Chronology of Data Breaches
Security Breaches 2005 - Present

Posted Date: April 20, 2005
Updated Date: December 31, 2013

Is this your first visit to our Chronology of Data Breaches?

  • Read our FAQ about what we define as a breached record, how we calculate the "total" records breached, our data sources, state breach notice laws, studies and other resources

  • Learn how to use our Chronology and take advantage of its sophisticated search and sort features

  • Get our RSS Feed to see when we add new breaches to the list

What would you like to do?


Click or unclick the boxes then select go.


Select features, then click GO.



Help Guide

Can't find the sort feature you're looking for? Click here to download a CSV file of the data breach list as it exisits today.
Breach Total
864,188,052 RECORDS BREACHED
(Please see explanation about this total.)
from 4,252 DATA BREACHES made public since 2005

Save or Print PDF of Entire Breach List including introduction.Save or Print a PDF of Entire Breach List (including introductory FAQ)

Filter breach list before saving or printing PDF. Conduct a search of the Chronology using its sorting features, and Save or Print a PDF of your search results (Select filters)

If you do not have access to PDF, you can print the Chronology in landscape view.

Date Made Public Name Entity Type
September 21, 2010 Private Medical Practice
Chesapeake, Virginia
MED PORT

2,739 (No SSNs or financial information reported)

The doctor's patients in Norfolk, Portsmouth, Virginia Beach and Chesapeake may have been affected.

A laptop was stolen from a doctor's office on July 12. It is unknown if patient files were accessible on the laptop. The files would have contained names, dates of birth, diagnoses, treatments, and other personal information.

 
Information Source:
HHS via PHIPrivacy.net
records from this breach used in our total: 0

September 28, 2010 Maine Department of Education
Augusta, Maine
EDU DISC

Unknown

A technology director from the school district was able to access Social Security numbers of staff members in other districts.  The Maine Department of Education has asked school districts to delay submitting student Social Security numbers until the problem has been addressed.  According to reports, "For the first time, Maine school districts are collecting students' SSNs for a statewide database intended to help policy makers track students' progress throughout school and college and into the workplace." This practice has been controversial.

 
Information Source:
Databreaches.net
records from this breach used in our total: 0

September 6, 2010 Humana
Louisville, Kentucky
MED INSD

4 (No SSNs or financial information reported)

A former employee pleaded guilty to illegally accessing and using patient information in order to support his drug habit. The employee worked in Humana's information technology department. He also agreed to help address internal security flaws.

 
Information Source:
PHIPrivacy.net
records from this breach used in our total: 0

August 18, 2010 Wright State Physicians
Dayton, Ohio
MED PORT

1,309 (No SSNs or financial information reported)

A password-protected laptop with patient information was accidentally thrown in the trash and lost for five days. Names, dates of service, and sometimes treatment description of patients treated for vascular conditions within the last four years were on the laptop. The laptop was thrown out on June 11 and found in a landfill on June 16.

 
Information Source:
HHS via PHIPrivacy.net
records from this breach used in our total: 0

August 6, 2010 United HealthGroup
Minneapolis, Minnesota
MED PHYS

735 (No SSNs or financial information reported)

It appears that a breach involving paper records and categorized by the Health and Human Services (HHS) website as "theft, unauthorized access" occurred when patient documents were stolen on March 2. The incident was reported to HHS on August 4. Little more is known about the incident.

 
Information Source:
HHS via PHIPrivacy.net
records from this breach used in our total: 0

August 6, 2010 United HealthGroup
Minneapolis, Minnesota
MED PHYS

16,291 (No SSNs or financial information reported)

United HealthGroup reported a breach of paper records to Health and Human Services in June. The breach occurred on January 26.

 
Information Source:
HHS via PHIPrivacy.net
records from this breach used in our total: 0

September 29, 2010 Cheesecake Factory, PGA Tour Grill, Outback Steakhouse
Washington, District Of Columbia
BSR INSD

Unknown

Two people have been charged with conspiring to commit bank fraud and aggravated identity theft. They paid servers at multiple restaurants in the Washington D.C. area to use skimming devices to collect customer credit card information. The stolen information was used to fraudulently make purchases.

 
Information Source:
Databreaches.net
records from this breach used in our total: 0

September 28, 2010 US Bank
Eau Claire, Wisconsin
BSF CARD

Unknown

A scanner was found at an ATM. It was left undetected between 12:30pm and 4:20pm on Friday, September 17. A customer reported the device the next day when it was placed at the same location again. It appears that one customer was directly affected by unauthorized charges. The bank is in the process of canceling cards that were used on September 17 and 18 of 2010.

