Chronology of Data Breaches
Security Breaches 2005 - Present

Posted Date: April 20, 2005
Updated Date: December 31, 2013

Is this your first visit to our Chronology of Data Breaches?

  • Read our FAQ about what we define as a breached record, how we calculate the "total" records breached, our data sources, state breach notice laws, studies and other resources

  • Learn how to use our Chronology and take advantage of its sophisticated search and sort features

  • Get our RSS Feed to see when we add new breaches to the list

What would you like to do?


Click or unclick the boxes then select go.


Select features, then click GO.



Help Guide

Can't find the sort feature you're looking for? Click here to download a CSV file of the data breach list as it exisits today.
Breach Total
864,188,052 RECORDS BREACHED
(Please see explanation about this total.)
from 4,252 DATA BREACHES made public since 2005

Save or Print PDF of Entire Breach List including introduction.Save or Print a PDF of Entire Breach List (including introductory FAQ)

Filter breach list before saving or printing PDF. Conduct a search of the Chronology using its sorting features, and Save or Print a PDF of your search results (Select filters)

If you do not have access to PDF, you can print the Chronology in landscape view.

Date Made Public Name Entity Type
August 9, 2010 Cathedral Square Corporation
South Burlington, Vermont
NGO HACK

Unknown

Residents of CSC may have had their names, bank account numbers and routing numbers exposed if they paid their rent electronically. Staff Health Savings Account information may have also been accessed.

 
Information Source:
Databreaches.net
records from this breach used in our total: 0

August 9, 2010 Ameritas Investment Corp.
Madison, Wisconsin
BSF PORT

Unknown

On January 27, a backup tape was stolen when the office was burglarized. The backup tape contained names, addresses, Social Security numbers, dates of birth and policy numbers of clients.

 
Information Source:
Databreaches.net
records from this breach used in our total: 0

August 9, 2010 Paraco Gas
Rye Brook, New York
BSR STAT

Unknown

On March 16, a computer containing personal information was stolen.  The information included names, Social Security numbers, addresses, dates of birth and bank account numbers.

 
Information Source:
Databreaches.net
records from this breach used in our total: 0

August 13, 2010 Montana Mikes
Clinton, Oklahoma
BSR HACK

Unknown

Software that gathers credit card information was remotely installed on the Restaurant's computer system. The problem was fixed.

 
Information Source:
Databreaches.net
records from this breach used in our total: 0

August 10, 2010 Metropolitan Life Insurance Company (MetLife)
New York, New York
BSF INSD

Unknown

MetLife wrote "On January 5, 2010, we learned that one of our employees was sharing individual disability insurance applications with an unauthorized individual. We believe that the shared documents contained sensitive information including name, address, Social Security number, driver's license number, checking account information, and date of birth."

 
Information Source:
Databreaches.net
records from this breach used in our total: 0

August 10, 2010 Baltimore Chesapeake Bay Outward Bound Center
Baltimore, Maryland
NGO STAT

Unknown

After the theft of two office computers it was discovered that a file cabinet with employment documents was unlocked. The documents included names, Social Security numbers, addresses and bank account numbers. The robbery occurred sometime around February 1.

 
Information Source:
Databreaches.net
records from this breach used in our total: 0

August 10, 2010 Select Portfolio Servicing (SPS)
Salt Lake City, Utah
BSF DISC

Unknown

Unencrypted SPS client data was sent to a server. Files of client 1099A and 1099C forms were exposed from January to February.

 
Information Source:
Databreaches.net
records from this breach used in our total: 0

August 17, 2010 Spring Mill Partners
Conshohocken, Pennsylvania
BSF PORT

Unknown

Laptops with client information were stolen during a February office burglary.

 
Information Source:
Databreaches.net
records from this breach used in our total: 0

August 11, 2010 Thomson Reuters
New York, New York
BSO INSD

Unknown

Police found Thomson CompuMark customer information in the home of a former employee. The information included names, addresses and credit card information. The employee processed customer payments between May and December of 2009.

