Chronology of Data Breaches
Security Breaches 2005 - Present

Posted Date: April 20, 2005
Updated Date: December 31, 2013

Is this your first visit to our Chronology of Data Breaches?

  • Read our FAQ about what we define as a breached record, how we calculate the "total" records breached, our data sources, state breach notice laws, studies and other resources

  • Learn how to use our Chronology and take advantage of its sophisticated search and sort features

  • Get our RSS Feed to see when we add new breaches to the list

What would you like to do?


Click or unclick the boxes then select go.


Select features, then click GO.



Help Guide

Can't find the sort feature you're looking for? Click here to download a CSV file of the data breach list as it exisits today.
Breach Total
864,188,052 RECORDS BREACHED
(Please see explanation about this total.)
from 4,252 DATA BREACHES made public since 2005

Save or Print PDF of Entire Breach List including introduction.Save or Print a PDF of Entire Breach List (including introductory FAQ)

Filter breach list before saving or printing PDF. Conduct a search of the Chronology using its sorting features, and Save or Print a PDF of your search results (Select filters)

If you do not have access to PDF, you can print the Chronology in landscape view.

Date Made Publicsort icon Name Entity Type
February 2, 2013 River Falls Medical Clinic
River Falls, Wisconsin
MED PHYS

2,400 (unknown number of SSNs)

River Falls Medical Clinic officials reported a burglary during the summer of 2012.  The equipment and paper documents that were stolen were recovered by police on November 28.  An employee of a cleaning service that subcontracted with the Clinic is the main suspect.  The items were found in the employee's home and he was charged with felonies associated with theft and drug possession.  It is believed that the documents were intended to be shredded.  They contained patient names, dates of birth, patient account and billing account information, diagnosis codes, insurance information, account numbers, medical chart numbers, and scheduling information.  An unspecified number of patients also had their Social Security numbers, home addresses, and phone numbers exposed.

 
Information Source:
PHIPrivacy.net
records from this breach used in our total: 0

February 2, 2013 Twitter
San Francisco, California
BSO HACK

250,000 (no SSNs or financial information exposed)

Online attackers were able to access the usernames, email addresses, session tokens, and encrypted passwords of 250,000 users.  Twitter notified affected users and told them to create a new password.  Anyone who used the same password and username or email combination for other sites is encouraged to change the password on other sites as well.

UPDATE (03/11/2013): Facebook, Microsoft, and Apple were all affected by a similar breach around the same time.

 
Information Source:
Media
records from this breach used in our total: 0

February 1, 2013 Antioch Unified School District
Antioch, California
EDU DISC

Unknown

A document with sensitive Worker's Compensation claim information was accidentally sent out with an email to a limited number of Antioch Unified School District employees.  Social Security numbers and other information related to current and former employees that reported injuries were exposed.  The incident occurred on January 18 and people who received the email were instructed to remove and destroy any saved information contain in the email. Those who received the email were also instructed to provide written verification that they had removed and destroyed the information.

 
Information Source:
California Attorney General
records from this breach used in our total: 0

February 1, 2013 Tallahassee Memorial HealthCare
Tallahassee, Florida
MED INSD

124

A former Tallahassee Memorial HealthCare food service employee was indicted on 31 counts of filing false tax returns, wire fraud, false claims, and aggravated identity theft.  He and two others are believed to have participated in a conspiracy that led to $818,000 in fraudulent claims.  The employee worked for Tallahassee Memorial HealthCare for three years.  He gathered patient names and dates of birth from food tray receipts when he delivered food to the rooms of patients in August of 2011 and stole emergency room data sheets from the trash. The information was then passed to the two others who participated in the conspiracy.

 
Information Source:
PHIPrivacy.net
records from this breach used in our total: 124

February 1, 2013 Central Laborers' Pension Fund, Central Laborers' Welfare Fund, Central Laborers' Annuity Fund
, Illinois
BSF PORT

Unknown

A home burglary resulted in the theft of a CD that contained the information of over 30,000 beneficiaries.  The CD contained names, Social Security numbers, and dates of birth and was taken from the home of an accountant at an unnamed counting firm.  The three funds sued the accounting firm for $200,000 to cover the cost of credit monitoring and insurance. 