 
Information Source:
Databreaches.net
records from this breach used in our total: 0

September 24, 2010 Comprehensive Accounting
Farmington Hills, Michigan
BSF PHYS

Unknown

An employee error reportedly caused thousands of intact client files to be left in an easily accessible dumpster.  The files contained client information and employee Social Security numbers, names, addresses, W2s, bank statements and profit reports from 1990 and after.  The files were removed from the dumpster and are scheduled to be shredded.

 
Information Source:
Databreaches.net
records from this breach used in our total: 0

October 4, 2010 Gulf Pines Hospital
Port St. Joe, Florida
MED PHYS

Unknown

Former employees are concerned that the hospital was not properly cleared before being sold. People reported abandoned files in the middle of the hospital. An emergency room log, driver's license information, Social Security numbers and other personal files were left in the hospital. Patient medical records were removed. The buyer of the property was contacted, but did not return phone calls.

 
Information Source:
PHIPrivacy.net
records from this breach used in our total: 0

October 6, 2010 Gastroenterology Consultants
Omaha, Nebraska
MED PHYS

Unknown

A local news station responded to a report about patient files being left in a recycling dumpster outside of the clinic. Hundreds of documents with patient names, Social Security numbers, addresses and detailed medical information were found and secured by KMTV Action 3 News. The files appear to be from 2002 and 2003.

 
Information Source:
PHIPrivacy.net
records from this breach used in our total: 0

September 13, 2010 City of Shreveport
Shreveport, Louisiana
GOV PHYS

Unknown

Personal city government documents were easily accessible during a public auction. Buyers looking for city furniture were able to search through city payroll information, law enforcement reports and a variety of other documents which contained people's names, contact information and Social Security numbers. City employees admit the exposure was a mistake and removed the documents within an hour of notification. It is believed that the documents escaped from a stack that was scheduled to be burned.

 
Information Source:
Databreaches.net
records from this breach used in our total: 0

September 16, 2010 SanDiegoFit.com
San Diego, California
BSR STAT

Unknown

On August 30, a computer with customer information was stolen from the building. The password-protected computer had customer names, addresses, phone numbers and credit card numbers.

 
Information Source:
Databreaches.net
records from this breach used in our total: 0

September 16, 2010 Cardinal Health
Dublin, Ohio
MED PORT

Unknown

After an investigation into the status of decommissioned computers, it was determined that the locations of 11 were unknown. One laptop contained HR data. Current and former employee identification numbers, Social Security numbers and dates of birth may have been exposed. The investigation began in June when an employee was caught selling a laptop with sensitive information on eBay. Cardinal gave notice of the breach on September 7.

 
Information Source:
Databreaches.net
records from this breach used in our total: 0

September 14, 2010 JP Morgan Chase Bank
Greenburgh, New York
BSF CARD

Unknown

On August 17, a customer notified bank employees that a camera was on an ATM. An arrest was made on August 26 when a man was caught using a skimming device at another Chase bank. On September 14, Razvan Apostal was charged with eight counts of Criminal Possession of a Forged Instrument, and one count of Unlawful Possession of a Skimming Device.

 
Information Source:
Databreaches.net
records from this breach used in our total: 0

September 8, 2010 SeaChange International
Anton, Massachusetts
BSR INSD

Unknown

A temporary administrative assistant admitted to stealing the identity of one employee in July. It is unclear how many employees had their information accessed by the temp, but SeaChange sent notification of the incident to employees in 26 states shortly after discovering the breach.

 
Information Source:
Databreaches.net
records from this breach used in our total: 0

October 8, 2010 AmeriCorps
Washington, District Of Columbia
GOV DISC

Unknown

A website flaw dating back to 2006 may have allowed people to view applicant and participant personal information. Individuals who manipulated the website URL and guessed or knew user log-in names could have accessed participant and applicant contact information, names, and partial or full Social Security numbers.

 
Information Source:
Databreaches.net
records from this breach used in our total: 0

October 12, 2010 HomeCall Inc.
Rockville, Maryland
MED PORT

Unknown

A portable point of care device was stolen from an employee. Client names, addresses, Social Security numbers, medical record numbers, diagnoses and treatment information were on the unencrypted device.