 
Information Source:
Databreaches.net
records from this breach used in our total: 0

August 11, 2010 NBC Universal
New York, New York
BSO PORT

Unknown

A laptop containing names, Social Security numbers and other personal information of current and former employees was stolen on February 4, and recovered on February 24.

 
Information Source:
Databreaches.net
records from this breach used in our total: 0

April 16, 2010 General Motors
Detroit, Michigan
BSR DISC

Unknown

An electronic file containing Social Security numbers, names and email addresses was accidentally sent.

 
Information Source:
Databreaches.net
records from this breach used in our total: 0

April 16, 2010 American Sales Company, Ahold USA
Buffalo, New York
BSR PORT

Unknown

A service provider lost an unencrypted DVD with employee names and Social Security numbers.

 
Information Source:
Databreaches.net
records from this breach used in our total: 0

November 24, 2009 Farmers Insurance
Nashville, Tennessee
BSF HACK

Unknown

A former insurance agent noticed that it was possible to extract client information from the website. The information included insurance policies, Social Security numbers, names and addresses. The former agent's home was searched by police when it was discovered that client information had been hacked.

 
Information Source:
Databreaches.net
records from this breach used in our total: 0

July 30, 2010 New York Urology Associates
Cheektowaga, New York
MED PHYS

Unknown

Someone reported that medical papers were blowing around a parking lot. The documents had Social Security numbers, addresses, and names.

 
Information Source:
NAID
records from this breach used in our total: 0

August 18, 2010 Beauty Dental, Inc.
Chicago, Illinois
MED PHYS

657 (No reports of SSNs or financial information)

The paper records of some individuals were lost or stolen on June 5.

 
Information Source:
HHS via PHIPrivacy.net
records from this breach used in our total: 0

August 18, 2010 Humana Inc, Matrix Imaging
Louisville, Kentucky
BSF PHYS

2,631 (No SSNs or financial information reported)

The location is listed as Humana's headquarters.

Paper records involving information from business associate Matrix Imaging were lost or stolen on June 25.

 
Information Source:
HHS via PHIPrivacy.net
records from this breach used in our total: 0

August 16, 2010 Private Dental Practice
Tacoma, Washington
MED STAT

Unknown

Around July 16, an office break in resulted in the loss of a computer with patient names, addresses, internal account numbers, telephone numbers, Social Security numbers and dates of birth.

 
Information Source:
PHIPrivacy.net
records from this breach used in our total: 0

May 1, 2009 Littleton Regional Hospital
Littleton, New Hampshire
MED INSD

Unknown

A patient complaint in March of 2009 resulted in the firing of an employee. An audit revealed that the employee inappropriately accessed patient records for unknown reasons at least three times between 2008 and May of 2009. The records contained names, contact information, dates of birth, insurance information and other health information.

UPDATE (8/10/10): Another employee was fired for a similar unauthorized access incident during May of 2010.

 
Information Source:
PHIPrivacy.net
records from this breach used in our total: 0

August 10, 2010 DC Chartered Health Plan
Washington, District Of Columbia
MED PORT

540 (No SSNs or financial information reported)

The May 26 theft of a laptop resulted in the exposure of private health information of 540 people.

 
Information Source:
HHS via PHIPrivacy.net
records from this breach used in our total: 0

August 17, 2010 American Fidelity Assurance Company
Edmond, Oklahoma
BSF PHYS

Unknown

The boxes were found in Edmond, Oklahoma and had the information of some Tulsa, Oklahoma residents as well.

Storage containers with Social Security numbers, names, dates of birth and other information were left on a curb in Edmond, Oklahoma. A couple went to the local news after having stored the hundreds of documents for a few years. The insurance papers are from 2003 and 2004 and have information on employees of multiple companies.

 
Information Source:
Databreaches.net
records from this breach used in our total: 0

August 16, 2010 Centric Software
Campbell, California
BSR PORT

Unknown

A laptop theft resulted in the exposure of employee names, Social Security numbers and possibly contact information and dates of birth.  The laptop was stolen frrom an employee's car on July 23.

