Chronology of Data Breaches
Security Breaches 2005 - Present

Posted Date: April 20, 2005
Updated Date: December 31, 2013

Is this your first visit to our Chronology of Data Breaches?

  • Read our FAQ about what we define as a breached record, how we calculate the "total" records breached, our data sources, state breach notice laws, studies and other resources

  • Learn how to use our Chronology and take advantage of its sophisticated search and sort features

  • Get our RSS Feed to see when we add new breaches to the list

What would you like to do?


Click or unclick the boxes then select go.


Select features then click GO. To modify your search, check or uncheck the boxes and click GO.


Reset the checkboxes to the default "all selected."

Help Guide

Can't find the sort feature you're looking for? Click here to download a CSV file of the data breach list as it exisits today.

display_id:page_1

display_id:page_1

Breach Total
816,324,756 RECORDS BREACHED
(Please see explanation about this total.)
from 4,517 DATA BREACHES made public since 2005
Date Made Publicsort ascending Name Entity Type
June 21, 2013 Gulf Breeze Family Eyecare (Sight and Sun Eyeworks Gulf Breeze)
Gulf Breeze, Florida
MED INSD

Unknown

Sight and Sun learned of a patient privacy breach on May 17.  Patient names, Social Security numbers, addresses, medical record numbers, and other personal information may have been exposed.  An employee accessed and copied patients' electronic medical records without legitimate purpose.

UDPATE (06/26/2013): A total of 9,000 patients were affected.  It appears that the records were accessed to target patients for other medical service offerings.

 
Information Source:
Media
records from this breach used in our total: 0
June 20, 2013 Comfort Dental
Indianapolis, Indiana
MED PHYS

6,500

Nearly 7,000 patient records were found in a publicly accessible dumpster.  A local news team investigated the breach and found the names, Social Security numbers, addresses, phone numbers, dates of birth, X-rays, dental information, credit card numbers, medical histories, and other sensitive information of Comfort Dental patients.  Comfort Dental patients who were seen at offices in Marion, Indiana and Kokomo, Indiana may have been affected.  The news team reported the issue around March 18, 2013 and removed the records.

 
Information Source:
PHIPrivacy.net
records from this breach used in our total: 6,500
June 19, 2013 Ephrata Community Hospital
Ephrata, Pennsylvania
MED INSD

Unknown

Ephrata Community Hospital posted an official notice here:

http://www.ephratahospital.org/HospitalOverview/AboutUs/News/tabid/168/anid/100/Default.aspx

Those with questions may call 1-888-414-8021 and enter the reference code: 8934061413.

An employee inappropriately accessed patient information.  The incident or incidents were discovered on April 16. Patient clinical and other medical information may have been exposed. No Social Security numbers were exposed.

 
Information Source:
Media
records from this breach used in our total: 0
June 19, 2013 City of Houston, Automatic Data Processing
Houston, Texas
GOV DISC

6,300

A software code error caused W-2 information to be exposed.  Approximately 1,300 classified Houston Police Department employees and 5,000 other local government workers were affected.  Names and Social Security numbers were exposed.

 
Information Source:
Media
records from this breach used in our total: 6,300
June 17, 2013 Yolo Federal Credit Union
Woodland, California
BSF UNKN

Unknown

Yolo was notified by Visa that there may have been a breach at several merchant locations.  Yolo was not the sight of the breach, but customers were issued new payment cards.  The issue was reported to Yolo on May 31.  

 
Information Source:
Media
records from this breach used in our total: 0
June 14, 2013 Fayetteville Veterans Affairs Medical Center
Fayetteville, North Carolina
MED PHYS

1,093

Optical shop consultation reports were placed in a publicly accessible recycling bin over a period of three months rather than properly disposed.  The documents contained names, Social Security numbers, addresses, dates of birth, and prescriptions.  The issue was discovered on April 17 and most likely started in January of 2013.