 
Information Source:
PHIPrivacy.net
records from this breach used in our total: 0

October 12, 2010 Alliance Inc.
Baltimore, Maryland
MED PORT

Unknown

A laptop containing client information was stolen from an employee's car on May 3. Client names, addresses, Social Security numbers and diagnoses may have been exposed. The incident was reported on May 10.

 
Information Source:
PHIPrivacy.net
records from this breach used in our total: 0

October 11, 2010 Private Counseling and Psychotherapy Practice
Bronx, New York
MED STAT

9,000 (No SSNs or financial information reported)

The September 6 theft of a desktop computer resulted in the exposure of patient information.

 
Information Source:
HHS via PHIPrivacy.net
records from this breach used in our total: 0

October 11, 2010 Wright-Patterson Air Force Base
Dayton, Ohio
GOV PHYS

2,123 (No reports of SSNs or financial information)

Paper records were improperly disposed of on July 29.  The incident affected 2,123 patients.

 
Information Source:
HHS via PHIPrivacy.net
records from this breach used in our total: 0

October 11, 2010 Alliance HealthCare Services, Inc.
Newport Beach, California
MED PORT

1,474 (No SSNs or financial information reported)

Patients from Oroville hospital in Oroville, CA and Eden Medical Center in Castro Valley, CA were affected.

One or more portable devices were lost or stolen between July 31 and August 5.

 
Information Source:
HHS via PHIPrivacy.net
records from this breach used in our total: 0

October 11, 2010 UnitedHealth Group
Minneapolis, Minnesota
MED PHYS

1,270 (No SSNs or financial information reported)

A breach involving UnitedHealth Group and its business associate CareCore National was posted on the Health and Human Services (HHS) website.  Unauthorized persons were able to access paper records on or around July 8. 

 
Information Source:
HHS via PHIPrivacy.net
records from this breach used in our total: 0

October 11, 2010 Private Medical Practice
Wichita, Kansas
MED PORT

1,200 (No SSNs or financial information reported)

Paper records and at least one laptop with patient information were stolen during an August 20 theft.

 
Information Source:
HHS via PHIPrivacy.net
records from this breach used in our total: 0

October 11, 2010 St. James Hospital and Health Centers
Chicago, Illinois
MED PHYS 967 (No SSNs or financial information reported)
The improper disposal of paper documents may have left the health information of patients of Saint James Hospital and Health Centers exposed. The incident occurred on or around August 10.  
Information Source:
HHS via PHIPrivacy.net
records from this breach used in our total: 0

October 11, 2010 Private Medical Practice
Inglewood, California
MED STAT

928 (No SSNs or financial information reported)

A desktop computer was stolen on or around August 17.

 
Information Source:
HHS via PHIPrivacy.net
records from this breach used in our total: 0

October 14, 2010 Citibank
Florence, Kentucky
BSF INSD

Unknown

Three women have been charged for their roles in defrauding clients of a Citibank in Florence, KY. At least two of the women were employees of Citibanks in other states. One woman stole customer credit card account numbers and changed their addresses, while another used the information to make purchases in another state. The third woman assisted in collecting the purchased goods. The fraud began at the end of 2006 and two of the women were arrested in March of 2007.

 
Information Source:
Databreaches.net
records from this breach used in our total: 0

October 14, 2010 Plymouth Road Department of Children's Services
Johnson City, Tennessee
GOV PHYS

Unknown

A person or persons broke into the building during the weekend of October 10. Personal information of clients may have been viewed or recorded, but does not appear to have been stolen. Police believe their suspect entered the building to retrieve a car title document.

 
Information Source:
Databreaches.net
records from this breach used in our total: 0

October 14, 2010 RBC Bank
Lake County, Florida
BSF INSD

Unknown

A bank employee used customer credit card information to open fraudulent loans in their names. The deceased and elderly were targeted. The employee has not yet been arrested and appears to have been using the money to pay for the legal defense of her son.

 
Information Source:
Databreaches.net
records from this breach used in our total: 0

October 12, 2010 ING
Wilmington, Delaware
BSF DISC

Unknown

The location listed is ING's headquarters.

An isolated administration error caused an encrypted file with the personnel information of one client's employees to be made available to the HR department of another client. A password-based registration system was already in place to prevent the wrong addressee from opening encrypted email, however, the email was addressed to the wrong client. The total number of employees who may have had their names and Social Security numbers exposed is unknown, but 473 residents of Maryland were notified of the incident.  On June 3, the other HR department notified ING that they had been sent the wrong information.