 
Information Source:
Databreaches.net
records from this breach used in our total: 0

August 24, 2010 Mahaska County Hospital
Oskaloosa, Iowa
MED INSD

Unknown

Two patient-orders coordinators were fired for separate incidents of snooping. One inappropriately accessed at least two patients' data. The other employee inappropriately accessed the data of multiple family members.

 
Information Source:
PHIPrivacy.net
records from this breach used in our total: 0

August 24, 2010 Riverview Gardens School District
St. Louis, Missouri
EDU PHYS

Unknown

Hundreds of documents with student Social Security numbers, pictures, phone numbers and ages were left near a dumpster.

 
Information Source:
Databreaches.net
records from this breach used in our total: 0

August 23, 2010 Wachovia Bank
Atlanta, Georgia
BSF INSD

Unknown

A former employee was sentenced to prison after being convicted of identity theft and bank fraud. While working at Wachovia's bank fraud detection department in 2007, the employee sold credit card and bank account numbers to an outside accomplice. The former employee was ordered to pay $91,104 in restitution and serve a four and a half years federal prison sentence.

 
Information Source:
Databreaches.net
records from this breach used in our total: 0

August 24, 2010 Oak Ridge National Laboratory
Columbus, Ohio
GOV STAT

Unknown

About 1,500 unused hard drives were mismanaged, abandoned, and unsecured in the offices. The hard drives had sensitive information such as names, medical information, dates of birth and salary information. Auditors found hard drives in hallways, unused offices and docks. Only 55 unused hard drives were being stored properly; computer security officers destroyed the others.

 
Information Source:
Databreaches.net
records from this breach used in our total: 0

August 26, 2010 HMS Host
Cleveland, Ohio
BSR INSD

Unknown

This appears to affect people seeking employment with the Starbucks in Cleveland Hopkins International Airport prior to 2009.

A woman was charged with misusing applicant information to open more than 65 credit cards under different names. The woman made over $115,000 in fraudulent charges between February of 2006 and November of 2008.

 
Information Source:
Databreaches.net
records from this breach used in our total: 0

August 29, 2010 Rolling Meadows Townhomes
Saline, Michigan
BSO HACK

Unknown

Dozens of residents of the Rolling Meadows Townhomes community became identity theft victims. Thieves somehow obtained banking information from checks that residents sent to pay for their co-op properties.

 
Information Source:
Databreaches.net
records from this breach used in our total: 0

September 3, 2010 University of Rochester Medical Center (URMC)
Rochester, New York
MED PORT

837 (0 reports of SSNs or financial information)

The loss of a USB device may have exposed current and former patient health information and dates of birth. Patients of a single surgeon were affected.

 
Information Source:
PHIPrivacy.net
records from this breach used in our total: 0

September 4, 2010 Essex Youth Commision Summer Program
Essex, Massachusetts
GOV PHYS

Unknown

Paper records and digital files with personal health and personally identifiable information from youth participants, parents and staff were reported missing.

 
Information Source:
PHIPrivacy.net
records from this breach used in our total: 0

September 2, 2010 Chattanooga Family Practice Associates
Chattanooga, Tennessee
MED PORT

1,711 (No SSNs or financial information reported)

A missing portable device had the names, dates of birth and purposes of visits for a limited number of patients.

 
Information Source:
HHS via PHIPrivacy.net
records from this breach used in our total: 0

September 1, 2010 Jason's Deli
Memphis, Tennessee
BSR HACK

Unknown

Hundreds of customers may have been affected after using their credit or debit cards at the restaurant. The computer server was infected with a new virus.

 
Information Source:
Databreaches.net
records from this breach used in our total: 0

September 2, 2010 Sprint
Overland Park, Kansas
BSR INSD

Unknown

The location listed is Sprint Nextel's headquarters.  The former employees worked in New York, New Jersey and Florida.

Between January 2010 and June 2010 nine former employees inappropriately accessed confidential customer account information and used it to make unauthorized calls. Defrauded customers were credited by the company. Around $15 million dollars in authorized calls resulted from the cellphone cloning scheme.