 
Information Source:
PHIPrivacy.net
records from this breach used in our total: 1,093
June 14, 2013 Florida Department of Health
Florida,
MED DISC

3,300 (No Social Security Numbers reported)

Information on personal drug prescriptions from the Florida Department of Health somehow ended up in the hands of prosecution lawyers.  Names, addresses, phone numbers, pharmacies, and drug dosages were obtained by lawyers involved in six prescription-drug fraud cases. The American Civil Liberties Union of Florida began an investigation into how the records were exposed.

 
Information Source:
Media
records from this breach used in our total: 0
June 12, 2013 Sentara Virginia Beach General Hospital
Virginia Beach, Virginia
MED PHYS

Unknown

Two men claimed to be from a recycling company and stole over 200 pounds of x-ray film that contained sensitive patient information.  The men transported the x-rays from the hospital without incident by using a moving truck. The breach occurred in 2012 and affected less than 500 patients.

 
Information Source:
Databreaches.net
records from this breach used in our total: 0
June 12, 2013 Wyndham Vacation Ownership
Orlando, Florida
BSR INSD

Unknown

The Orlando Police Department notified Wyndham Vacation Ownership that a Wyndham employee had been arrested for participating in fraudulent credit card purchases.  The dishonest employee was fired the next day and may have obtained customer credit card numbers.  Wyndham learned of the issue on January 18.

 
Information Source:
Media
records from this breach used in our total: 0
June 12, 2013 Lucile Packard Children's Hospital
Palo Alto, California
MED PORT

12,900 (No SSNs or financial information reported)

A press release from Lucile Packard can be found here: http://www.lpch.org/aboutus/news/releases/2013/patient-notification.html.

Between May 2 and May 8, a non-functional laptop computer was stolen from a secured area of the hospital.  The laptop was password protected and contained names, ages, medical record numbers, telephone numbers, scheduled surgical procedures, and names of physicians involved in procedures between 2009 and 2012.  

 
Information Source:
PHIPrivacy.net
records from this breach used in our total: 0
June 12, 2013 comScore
Reston, Virginia
BSR DISC

Unknown

Two comScore panelists filed a lawsuit in August of 2011 after downloading comScore software.  Allegedly, comScore collected and sold consumers' Social Security numbers, credit card numbers, financial information, retail transactions, and other personal information.  The action may have violated the Stored Communications Act, the Computer Fraud and Abuse Act, the Electronics Communications Privacy Act, and the Illinois Consumer Fraud and Deceptive Practices act. The lawsuit might cover tens of millions of people who have downloaded comScore software since 2005.  In June of 2013, the Seventh Circuit Court of Appeals in Chicago denied comScore's request to overturn a lower court's decision that had allowed the suit to proceed as a class action suit.

 
Information Source:
Media
records from this breach used in our total: 0
June 12, 2013 comScore
Reston,
BSR DISC

Unknown

Two comScore panelists filed a lawsuit in August of 2011 after downloading comScore software.  Allegedly, comScore collected and sold consumers' Social Security numbers, credit card numbers, financial information, retail transactions, and other personal information.  The action may have violated the Stored Communications Act, the Computer Fraud and Abuse Act, the Electronics Communications Privacy Act, and the Illinois Consumer Fraud and Deceptive Practices act. The lawsuit might cover tens of millions of people who have downloaded comScore software since 2005.  In June of 2013, the Seventh Circuit Court of Appeals in Chicago denied comScore's request to overturn a lower court's decision that had allowed the suit to proceed as a class action suit.

 
Information Source:
Media
records from this breach used in our total: 0
June 11, 2013 South Florida State Hospital, GEO Care LLC
Pembroke Pines, Florida
MED INSD

710

A dishonest employee and his cousin pleaded not guilty to charges of conspiracy to commit identity theft, conspiracy to disclose individuals' health information, access device fraud, wrongful disclosure of health information, and aggravated identity theft.  The men are accused of stealing the names and Social Security numbers of patients to file fraudulent income tax returns between September of 2012 and April of 2013.

UPDATE (08/28/2013): A total of 710 patients were affected by the breach on April 16.