 
Information Source:
Databreaches.net
records from this breach used in our total: 0

January 31, 2013 Bank of Prairie du Sac
Prairie du Sac, Wisconsin
BSF HACK

200

Customers were affected by an ATM hacking scheme. A skimming device is believed to have been placed on the bank's ATM at a food store.  A suspect was arrested after being seen using stolen card information at an ATM.

 
Information Source:
Dataloss DB
records from this breach used in our total: 200

January 31, 2013 Silver Star Motors
Cortland, Illinois
BSR INSD

25

The owner of Silver Star Motors was charged with seven counts of identity theft and may have been involved in 25 cases of identity theft.  Customer information was used to defraud lending companies associated with the used-car dealership.

UPDATE (02/13/2013): At least 44 people have had their information misused. The dishonest owner also operated Edge Auto Sales at one time.

 
Information Source:
Dataloss DB
records from this breach used in our total: 25

January 30, 2013 The New York Times
New York, New York
BSO HACK

Unknown

The New York Times' computer system was hacked after Chinese government officials warned the Times about consequences for investigating the wealth of government family members.  The Times began monitoring its system closely on October 24 and noticed unusual activity on October 25 when an article about the wealth of a Chinese official's family was published.  The breach began on September 13 and was allowed to continue until January so that the hackers' behavior could be studied.  It appears that the passwords of every Times employee were compromised and 53 Times employees had their personal computers accessed.  The 53 employees were located outside of the United States and appear to have been the ones who may have covered the Chinese stories.

 
Information Source:
Media
records from this breach used in our total: 0

January 30, 2013 Police Department of Littleton, Massachusetts
Littleton, Massachusetts
GOV DISC

100

A police activity log for the period of January 7 through January 13 was published on the Littleton department's website. Someone forgot to remove personal details from the log and the sensitive information was available online for 10 days.  Names, Social Security numbers, dates of birth, and addresses, were available between January 14 and January 24.

 
Information Source:
Media
records from this breach used in our total: 100

January 29, 2013 North Los Angeles County Regional Center (NLACRC)
Van Nuys, California
MED PORT

Unknown

The November 13, 2012 theft of a laptop resulted in the exposure of consumer information.  Names, addresses, phone numbers, dates of birth, residential information, and medical information may have been exposed.

 
Information Source:
California Attorney General
records from this breach used in our total: 0

January 29, 2013 Stethescope.com
Natick, Massachusetts
BSR HACK

Unknown

Those with questions may call (877) 288-8057.

A hacker accessed the webserver used to host stethoscope.com on December 3.  The breach was discovered in mid-December during routine server maintenance.  Customer names, addresses, email addresses, and credit card information such as numbers, expiration dates, and security codes may have been exposed.

 
Information Source:
California Attorney General
records from this breach used in our total: 0

January 28, 2013 RR Donnelley, UnitedHealthcare, Boy Scouts of America
Chicago, Illinois
MED STAT

8,911

UnitedHealthcare has established a hotline for those with questions: 1-866-896-4209.

An unencrypted desktop computer was stolen from an RR Donnelley facility sometime between mid September and the end of November, 2012.  RR Donnelley is a vendor of UnitedHealthcare.  It is unclear why the breach was not noticed until December 3, 2012.  The stolen computer contained UnitedHealthcare member information that was related to participation in the Boy Scouts of America 2003 health benefit plan.  Names, Social Security numbers, and addresses may have been exposed.

UPDATE (10/01/2013): A total of 8,911 Boy Scouts of America Employee Benefit Plan participants were notified of the breach.

 
Information Source:
California Attorney General
records from this breach used in our total: 8,911

January 28, 2013 Walz and Associates Law Firm
Albuquerque, New Mexico
BSO PHYS

Unknown

A concerned citizen found hundreds of documents in a recycling center and notified a local news team.  The documents included criminal histories, depositions, medical records, personal phone numbers, and addresses.  Most were from the 1990's.  Most or all of the information did not need to be shredded because it was considered public record.  The local news team contacted a director from the solid waste division and the documents were removed for shredding.