 
Information Source:
Databreaches.net
records from this breach used in our total: 0

October 12, 2010 Trade Center Management Associates
Washington, District Of Columbia
BSO PORT

Unknown

A June theft at the facility exposed employee information. Employee names, Social Security numbers and some employee fingerprints were on the stolen equipment. It is unknown how many people were affected, but 284 Maryland residents were notified.

 
Information Source:
Databreaches.net
records from this breach used in our total: 0

October 12, 2010 State Farm Insurance
Bloomington, Illinois
BSF INSD

Unknown

The location listed is that of the State Farm Insurance headquarters.

A dishonest Florida State Farm agent was caught selling customer information to a third party. The former employee was terminated and arrested. The agent's buyer and purpose for wanting the information was not reported.

 
Information Source:
Databreaches.net
records from this breach used in our total: 0

October 12, 2010 Farmers Insurance
San Diego, California
BSF STAT

Unknown

The March 16 theft of office computers may have exposed policyholder information. Names, addresses, Social Security numbers, telephone numbers and driver's license numbers were on the computers. Clients were notified on July 26.

 
Information Source:
Databreaches.net
records from this breach used in our total: 0

October 18, 2010 Jackson Hewitt
Jacksonville, Florida
BSF PHYS

Unknown

Clients and employees of the Jackson Hewitt at the Southside office plaza were affected.

An employee discovered old customer and employee documents in the dumpster behind the office.  The documents included employees' W-2 forms, personal bank statements and some tax information from customers.  The former owner admitted to being responsible and eventually had the documents shredded.

 
Information Source:
Databreaches.net
records from this breach used in our total: 0

October 19, 2010 Chen Financial, KC Realty, and SBC Financial
Westminster, California
BSF INSD

Unknown

Kathy Chen and co-conspirators took advantage of real estate clients at Chen's three businesses.  Chen primarily obtained personal data from unsuspecting borrowers who new immigrants or senior citizens.  The personal and credit information was then used to obtain 47 fraudulent loans amounting to $17,500,000.  Clients in Kern, Orange and San Bernardino counties were affected between 2005 and 2007.  Chen was sentenced to 68 years in prison for identity theft, grand theft, forgery and conspiracy charges. Her two co-conspirators have not been arrested.

 
Information Source:
Databreaches.net
records from this breach used in our total: 0

October 19, 2010 Carolina West Wireless
Beaumont, Texas
BSO UNKN

Unknown

The Carolina West Wireless headquarters is located in Wilkesboro, North Carolina.

Authorities found customer information in the car of two men.  It is not known if the information was obtained through hacking, from an insider, by collecting documents from the company or by other methods.

 
Information Source:
Databreaches.net
records from this breach used in our total: 0

October 20, 2010 University of Arkansas for Medical Sciences
Little Rock, Arkansas
MED PORT

Unknown

A digital camera used for recording newborn information was stolen from an employee at the hospital. The information included newborn photos, mother names and contact information, dates of birth, insurance status and medical record numbers. The photos are taken as a security measure in case an infant is abducted. Infants born at the hospital between July and October were affected.

 
Information Source:
PHIPrivacy.net
records from this breach used in our total: 0

October 19, 2010 Cumberland Gastroenterology P.S.C.
Somerset, Kentucky
MED PHYS

2,207 (No SSNs or financial information reported)

Paper records were stolen on September 18. The records contained protected health information.

 
Information Source:
HHS via PHIPrivacy.net
records from this breach used in our total: 0

October 21, 2010 LoneStar Audiology Group
Houston, Texas
MED PORT

585 (No SSNs or financial information reported)

The August 11 theft of a laptop resulted in the exposure of patient health information.

 
Information Source:
HHS via PHIPrivacy.net
records from this breach used in our total: 0

October 21, 2010 Norman Pediactric Associates and Norman Urology
Norman, Oklahoma
MED PHYS

Unknown

Hundreds of intact medical records and Social Security numbers of oncology patients were found at the Norman Recycling Center. Both organizations believe a common paper shredding company is at fault.  The files were returned to the organizations and affected patients will be contacted.

 
Information Source:
PHIPrivacy.net
records from this breach used in our total: 0

October 19, 2010 WESTMED Medical Group
Purchase, New York
MED PORT

578 (No reports of SSNs or financial information)

A laptop with patient information was stolen in August.