 
Information Source:
PHIPrivacy.net
records from this breach used in our total: 710
June 10, 2013 Independence Care System
New York, New York
MED PORT

2,434 (No SSNs or financial information involved)

The May 7 home burglary of an employee's home resulted in the theft of a laptop that contained patient information.  Fewer than 60% of the affected members had their names, zip codes, and Independence Care System (ICS) Member ID numbers exposed.  Approximately 40% of those affected also had their street address, phone number, Medicaid ID number, and enrollment and/or disenrollment date exposed.  ICS plans to implement a two-factor authentication system for network access by September of 2013 to prevent the issued from occurring again.

 
Information Source:
PHIPrivacy.net
records from this breach used in our total: 0
June 9, 2013 Emmorton Associates
Abingdon, Maryland
MED PHYS

75

A counselor's file cabinet was burglarized sometime between December 10 and December 21.  It contained client files with names, Social Security numbers, dates of birth, addresses, telephone numbers, diagnosis, treatment information, insurance information, and emergency contact information.

 
Information Source:
PHIPrivacy.net
records from this breach used in our total: 75
June 9, 2013 Health Resources of Arkansas
Heber Springs, Arkansas
MED PHYS

1,911

Health Resources of Arkansas' notice can be found here: http://www.healthresourcesofarkansas.com/assets/files/breach-of-conf-notice.pdf

On April 14, 2013 staff members discovered that their location had been burglarized.  Names, Social Security numbers, addresses, dates of birth, diagnosis information, types of treatments, classes attended, court information, services provided, or insurance information of persons served by the location could have been accessed during the burglary.  Notifications were sent during the week of May 20. 

 
Information Source:
HHS via PHIPrivacy.net
records from this breach used in our total: 1,911
June 9, 2013 Integrity Oncology, Baptist Medical Group, North Atlantic Telecom
, Tennessee
MED UNKN

539 (No SSNs or financial information reported)

Integrity Oncology has multiple locations in Tennessee.

Integrity Oncology's business associate North Atlantic Telecom discovered a breach incident on March 5.  

 
Information Source:
HHS via PHIPrivacy.net
records from this breach used in our total: 0
June 9, 2013 City of Norwood
Norwood, Ohio
MED PORT

500 (No SSNs or financial information reported)

A laptop that contained protected health information was lost between the dates of April 4 and April 19.  

 
Information Source:
HHS via PHIPrivacy.net
records from this breach used in our total: 0
June 9, 2013 Laboratory Corporation of America (LabCorp)
Burlington, North Carolina
MED STAT

Unknown

The theft of a computer that was scheduled to be destroyed may have exposed patient names, birthdates, and Medicare subscriber numbers.

 
Information Source:
PHIPrivacy.net
records from this breach used in our total: 0
June 9, 2013 Office of Kara Falck, Other World Computing
Takoma Park, Maryland
MED PORT

Unknown

A hard drive from the therapy service was purchased and then returned to Other World Computing.  A doctor in Germany later contacted the therapy service and confirmed that he had received the hard drive.  Client information, progress notes, and billing notes could be found on the hard drive though the doctor had believed he was purchasing a new or refurbished hard drive.  Other World Computing or the hard drive's manufacturer failed to clear the hard drive before it was resold.  The hard drive was resold to its original owner in order to safeguard the therapeutic client information.

 
Information Source:
PHIPrivacy.net
records from this breach used in our total: 0
June 7, 2013 Raley's Supermarket
West Sacramento, California
BSR HACK

Unknown

Raley's supermarket announced they may have been the target of a cyberattack that affected customers who used their credit or debit cards at any of its stores. The supermarket chain launched an investigation but had yet to find any evidence of unauthorized access to payment card data.

Reportedly, the supermarket chain was contacted by a credit card company regarding  suspicious activity on customers credit cards on May 30, 2013.