 
Information Source:
PHIPrivacy.net
records from this breach used in our total: 0

January 28, 2013 Cbr Systems
San Bruno, California
MED PORT

300,000

The 2010 theft of a company laptop, a hard drive, and a number of unencrypted backup tapes resulted in the exposure of sensitive information.  Social security numbers, credit and debit card numbers, driver's license numbers, and dates of birth were contained on one or more of the devices.

Cbr Systems reached a settlement with the Federal Trade Commission in early 2013.  Cbr Systems must establish an information security program and be independently audited every other year for 20 years.  The full settlement can be found here: http://ftc.gov/opa/2013/01/cbr.shtm

 
Information Source:
Media
records from this breach used in our total: 300,000

January 28, 2013 Los Angeles County Department of Public Social Services
Los Angeles, California
GOV INSD

132 (64 individuals had fraudulent tax returns filed)

A dishonest employee pleaded guilty to using a Los Angeles County computer system to file fraudulent tax refunds.  The fraudulent activity occurred between July 2009 and the 2011 tax year.  The IRS found 44 pages of screen prints with the information of 132 assistance participants in the employee's home. The employee, her spouse, and three others were indicted in January of 2012.    

 
Information Source:
Databreaches.net
records from this breach used in our total: 64

January 26, 2013 Wilton Brands LLC, www.wilton.com
Woodridge, Illinois
BSR HACK

Unknown

Customers who made purchases on www.wilton.com between October 8, 2012 and January 8, 2013 may have had their credit or debit card information exposed.  A Wilton service provider discovered the issue on or around January 8, 2013.  A malicious user accessed the website information and payment card numbers, expiration dates, and security codes may have been exposed.  Customer names, addresses, and telephone numbers are also at risk.

This incident is in addition to the hacking incident that took place between July and October of 2012.  That incident was reported on December 12, 2012.

 
Information Source:
California Attorney General
records from this breach used in our total: 0

January 24, 2013 Brentwood Primary Care Clinic
Jacksonville, Florida
MED INSD

261

A dishonest intern was caught using a cell phone to illegally photograph patient Social Security numbers and names.  The photos were then sent to another person; presumably for fraudulent activity.  The office intern was charged with fraudulent use of personal identification information. It is unclear when the breach was discovered since the photos were taken between May 7 and June 19.

 
Information Source:
PHIPrivacy.net
records from this breach used in our total: 261

January 24, 2013 Eastern Illinois University
Charleston, Illinois
EDU DISC

430 (No SSNs or financial information reported)

At least 65 students received information about the grade point average of 430 students during early January 2013.  The breach occurred when a spreadsheet that contained the information and the E-number of 430 students was accidentally made available online.  

 
Information Source:
Databreaches.net
records from this breach used in our total: 0

January 22, 2013 NECA/IBEW Family Medical Care Plan
Rockville, Maryland
MED DISC

Unknown

NECA/IBEM Family Medical Care Plan (FMCP) participants received disclosure documents related to benefits coverage and modifications.  The outside of the envelopes in which the documents arrived displayed participant Social Security numbers.

 
Information Source:
California Attorney General
records from this breach used in our total: 0

January 18, 2013 Stanford School of Medicine, Lucile Packard Children's Hospital
Palo Alto, California
MED PORT

Unknown

Those with questions may call 1-855-731-6016.

The January 9 theft of a laptop from a physician's car may have exposed sensitive information.  The laptop may have contained some combination of patient names, dates of birth, and contact information.

UPDATE (01/22/2013): A total of 57,000 patients are being notified. Medical information and medical record numbers were exposed.  A limited number of patients had their contact information exposed.  Most of the information on the laptop was from 2009.

 
Information Source:
California Attorney General
records from this breach used in our total: 0

January 17, 2013 St. Mark's Medical Center
La Grange, Texas
MED HACK

2,988

An employee's computer was found to contain malware.  The malware infection began on May 21, 2012 and was discovered on November 15, 2012.  Files stored on the computer contained billing information with patient names, Social Security numbers, account numbers, medical record numbers, dates of birth, gender, treatment dates, insurance provider names, and account balances.