 
Information Source:
HHS via PHIPrivacy.net
records from this breach used in our total: 0

October 13, 2010 San Diego Regional Center
San Diego, California
MED PORT

Unknown

Call 1-888-865-5940 for more information about this incident.

A back-up tape created for the purpose of disaster recovery testing and training was lost during shipping to the California Department of Developmental Services by UPS. Consumers' first and last names, Social Security numbers, contact, diagnostic and medical information may have been exposed. Extracting information from the tape requires sophisticated technology, according to the breach notice letter.

 
Information Source:
Security Breach Letter
records from this breach used in our total: 0

October 27, 2010 Mount Sinai School of Medicine
New York, New York
MED STAT

1,500 (No reports of SSNs or financial information)

A hard drive from the World Trade Center Medical Monitoring and Treatment Program at Mt. Sinai Hospital was lost or taken from a computer in the Mental Health Center.  The information included emails with protected health information, patients' names, and possibly treatment and contact information.

 
Information Source:
PHIPrivacy.net
records from this breach used in our total: 0

October 2, 2010 Has-Camino Travel Agency
South Pasadena, California
BSR STAT

Unknown

A former employee and her husband were arrested on suspicion of stealing computers from her former employer. The computers contained the personal information of clients and were stolen during an office burglary.

 
Information Source:
Databreaches.net
records from this breach used in our total: 0

October 28, 2010 Minor Family Clinic
Phoenix, Arizona
MED UNKN

128 (No SSNs or financial information reported)

An insurance fraud scheme used medical information from the Clinic. Fraudulent charges to patients' insurance companies totaled $108,000. Two people have been indicted, but their method for accessing patient information has not been reported.

 
Information Source:
PHIPrivacy.net
records from this breach used in our total: 0

October 28, 2010 Individual Tax Preparer
Laurinburg, North Carolina
BSF PHYS

Unknown

Eight cabinets full of tax records were stolen from a residence.  The records belonged to a deceased tax preparer named Ester Gaino and go back to at least five years ago.  It seems that the thief or thieves were looking for information that could be used to commit identity theft.

 
Information Source:
Databreaches.net
records from this breach used in our total: 0

October 29, 2010 Southwest Seattle Orthopaedic and Sports Medicine
Burien, Washington
MED HACK

9,493 (No SSNs or financial information reported)

A hacking incident may have exposed the personal information of patients on September 4.

 
Information Source:
HHS via PHIPrivacy.net
records from this breach used in our total: 0

October 29, 2010 Japanese Foundation of Los Angeles
Los Angeles, California
BSR HACK

Unknown

An unnamed third-party vendor that hosted the organization's jflac.org website experienced a security incident. Customers who made purchases related to Japanese Language Proficiency Testing for 2009 and 2010 may have had their names, dates of birth and credit card information accessed. The servers containing customer data were shut down and taken offline after the incident was discovered. The incident occurred on or around September 18, 2010 and the organization aimed to notify all affected customers by October 25.

 
Information Source:
Databreaches.net
records from this breach used in our total: 0

November 1, 2010 Thai Cafe
Indianapolis, Indiana
BSR PHYS

Unknown

An Indianapolis school noticed that their dumpster was being used by someone else. A box of personal information from the Thai Cafe was found to have been illegally dumped. School officials discovered complete payroll stubs from 2000 inside the box and contacted the restaurant owner. The ex-spouse of the restaurant owner apologized for the illegal dumping and claimed that the disposal was handled by a third party.

 
Information Source:
Databreaches.net
records from this breach used in our total: 0

November 2, 2010 Seton Hall University
South Orange, New Jersey
EDU DISC

1,500 (No SSNs or financial information reported)

An Excel spreadsheet with academic information was accidentally emailed to 400 students. Fifteen hundred students had their names, addresses, emails, student ID numbers, majors, credit hours and GPAs exposed. Students who received the attachment were instructed not to view or distribute it. Students were also informed to meet with the associate dean for Undergraduate Student Services and Enrollment Management if they had already opened the attachment.

 
Information Source:
Databreaches.net
records from this breach used in our total: 0

Breach Total
864,188,052 RECORDS BREACHED
(Please see explanation about this total.)
from 4,252 DATA BREACHES made public since 2005
Showing 551-600 of 4252 results


X

Sign In!

Loading