 
Information Source:
Media
records from this breach used in our total: 0
June 6, 2013 Sutter Health East Bay Region: Alta Bates Summit Medical Center, Sutter Delta Medical Center, Eden Medical Center
Sacramento, California
MED UNKN

4,500

Patients who visited Sutter Health's Alta Bates Summit Medical Center, Sutter Delta Medical Center, or Eden Medical Center may have had their names, Social Security numbers, dates of birth, gender, addresses, zip codes, home phone numbers, marital status, names of employers, and work phone numbers exposed.  The Alameda County Sheriff's office notified Sutter Health of the potential breach on May 23.  It is unclear what the source of the breach might be.

UPDATE (06/10/2013): The information was found during a narcotics raid.  The personal information of nearly 4,500 patients was discovered.

UPDATE (07/29/2013): Nelson Family of Companies, a staffing firm, was also involved.

 
Information Source:
California Attorney General
records from this breach used in our total: 4,500
June 6, 2013 SynerMed, Inland Valleys IPA, Inland Empire Health Plan
Monterey Park, California
MED PORT

1,566 (No SSNs or financial information reported)

The theft of an employee's laptop resulted in the exposure of patient information.  The theft occurred on the night of April 14 or the early morning of April 15 when a thief broke into the employee's automobile.  The laptop was password-protected and reported missing on the morning of the April 15.  The laptop's access to the SynerMed systems was eliminated on the morning of April 15 and the laptop contained member names, membership numbers, member addresses, CPT Codes, Diagnosis Codes, and dates of birth.

UPDATE (06/07/2013): The laptop belonged to a group of independent California physicians managed by SynerMed, Inc. called Inland Valleys IPA.

UPDATE (06/17/2013): There were no Social Security numbers on the laptop.

UPDATE (06/21/2013): A total of 1,566 people were affected.

UPDATE (07/01/2013): A total of 3,164 patients were affected.

 
Information Source:
California Attorney General
records from this breach used in our total: 0
June 6, 2013 Town of Brookhaven
Brookhaven, New York
GOV DISC

78

A law enforcement employee made a clerical error that caused the Social Security numbers of 78 ambulance workers and beneficiaries to be available on the town website for five days.  The information was accidentally attached to a resolution.  A very similar error had occurred before and this one was caused by a failure to click on the "no public access" check box in the computer system to privatize the information.

 
Information Source:
Media
records from this breach used in our total: 78
June 5, 2013 University of Massachusetts - Amherst
Amherst, Massachusetts
EDU HACK

1,700

The information of almost 1,700 clients of the Center for Language, Speech, and Hearing may have been exposed.  A computer workstation was found to be infected by a malicious software program.  Client Social Security numbers, addresses, names of health insurers, and primary health care or referring doctors may have been accessible because the computer was compromised.

 
Information Source:
Media
records from this breach used in our total: 1,700
June 5, 2013 Massachusetts Mutual Life Insurance Company, MassMutual Financial Group
Springfield, Massachusetts
BSF DISC

Unknown

The 401(k) retirement plan information of certain clients was inadvertently exposed when a MassMutual account manager sent an email on May 8.  Names, Social Security numbers, investment elections, and account balances were included in the email.  A third party provider received the email and confirmed that the information was deleted without being saved or copied. The employee who accidentally sent the sensitive email received training on proper security procedures.

 
Information Source:
California Attorney General
records from this breach used in our total: 0
June 3, 2013 Health Information Trust Alliance
Frisko, Texas
MED HACK

111 (No SSNs or financial information reported)

A hacking incident resulted in the exposure of 111 records.  Names, phone numbers, addresses, email addresses, and company names were exposed.

 
Information Source:
Media
records from this breach used in our total: 0
June 3, 2013 Office of Dr. Lee D. Pollan, DMD, PC.
Rochester, New York
MED PORT

13,806

The theft of the doctor's laptop may have exposed patient information.  The theft occurred sometime between November 6, 2012 and November 15, 2012.  Information related to patient names, dates of birth, addresses, Social Security numbers, diagnose and surgery billing codes, dates of service, and person responsible for the billing was on the laptop.  