 
Information Source:
PHIPrivacy.net
records from this breach used in our total: 2,988

January 16, 2013 Utah Department of Health, Goold Health Systems
Salt Lake City, Utah
MED PORT

6,000 (No SSNs or financial information reported)

An employee of Goold Health Systems lost an unencrypted USB memory stick that contained the information of around 6,000 Medicaid recipients in Utah.  Goold Health Systems is a contractor for the Utah Department of Health.  Medicaid recipient names, Medicaid identification numbers, ages, and recent prescription drug use were on the memory stick.  The memory stick was lost during travel between Salt Lake City, Denver, and Washington.  The loss was confirmed on Tuesday, January 15.  

 
Information Source:
Media
records from this breach used in our total: 0

January 13, 2013 Advanced Micro Devices (AMD), Nvidia
Sunnyvale, California
BSR INSD

Unknown

Four managers who left AMD to work for Nvidia are being sued by AMD for intellectual property theft.  AMD accused the former employees of setting up a spying ring in the company before leaving to work for rivaling company Nvidia.  One of the managers is accused of using two external hard drives to download Microsoft Outlook email files, licensing agreements, and strategic plans from his work computer before leaving AMD in July of 2012. Another employee is accused of taking an AMD technical work and development database with over 200 files.  The four employees are accused of taking over 150,000 documents.

 
Information Source:
Media
records from this breach used in our total: 0

January 12, 2013 Zaxby's
Athens, Georgia
BSR HACK

Unknown

Over 108 Zaxby's restaurants experienced a breach related to customer credit and debit cards.  A number of people experienced credit card fraud and an investigation led to Zaxby's as a common point of purchase.  Suspicious files were found on Zaxby's system during the subsequent investigation.  

 
Information Source:
Databreaches.net
records from this breach used in our total: 0

January 12, 2013 Florida Department of Juvenile Justice
Tallahassee, Florida
GOV PORT

100,000 (No SSNs or financial information reported)

A press release can be found here: http://www.djj.state.fl.us/news/press-releases/press-release-detail/2013/01/11/information-security-breach-reported-at-djj

A mobile device that contained both youth and employee records was reported stolen on January 2, 2013.  Over 100,000 records were on the device and may have been exposed.  The device was taken from a Department of Juvenile Justice office and was neither encrypted nor password-protected.  Department of Juvenile Justice policy requires such devices to be encrypted.

 
Information Source:
Databreaches.net
records from this breach used in our total: 0

January 12, 2013 Florida Department of Juvenile Justice
Tallahassee, Florida
MED STAT

100,000 (No SSNs or financial information reported)

On September 6, 2012 it was reported that three computers that contained information from the Florida Department of Juvenile Justice were stolen from an apartment site earlier in the week.  A television was also taken at the time of the theft.

UPDATE (01/12/2013): At least one of the devices was neither encrypted nor password protected and held the personal information of over 100,000 youth and employees.

 
Information Source:
Databreaches.net
records from this breach used in our total: 0

January 11, 2013 EJ Phair Brewing Company and Alehouse
Concord, California
BSR HACK

Unknown

Customers who used credit or debit cards at EJ Phair discovered fraudulent chargers on their payment cards.  A hacker or hackers managed to access and misuse payment card numbers once they ran through EJ Phair's system.  It appears that customers who used cards at the location between September and late November of 2012 may have been affected.

 
Information Source:
California Attorney General
records from this breach used in our total: 0

January 10, 2013 City of Macon Georgia
Macon, Georgia
GOV STAT

Unknown

A computer repair shop bought used computers on govdeals.com in 2011.  The computers were found to have information from city employees when they were removed from storage on January 5.  Social Security numbers, pension information, and other personal information from Macon police officers were on the computers.  Information from local businesses that was used for city purposes was also on the computers.  A total of 39 hard drives, two servers, and two CPUs were purchased and may have contained sensitive information.

