 0

September 3, 2010 University of Rochester Medical Center (URMC)
Rochester, New York
MED PORT

837 (0 reports of SSNs or financial information)

The loss of a USB device may have exposed current and former patient health information and dates of birth. Patients of a single surgeon were affected.

 
Information Source:
PHIPrivacy.net
records from this breach used in our total: 0

August 26, 2010 HMS Host
Cleveland, Ohio
BSR INSD

Unknown

This appears to affect people seeking employment with the Starbucks in Cleveland Hopkins International Airport prior to 2009.

A woman was charged with misusing applicant information to open more than 65 credit cards under different names. The woman made over $115,000 in fraudulent charges between February of 2006 and November of 2008.

 
Information Source:
Databreaches.net
records from this breach used in our total: 0

September 2, 2010 Chattanooga Family Practice Associates
Chattanooga, Tennessee
MED PORT

1,711 (No SSNs or financial information reported)

A missing portable device had the names, dates of birth and purposes of visits for a limited number of patients.

 
Information Source:
HHS via PHIPrivacy.net
records from this breach used in our total: 0

September 1, 2010 Jason's Deli
Memphis, Tennessee
BSR HACK

Unknown

Hundreds of customers may have been affected after using their credit or debit cards at the restaurant. The computer server was infected with a new virus.

 
Information Source:
Databreaches.net
records from this breach used in our total: 0

September 2, 2010 Sprint
Overland Park, Kansas
BSR INSD

Unknown

The location listed is Sprint Nextel's headquarters.  The former employees worked in New York, New Jersey and Florida.

Between January 2010 and June 2010 nine former employees inappropriately accessed confidential customer account information and used it to make unauthorized calls. Defrauded customers were credited by the company. Around $15 million dollars in authorized calls resulted from the cellphone cloning scheme.

 
Information Source:
Databreaches.net
records from this breach used in our total: 0

September 2, 2010 Carpenters' District Council of Greater St. Louis and Vicinity
St. Louis, Missouri
BSO DISC

Unknown

Social Security numbers were printed on the outside of envelopes mailed to beneficiaries of the pension fund. It is unclear how many of the 24,000 members had their information mailed before the error was discovered.

 
Information Source:
Databreaches.net
records from this breach used in our total: 0

September 5, 2010 Eastern Michigan University
Ypsilanti, Michigan
EDU HACK

Unknown

Online banking information may have been exposed because of a computer server hacking incident.  The information included log-ins and personal identification numbers for some employees.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

September 9, 2010 Mayo Clinic
Phoenix, Arizona
MED INSD

1,700 (No reports of SSNs or financial information)

Those who received notification and have further questions may call 1-877-309-9839.  Locations include New England, Florida, Minnesota and Arizona.

An employee was fired after it was learned that the employee accessed patient records without authorization.  The employee repeatedly accessed information at a location in Arizona between 2006 and 2010, but the Mayo Clinic system allows employees to access patient records from across the country.

 
Information Source:
PHIPrivacy.net
records from this breach used in our total: 0

Breach Total
815,842,526 RECORDS BREACHED
(Please see explanation about this total.)
from 4,495 DATA BREACHES made public since 2005
Showing 501-550 of 4495 results


X

Sign In!

Loading