 
Information Source:
PHIPrivacy.net
records from this breach used in our total: 13,806
June 3, 2013 Champlain College
Burlington, Vermont
EDU PORT

14,217

Those with questions may call 877-643-2062.

During the weekend of June 3, a hard drive was discovered to have been misplaced.  The device had been left unattended in a computer lab for about two days in March.  The hard drive contained names, Social Security numbers, and other information related to admissions and financial aid for the Fall 2010 through the February 2013 school terms.  Some graduate and continuing professional studies students may have also been affected.

 
Information Source:
Media
records from this breach used in our total: 14,217
May 31, 2013 Bon Secours Hampton Roads Health System, Bon Secours Mary Immaculate Hospital
Newport News, Virginia
MED INSD

5,000

An April 2013 audit revealed that a patient's medical record had been accessed in a way that was inconsistent with hospital policy.  A further investigation revealed that two team members of the patient care team had accessed the records of multiple patients in ways that were inconsistent with their job function.  The employees were fired.   Patient names, dates and times of service, provider and facility names, Social Security numbers, internal hospital medical records and account numbers, dates of birth, diagnosis, medications, vital signs, and other treatment information may have been accessed.

 
Information Source:
PHIPrivacy.net
records from this breach used in our total: 5,000
May 31, 2013 RentPath, Inc. (Primedia)
Norcross, Georgia
BSO INSD

56,000

An independent contractor with access to Primedia's network operations group was found to have stolen hardware.  The issue was discovered on June 20, 2012.  Applicants, employees, and former employees may have had several different types of personal information stolen. Approximately 56,000 Social Security numbers were discovered among the various types of information.  Approximately 30,000 former employees, employees, and applicants were identified and notified of the breach.  The other 26,000 have yet to be identified.

 
Information Source:
California Attorney General
records from this breach used in our total: 56,000
May 31, 2013 University Dental Associates
Brooklyn, New York
MED PORT

2,400

The November 21 office theft of a laptop resulted in the exposure of patient information.  Names, Social Security numbers, dates of birth, addresses, and billing codes were on the laptop.

 
Information Source:
PHIPrivacy.net
records from this breach used in our total: 2,400
May 30, 2013 Drupal.org
,
BSO HACK

Unknown

Drupal is a volunteer-based organization and doesn't have a central location.

A hacker or hackers exploited a vulnerability in a third-party software and used it to access accounts on drupal.org. The hackers were able to upload files to the association.drupal.org and compromised Drupal's serer. Accounts on groups.drupal.org may have also been exposed. Usernames, email addresses, hashed passwords, and country information may have been exposed.

 
Information Source:
Media
records from this breach used in our total: 0
May 30, 2013 California Department of Developmental Services
Sacramento, California
MED PHYS

Unknown

Stacks of patient and billing records were left in an unsecured and abandoned office in March of 2012. Credit card and Social Security numbers may have been exposed.

 
Information Source:
Media
records from this breach used in our total: 0
May 30, 2013 California Department of Developmental Services
Santa Monica, California
MED PORT

18,100

An employee at North Los Angeles County Regional Center left a work laptop, a personal laptop, and an iPhone in their car overnight. The items were stolen during the night.  The employee worked for a program that served disabled infants and toddlers.  Names, Social Security numbers, and other personal information were on the unencrypted work laptop.  The theft occurred in November and patients were notified in January of 2013. 

 
Information Source:
Media
records from this breach used in our total: 18,100
May 30, 2013 Anasazi Hotel, LLC
Sante Fe, New Mexico
BSO HACK

Unknown

Anasazi Hotel learned that it was a common link in a number of fraudulent credit card activities.  An investigation revealed that Anasazi's network had been accessed and customer credit card information had been accessed.  Malware that could transmit customer names and credit card information was on Anasazi's system.  Anyone who used a credit card at Anasazi between June 18, 2012 and March 21, 2013 may have been affected.