 
Information Source:
Databreaches.net
records from this breach used in our total: 0

January 10, 2013 KTSU Texas Southern University
Houston, Texas
EDU INSD

Unknown

Texas Southern University's radio station KTSU gave a volunteer position to a person with a criminal history of credit card fraud.  The volunteer was later arrested for allegedly using the radio station's donation drive to steal credit card information.  The dishonest volunteer faces up to 300 counts of credit card fraud for attempting to misuse the information on donor pledge sheets.

 
Information Source:
Databreaches.net
records from this breach used in our total: 0

January 10, 2013 Office of Dr. Sandra Bujanda-Wagner
Aurora, Colorado
MED PHYS

Unknown

Employees accidentally threw out hundreds of patient records.  The dental records were found by someone looking through a dumpster and the incident was reported to a local news team.  Names, Social Security numbers, dates of birth and addresses were exposed. Employees from Bujanda-Wagner's office came to recover the documents.

 
Information Source:
PHIPrivacy.net
records from this breach used in our total: 0

January 8, 2013 Morgan Road Middle School
Hephzibah, Georgia
EDU PORT

Unknown

An unencrypted flash drive was stolen from a teacher's car.  It contained student Social Security numbers and other information.  

 
Information Source:
Databreaches.net
records from this breach used in our total: 0

January 8, 2013 Charlotte-Mecklenburg Schools
Charlotte, North Carolina
EDU PHYS

80

An employee working in human resources was robbed while transporting information between school districts.  The employee stopped for lunch and discovered that personnel files containing names, Social Security numbers, addresses, dates of birth, and driver's license numbers had been stolen from their car.

 
Information Source:
Databreaches.net
records from this breach used in our total: 80

January 8, 2013 Texas Department of Health and Human Services
Austin, Texas
MED INSD

Unknown

A dishonest employee was arrested on suspicion of misusing client information to apply for credit cards.  The dishonest employee was able to pose as different clients seeking immunizations and other services.  She was charged with fraudulent use or possession of identifying information and credit card abuse.  

UPDATE (01/31/2013): The employee was working for the Northeast Texas Public Health district when she was arrested for stealing the identities of patients at a clinic in Mount Pleasant.  She began working in the Texas Department of State Health Services clinic in 2008.

 
Information Source:
PHIPrivacy.net
records from this breach used in our total: 0

January 7, 2013 Centric Group, LLC
St. Louis, Missouri
BSR UNKN

Unknown

It is not clear if this breach is related to the August 2010 theft of a laptop from Centric Software in Campbell, California.

Those with questions may call 1-800-416-4601.

Anyone who purchased items on www.accesscatalog.com using a credit card may have been affected by a breach that began in August 2010.  An unauthorized party may have obtained names, credit or debit card numbers, expiration dates, and payment card verification codes.  Centric Group learned of the incident on or around December 13, 2012.

 
Information Source:
California Attorney General
records from this breach used in our total: 0

January 7, 2013 Office of Dr. Calvin L. Schuster
Reedley, California
MED STAT

532 (No SSNs or financial information reported)

Those with questions may call Dr. Schuster's office at 1-855-638-1443.

A computer was stolen during an office burglary that occurred sometime around November 5, 2012.  The computer contained patient names, dates of birth, and a minimal amount of patient medical information.

 
Information Source:
California Attorney General
records from this breach used in our total: 0

January 7, 2013 Woodwinds Hospital
Woodbury, Minnesota
MED INSD

Unknown

An employee kept 200 pages of confidential information in an effort to prove that Woodwinds Hospital was trying to conceal evidence of medical misconduct.  The employee was discharged in 2010 for reasons unrelated to removing the information.  She claims to have taken them home after being ordered to destroy any information related to incidents that could damage Woodwinds Hospital's reputation.

 
Information Source:
PHIPrivacy.net
records from this breach used in our total: 0

January 6, 2013 Oldcastle APG, Inc.
Atlanta, Georgia
BSR PORT

5,083

A laptop was stolen from an employee's car on or around December 10.  APG employees may have had their names, Social Security numbers, bank account information, and other information exposed.  