 
Information Source:
Databreaches.net
records from this breach used in our total: 0

September 2, 2010 Carpenters' District Council of Greater St. Louis and Vicinity
St. Louis, Missouri
BSO DISC

Unknown

Social Security numbers were printed on the outside of envelopes mailed to beneficiaries of the pension fund. It is unclear how many of the 24,000 members had their information mailed before the error was discovered.

 
Information Source:
Databreaches.net
records from this breach used in our total: 0

September 5, 2010 Eastern Michigan University
Ypsilanti, Michigan
EDU HACK

Unknown

Online banking information may have been exposed because of a computer server hacking incident.  The information included log-ins and personal identification numbers for some employees.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

September 9, 2010 Mayo Clinic
Phoenix, Arizona
MED INSD

1,700 (No reports of SSNs or financial information)

Those who received notification and have further questions may call 1-877-309-9839.  Locations include New England, Florida, Minnesota and Arizona.

An employee was fired after it was learned that the employee accessed patient records without authorization.  The employee repeatedly accessed information at a location in Arizona between 2006 and 2010, but the Mayo Clinic system allows employees to access patient records from across the country.

 
Information Source:
PHIPrivacy.net
records from this breach used in our total: 0

September 9, 2010 California Department of Health Care Services
Sacramento, California
GOV DISC

5,000 (No reports of SSNs or financial information)

The California Department of Health Care Services released confidential and identifying information about HIV positive Medi-Cal recipients to a third party service provider.  A network of organizations have deemed this action illegal and unauthorized.  A letter was sent by the network asking for an explanation of how this happened and reassurance that it will not happen again.

 
Information Source:
PHIPrivacy.net
records from this breach used in our total: 0

September 11, 2010 Cheesecake Factory
White Plains, New York
BSR INSD

Unknown

A waiter used a skimming device to make $100,000 worth of fraudulent charges to customer credit cards. The waiter committed these crimes in late 2008 and was arrested in September of 2010.

 
Information Source:
Databreaches.net
records from this breach used in our total: 0

September 13, 2010 Saint Barnabas Health Care Systems and Newark Beth Israel Medical Center
West Orange, New Jersey
MED PORT

4,586 (No SSNs or financial information reported)

KPMG LLP is the accounting firm responsible for the loss of the flash drive.

An employee of Saint Barnabas' accounting partner KPMG lost an unencrypted flash drive. The flash drive had patient names and information about their health, but did not have Social Security numbers or financial information. The incident occurred in June and patients were notified in September.

 
Information Source:
HHS via PHIPrivacy.net
records from this breach used in our total: 0

September 15, 2010 Paul Martin's American Bistro
Roseville, California
BSR HACK

Unknown

Hundreds of customers who used their credit cards at Paul Martin's were put at risk for credit card fraud.  Hackers accessed the restaurant's credit-card processing system. Customer credit card information was then sold to other criminals and used to make purchases. According to a police news release, the hack did not involve the external financial services network or any third-party data processing service. It appears that the first customers were affected in March of 2010.

 
Information Source:
Databreaches.net
records from this breach used in our total: 0

September 13, 2010 SunBridge Healthcare Corporation
Albuquerque, New Mexico
MED PORT

1,000 (No SSNs or financial information reported)

A BlackBerry mobile device was stolen from an employee's desk.  The device had unencrypted current and former resident and patient information from eight different nursing and rehabilitation facilities in Georgia.  No Social Security numbers or financial information were stored on the device, but it did contain patient names, medical record numbers, medical information, dates of birth, and dates of service.

 
Information Source:
HHS via PHIPrivacy.net
records from this breach used in our total: 0

September 13, 2010 New York University School of Medicine Aging and Dementia Clinical Research Center
New York, New York
MED PORT

1,200 (No reports of SSNs or financial information)

A portable electronic device was lost or stolen on April 3.  The health information of 1,200 patients was lost. The incident was reported to the Department of Health and Human Services in September.