 
Information Source:
California Attorney General
records from this breach used in our total: 0
May 30, 2013 Utah Division of Motor Vehicles (DMV)
Salt Lake City, Utah
GOV INSD

Unknown

An employee of the Utah Division of Motor Vehicles was fired in March for releasing confidential, personal information from DMV databases.  The former employee was a customer service clerk who had worked for the division for 14 years.  Investigators also took the former employee's work hard drive, computer, printer, and other items that might have contained sensitive data.  The items will be investigated in a forensics lab.

 
Information Source:
Media
records from this breach used in our total: 0
May 29, 2013 University of Florida
Gainesville, Florida
MED INSD

5,682

The University of Florida's statement can be read here: http://news.ufl.edu/2013/05/29/potential-identity-theft-2/

A dishonest employee working at University of Florida Health Pediatrics at Tower Square is suspected of participating in an identity theft ring.  The former employee had access to pediatric patient records that included names, Social Security numbers, addresses, and dates of birth. The University of Florida learned about the issue on April 11.

 
Information Source:
Media
records from this breach used in our total: 5,682
May 29, 2013 Jackson Health System
Miami, Florida
MED PHYS

1,407 (No SSNs or financial information reported)

A box that contained patient medical records was determined to have been missing since January.  Patient medical diagnoses, surgical procedures, and other personal health information may have been exposed. The missing records were either on their way to be electronically scanned or returning from being scanned.

 
Information Source:
Media
records from this breach used in our total: 0
May 29, 2013 TJG, Inc., Target Marketing
Ashland, Virginia
BSO HACK

Unknown

The Target Marketing website was accessed by unauthorized parties on May 14.  People who used debit or credit cards on the online e-commerce platform may have had their names, email addresses, payment card numbers, expiration dates, and CVV codes accessed.

UPDATE (05/29/2013): Shumsky in Dayton, Ohio was also affected. Shumsky customers may have had their names, addresses, email addresses, credit/debit card numbers, payment card expiration dates, and CVV codes accessed.

 
Information Source:
California Attorney General
records from this breach used in our total: 0
May 29, 2013 Palm Garden of Winter Haven
Winter Haven, Florida
MED INSD

100 (13 people confirmed to have been affected)

Patient information was found in a dishonest employee's car.  The information of more than 100 people who lived at Palm Garden of Winter Haven nursing home was found and the dishonest employee was charged with 13 counts of stealing identification information.

 
Information Source:
PHIPrivacy.net
records from this breach used in our total: 100
May 28, 2013 Beachbody
Santa Monica, California
BSR HACK

Unknown

Hackers accessed Beachbody's Powder Blue website. Beachbody learned of the incident on April 17 and found that customer credit card numbers, email addresses, mailing addresses, telephone numbers, full names, and CVV numbers may have been accessed.

 
Information Source:
California Attorney General
records from this breach used in our total: 0
May 28, 2013 Godiva
New York, New York
BSR PORT

2,638

An individual contact Godiva sometime around April 15 and informed them that a flash drive with Godiva employee information had been found.  The information included employee ID numbers, Social Security numbers, dates of birth, phone numbers, resumes, and photos for people who worked at or applied to Godiva sometime prior to August 5, 2010.  The flash drive was once used by an employee with access to human resources data and an investigation revealed that there was nor eason to suspect that the information had been misused.  

A total of 2,638 California residents may have been affected. It is not clear how many people were affected nationwide.

 
Information Source:
Media
records from this breach used in our total: 2,638
May 24, 2013 Sonoma Valley Hospital
Sonoma, California
MED DISC

1,350 (No SSNs or financial information reported)

An employee error caused patient information from surgeries to appear on the internet.  Names, dates of service, procedures, surgeons, hospital charges, and names of insurance companies were accidentally uploaded.  The breach occurred on February 14 and was discovered on April 17.  

UPDATE (07/10/2013): Surgical services covering information from July 1, 2011 to June 30, 2012 was posted on the Sonoma Valley Hospital website.