 
Information Source:
Databreaches.net
records from this breach used in our total: 5,083

January 4, 2013 Reyes Beverage Group
Rosemont, Illinois
BSR DISC

Unknown

Those with questions may call Reyes Holdings Ethics Hotline at (888) 295-6392 or email ethicshotline@reyesholdings.com

A report containing the names and Social Security numbers of a group of Reyes Beverage Group's California employees was accidentally sent to the personal email address of an employee of Reinhart Foodservice.  Reinhart Foodservice is a Reyes Holdings company as well.  It is unclear how the email was accidentally sent and why it ended up in the personal email of an employee at a different division.

 
Information Source:
California Attorney General
records from this breach used in our total: 0

January 4, 2013 Healing Hearts
Jacksonville, North Carolina
MED INSD

Unknown

The owner of a group of childcare services pleaded guilty to defrauding Medicaid of $8 million.  She and a co-defendant targeted medicaid recipients in order to enroll them in a program and make fraudulent Medicaid claims for mental and behavioral health services.  Additionally, the owner pleaded guilty to misusing at least one therapist's credentials in order to make the claims for mental and behavioral health services.  The scheme took place between 2008 and 2012.

 
Information Source:
California Attorney General
records from this breach used in our total: 0

January 3, 2013 Mission Hospital, St. Joseph Health
Mission Laguna Beach, California
MED PORT

Unknown

Someone called Mission Hospital on August 28, 2012 and claimed that he found a flash drive with sensitive patient information in his garage.  The flash drive was returned to Mission Hospital via mailed envelope on September 11, 2012.  Patients who received services at Mission Hospital between September and November of 2008 may have had their information exposed. The notice that was sent to patients was dated September 14, 2012.  It appears that a contractor or employee misplaced the unencrypted flash drive.

The flash drive contained names, medical record numbers, and account numbers. Additionally, the flash drive may have contained some combination of date of admission, age, birth date, vital readings, physical examination, gender, race, name of physician, medical history, past and current treatment and illnesses, history of substance use, family history, lab tests and results, imaging tests and results, body weight, physician notes on patient, care plan, employment status and employer, prognosis, diagnosis, treatment recommendations, allergies, medications, comments about patient's appearance, patient health complaint, symptoms, reason for referral, and reason for admission information.

 
Information Source:
PHIPrivacy.net
records from this breach used in our total: 0

January 3, 2013 King Drug & Home Care
Owensboro, Kentucky
MED PORT

13,619

An employee reported that a portable hard drive was missing on November 23, 2010.  The device had last been seen sometime around November 19.  The data on the device included information from before July 31, 2009.  Client names, Social Security numbers, medical record numbers, account numbers, dates of service, race, insurance carriers and insurance numbers, addresses, phone numbers, sex, dates of birth, diagnosis information, allergies, initial referral forms, patient assessments/plans of care, physician orders and/or delivery ticket information may have been on the hard drive.

 
Information Source:
PHIPrivacy.net
records from this breach used in our total: 13,619

January 2, 2013 Rosenthal Collins Group
Chicago, Illinois
BSF HACK

Unknown

Anyone who suspects they were a victim of identity theft because of this incident should report it to Rosenthal Collins Group at creditprotection@rcgdirect.com.

An unauthorized intrusion was detected on the morning of Tuesday November 27.  The unauthorized access began on November 26 and access to the breached web application was immediately shut down upon discovery.  Customers who completed Rosenthal Collins Group account forms online may have had their names, Social Security numbers, addresses, dates of birth, range of net worth and income, bank names, passwords for accessing the web application, and email addresses exposed.

 
Information Source:
California Attorney General
records from this breach used in our total: 0

January 2, 2013 Hospice of North Idaho (HONI)
Hayden, Idaho
MED PORT

441 (No SSNs or financial information reported)

Read the full agreement between HHS and HONI here: http://www.hhs.gov/ocr/privacy/hipaa/enforcement/examples/honi-agreement.pdf

The June 2010 theft of an unencrypted laptop from an employee's car resulted in the exposure of patient information.  The HHS Office for Civil Rights investigated the breach and found that HONI had not conducted a risk analysis to safeguard electronic protected health information.  It was also discovered that HONI did not meet a HIPAA Security Rule that required them to have policies or procedures in place to address mobile device security.  HONI agreed to pay the U.S. Department of Health and Human Services' (HHS) $50,000 regarding potential Health Insurance Portability and Accountability Act of 1996 Security Rule violations.  HONI also began taking extensive steps to improve their HIPAA Privacy and Security compliance program since the June 2010 breach.