 
Information Source:
HHS via PHIPrivacy.net
records from this breach used in our total: 0

September 18, 2010 New York City Human Resources Administration and New York City Department of Health and Mental Hygiene
New York, New York
GOV INSD

Unknown

Two New York City employees from different agencies were involved in an identity fraud ring. One employee worked for the New York City Human Resources Administration and sold copies of welfare recipients' birth certificates and Social Security numbers. The second employee worked for the New York City Department of Health and Mental Hygiene and sold parental identification information from birth certificates. The employees were sentenced to eight months to two years of prison time and one to two years of probation for identification fraud. These crimes happened between 2005 and 2008.

 
Information Source:
Databreaches.net
records from this breach used in our total: 0

September 16, 2010 Martin Luther King Jr. Multi-Service Ambulatory Care Center
Los Angeles, California
GOV INSD

33,000 (No reports of SSNs or financial information)

A janitor removed 14 boxes of patient records and sold them to a recycling center.  The records had names, genders, dates of birth, addresses, medical record numbers and financial batch numbers. Patients who received services from the outpatient facility between January and October of 2008 were affected.  The files were discovered missing on July 29 of 2010 and the custodial worker admitted to selling them.  The custodian is being charged with one count of felony commercial burglary.  Those affected will be mailed notifications during the week of September 20 of 2010.

 
Information Source:
Databreaches.net
records from this breach used in our total: 0

September 17, 2010 Saint Anselm College
Manchester, New Hampshire
EDU DISC

Unknown

A number of alumni who received a University newsletter were notified that their Social Security numbers were printed on mailing labels.  The error occurred on the spring 2010 and fall 2009 newsletters. It seems that no one complained about the fall accidental disclosure.

 
Information Source:
Databreaches.net
records from this breach used in our total: 0

September 16, 2010 Benefit Concepts Inc
East Providence, Rhode Island
BSF PORT

Unknown

A package containing payroll checks and a CD copy of payroll checks was lost during shipment between July 19 and July 20. Benefit Concepts' vendor CompuPay will encrypt CDs and mask paper records in the future, but this CD was not encrypted. Employee names, Social Security numbers and bank account numbers were in the package.

 
Information Source:
Databreaches.net
records from this breach used in our total: 0

August 20, 2010 Turley's Restaurant
Boulder, Colorado
BSR PHYS

Unknown

The owner of Turley's Restaurant went to recycle old employee files. After seeing that the dumpster was full, the owner then left boxes of intact files from former employees near the dumpster. The files included Social Security numbers, birth dates and phone numbers.

 
Information Source:
NAID
records from this breach used in our total: 0

September 22, 2010 Ault Chiropractic Center
Batesville, Indiana
MED STAT

2,000 (No SSNs or financial information reported)

The September 15 theft of a computer may have resulted in the exposure of the protected health information of patients.

 
Information Source:
HHS via PHIPrivacy.net
records from this breach used in our total: 0

September 23, 2010 Alaskan AIDS Assistance Association (Four A's)
Anchorage, Alaska
NGO PORT

2,000 (Unknown number of SSNs reported)

The Four A's is a business associate of the State of Alaska Department of Health and Human Services.

A data storage device containing client names and contact information was stolen from Four A's executive director's car.  Some clients had their Social Security numbers on the device.

 
Information Source:
PHIPrivacy.net
records from this breach used in our total: 0

September 27, 2010 Kern Medical Center
Bakersfield, California
MED HACK

Unknown

An employee opened an email that subsequently affected the entire hospital system in late July. The Kern Medical Center temporarily removed itself from the county computer network to prevent the spread of the attack. Patient records were eventually secured, but it is unknown if any were affected by the 16-day malware attack.

 
Information Source:
PHIPrivacy.net
records from this breach used in our total: 0

September 21, 2010 The Kent Center
Warwick, Rhode Island
MED PHYS

1,361 (No SSNs or financial information reported)

A briefcase with patient records was stolen from a clinician's car on July 13. The lost documents included client names, dates of birth and some clinical information. The patient records do not appear to have been the target of the theft since other cars were broken into during that night.

 
Information Source:
HHS via PHIPrivacy.net
records from this breach used in our total: 0

Breach Total
864,188,052 RECORDS BREACHED
(Please see explanation about this total.)
from 4,252 DATA BREACHES made public since 2005
Showing 501-550 of 4252 results


X

Sign In!

Loading