 
Information Source:
PHIPrivacy.net
records from this breach used in our total: 0
May 23, 2013 Institutional Shareholder Services
Boston, Massachusetts
BSO INSD

100 (No SSNs or financial information reported)

An employee of Institutional Shareholder Services (ISS) shared nonpublic voting data in exchange for $15,000 in concert tickets and $20,000 in meals.  From 2007 through early 2012 an ISS employee provided nonpublic information on how over 100 ISS clients were voting on proxy ballots to a firm that gathers shareholder votes.  ISS will pay The Securities and Exchange Commission $300,000 to settle civil charges and penalties.  ISS neither admitted nor denied Securities and Exchange Commission allegations that it violated financial adviser rules designed to prevent misuse of non-public consumer information.

 
Information Source:
Media
records from this breach used in our total: 0
May 22, 2013 Department of Homeland Security (Customs and Border Protection, Immigration and Customs Enforcement)
Washington, District Of Columbia
GOV HACK

10,000

Department of Homeland Security employees working in the headquarters office for Immigration and Customs Enforcement and Customs and Border Protection between 2009 and 2013 may have had their names, Social Security numbers, and dates of birth exposed.  Tens of thousands of employees were affected. Though one or more unauthorized users had access to the information, there is no evidence that any employee data was stolen or lost. Law enforcement officials discovered a vulnerability in an unnamed vendor's system that is used for processing background investigations.

 
Information Source:
Media
records from this breach used in our total: 10,000
May 22, 2013 Vendini, Inc.
San Francisco, California
BSO HACK

22,900

Those with questions may call Vendini at 800-836-0473.

Vendini's blog statement can be read here: http://blog.vendini.com/

Anyone who used Vendini for ticket purchases may have had their financial information exposed during a March breach.  A hacker accessed Vendini's server and may have obtained customer names, addresses, email addresses, credit card numbers, and credit card expiration dates.  A total of 22,900 customers from Augusta, Maine may have been affected.  It is unclear if people from other states were also affected.

UPDATE (06/12/2013): The unauthorized intrusion was first detected on April 25.  

 
Information Source:
Media
records from this breach used in our total: 22,900
May 21, 2013 Lifeline (Federal Communications Commission), TerraCom Inc., YourTel America Inc.
Washington, District Of Columbia
GOV DISC

127,000 (44,000 Social Security numbers exposed)

TerraCom customers who have questions may call 1-855-297-0243.

Around 44,000 application forms and 127,000 supporting documents for Lifeline were posted online.  Lifeline is a federal program that provides discount internet and phone service for low-income Americans.  Information such as name, Social Security number, scans of food-stamp cards, driver's licenses, tax records, pay stubs, and parole letters was available online. the information had been available since at least March and was removed April 26.

UPDATE (05/23/2013): The story was originally released by Scripps Howard News Service when a reporter found completed Lifeline applications by searching Google for TerraCom-related information.  Terracom and Yourtel are threatening to hold Scripps accountable for costs associated with the breach.  These alleged costs include potentially complying with more than 20 state data breach notification laws.

 
Information Source:
Media
records from this breach used in our total: 44,000
May 21, 2013 DENT Neurological Institute
Buffalo, New York
MED DISC

10,000 (No SSNs or financial information reported)

DENT Neurological Institute accidentally emailed the private information of more than 10,000 patients.  No sensitive medical files or Social Security numbers were involved.

 
Information Source:
Media
records from this breach used in our total: 0
May 21, 2013 Erie County Department of Social Services
Buffalo, New York
MED PHYS

Unknown

An audit revealed that several employees had not been following correct protocol for patient record disposal.  Employees had inadvertently exposed Social Security numbers, copies of birth certificates, personal medical records, tax returns, bank account information, inmate records, payroll information, court records, and passports.  Employees should have been using locked disposal totes for shredding and were discarding documents in recycling totes instead.

 
Information Source:
Media
records from this breach used in our total: 0
Breach Total
816,324,756 RECORDS BREACHED
(Please see explanation about this total.)
from 4,517 DATA BREACHES made public since 2005

Pages

Showing 701-750 of 4517 results