 
Information Source:
PHIPrivacy.net
records from this breach used in our total: 0

December 31, 2012 Sunview Vineyards Of California, Inc.
Delano, California
BSR PORT

Unknown

An office theft of an unencrypted laptop on or around December 15 resulted in the exposure of confidential personal information.  The laptop contained an Excel spreadsheet with workers' compensation information such as names, Social Security numbers, telephone numbers, and other workers' compensation claim or injury information.

 
Information Source:
California Attorney General
records from this breach used in our total: 0

December 29, 2012 US Army Fort Monmouth
Oceanport, New Jersey
GOV HACK

36,000

Those with questions may call (443) 861-6571.

Hackers were able to access database information from Command, Control, Communications, Intelligence, Surveillance and Reconnaissance as well as nongovernmental personnel and people who visited Fort Monmouth.  The breach was discovered and addressed on December 6.  names, Social Security numbers, dates of birth, places of birth, home addresses, and salaries were exposed.

 
Information Source:
Media
records from this breach used in our total: 36,000

December 28, 2012 East San Gabriel Valley Regional Occupational Program and Technical Center
West Covina, California
GOV DISC

Unknown

A sensitive document was accidentally attached to an email that was sent to students.  The attachment contained names, Social Security numbers, dates of birth, student attendance information, and information regarding their program.  The email was intended to inform students about open positions.

 
Information Source:
California Attorney General
records from this breach used in our total: 0

December 28, 2012 Gibson General Hospital
Princeton, Indiana
MED PORT

29,000

The November 27 theft of a laptop may have resulted in the exposure of patient information.  Names, Social Security numbers, addresses, and clinical information may have been exposed.  Patients who have received services since 2007 may have been affected.

 
Information Source:
PHIPrivacy.net
records from this breach used in our total: 29,000

December 28, 2012 Carewise Health, Hewlett-Packard Enterprise Services
Louisville, Kentucky
MED HACK

1,090 (unknown number of SSNs)

An employee responded to a telephone computer phishing scam.  The person was employed by a subcontractor of Hewlett-Packard Enterprise Services (HP ES) named Carewise Health.  Unauthorized users were able to remotely access a database of Medicaid client information as a result of the phishing attempt.  Eventually HP ES and Carewise Health were able to disable the laptop and notify the Cabinet for Health and Family Services of the breach.

UPDATE (01/02/2013): The employee revealed information to the hacker in mid-November.

 
Information Source:
PHIPrivacy.net
records from this breach used in our total: 0

December 26, 2012 Integris Health
Oklahoma City, Oklahoma
MED HACK

Unknown

A team of cyber security consultants discovered vulnerabilities in the Omnicell web system.  Unauthorized users could gain control of certain hospital operations run by Integris Health.  The issue was immediately addressed by Omnicell.

 
Information Source:
PHIPrivacy.net
records from this breach used in our total: 0

December 24, 2012 State of California Department of Health Care Services (DHCS)
Sacramento, California
MED DISC

Unknown

Those who were affected may call DHCS at (855) 297-5064.

Beneficiary Identification Cards (BICs) were mailed to the wrong recipients between December 10 and December 18.  A computer programming error caused the BICs of children being moved from Healthy Families program enrollment to Medi-Cal enrollment to be sent to households of other Medi-Cal and Healthy Families participants.  Names, Client Index Numbers, dates of birth, genders, and card issue dates were exposed.  People who received incorrect cards were instructed to return them.  Stamped envelopes that were addressed to DHCS were sent out with breach notifications. 

 
Information Source:
California Attorney General
records from this breach used in our total: 0

Breach Total
864,188,052 RECORDS BREACHED
(Please see explanation about this total.)
from 4,252 DATA BREACHES made public since 2005
Showing 651-700 of 4252 results


X

Sign In!

Loading