Chronology of Data Breaches
Security Breaches 2005 - Present

Posted Date: April 20, 2005
Updated Date: December 31, 2013

Is this your first visit to our Chronology of Data Breaches?

  • Read our FAQ about what we define as a breached record, how we calculate the "total" records breached, our data sources, state breach notice laws, studies and other resources

  • Learn how to use our Chronology and take advantage of its sophisticated search and sort features

  • Get our RSS Feed to see when we add new breaches to the list

What would you like to do?


Click or unclick the boxes then select go.


Select features, then click GO.



Help Guide

Can't find the sort feature you're looking for? Click here to download a CSV file of the data breach list as it exisits today.
Breach Total
864,188,052 RECORDS BREACHED
(Please see explanation about this total.)
from 4,252 DATA BREACHES made public since 2005

Save or Print PDF of Entire Breach List including introduction.Save or Print a PDF of Entire Breach List (including introductory FAQ)

Filter breach list before saving or printing PDF. Conduct a search of the Chronology using its sorting features, and Save or Print a PDF of your search results (Select filters)

If you do not have access to PDF, you can print the Chronology in landscape view.

Date Made Publicsort icon Name Entity Type
December 22, 2012 Omnicell, University of Michigan Health System
Ann Arbor, Michigan
MED PORT

3,997 (No SSNs or financial information reported)

An electronic device was stolen from an Omnicell employee's car on November 14.  The device was not encrypted and contained the medication, demographic, and health information of 4,000 patients from three hospitals in the University of Michigan Health System.  

UPDATE (1/2/2013): A total of 3,997 people who were treated between October 24 and November 13 at three hospitals in the University of Michigan Health System were affected.  However, patients of at least 10 Sentara Healthcare and South Jersey Healthcare medical facilities were also affected. A total of 56,000 Sentara Healthcare patients from Sentara CarePlex, Sentara Leigh Hospital, Sentara Norfolk General Hospital, Sentara Obici Hospital, Sentara Princess Anne Hospital, Sentara Virginia Beach General Hospital, Sentara Williamsburg Regional Medical Center, Sentara Belle Harbour, Sentara Independence, and Sentara Port Warwick who were treated between October 18, 2012 and November 9, 2012 were affected.  A total of 8,555 patients from South Jersey Healthcare who were either treated or scheduled for admission between June 1, 2012 and November 12, 2012 were affected.

 
Information Source:
PHIPrivacy.net
records from this breach used in our total: 3,997

December 22, 2012 Coastal Behavioral Healthcare, Inc.
Sarasota, Florida
MED PHYS

4,907 (No SSNs or financial information reported)

Numerous documents containing patient information were found in a vehicle during a traffic stop.  A law enforcement officer notified Coastal Behavioral Healthcare of the potential breach on October 10, 2012.  The documents contained a list of 136 Coastal Behavioral Healthcare patient names and identifying information dated April 2011.  It is unclear how the information was breached and how many additional patients may have been affected.

 
Information Source:
HHS via PHIPrivacy.net
records from this breach used in our total: 0

December 22, 2012 Office of Dr. James M. McGee
Stone Mountain, Georgia
MED PHYS

1,306 (No SSNs or financial information reported)

The September 19 theft of paper records may have resulted in the exposure of dental patient information.  

 
Information Source:
HHS via PHIPrivacy.net
records from this breach used in our total: 0

December 22, 2012 Robbins Eye Center
Bridgeport, Connecticut
MED UNKN

1,749 (No SSNs or financial information reported)

The data of 1,749 patients was stolen during an October 7 incident.  

 
Information Source:
HHS via PHIPrivacy.net
records from this breach used in our total: 0

December 22, 2012 Vidant Pungo Hospital
Belhaven, North Carolina
MED PHYS

1,100 (No SSNs or financial information reported)

Paper jackets that held radiology films were thrown away with office trash instead of being properly discarded.  The paper jackets contained names, addresses, dates of birth, ages, sex, race, and information on dates and names of radiology procedures prior to May of 2012.  The paper jackets are believed to have been picked up by a sanitation company and discarded in a landfill.

 
Information Source:
HHS via PHIPrivacy.net
records from this breach used in our total: 0

December 22, 2012 Brigham and Women's Hospital
Boston, Massachusetts
MED STAT

615 (No SSNs or financial information reported)

The October 16 theft of a desktop computer may have resulted in the exposure of patient information.

UPDATE (12/28/2012): The computer was stolen from the Brigham and Women's Hospital office.  Medical record numbers, age, medications, laboratory values and other clinical information may have been on the computer.  Up to 615 people may have been affected by the theft.

 
Information Source:
HHS via PHIPrivacy.net
records from this breach used in our total: 615

December 21, 2012 The Children's Center
Ammon, Idaho
MED PHYS

Unknown

An employee of Grand Teton Storage removed documents from The Children's Center's storage facility after they failed to pay storage bills.  A concerned citizen found seven boxes of the old medical records and other personal information next to a dumpster.  The information was seven to eight years old and included names, Social Security numbers, addresses, dates of birth, and payroll information.  A Grand Teton Storage employee acknowledged that a mistake had been made and the employee who improperly disposed of the records will face disciplinary action.  Idaho Department of Health and Welfare eventually recovered and secured the records.

 
Information Source:
PHIPrivacy.net
records from this breach used in our total: 0

December 21, 2012 CCS Medical
Savannah, Georgia
MED INSD

6,601 (23 people confirmed affected)

The breach occurred in Florida and the location listed is that of CCS Medical's headquarters.

An employee reported that another employee appeared to have been misusing patient information.  The dishonest employee may have accessed, recorded, and disclosed Social Security numbers and other personal information for the purpose of obtaining fraudulent tax returns.  The employee was reported on September 20 and the possibility that the employee had engaged in dishonest behavior was confirmed on October 17.  Patient information that was maintained by CCS Medical between May 1, and September 21, 2012 may have been accessed.  Notifications were sent to patients on December 7, 2012.  

At least 23 New Hampshire residents may have been affected.  The total number of affected patients nationwide was not reported.

UPDATE (10/1/2013): A total of 6,601 people may have been affected.

 
Information Source:
PHIPrivacy.net
records from this breach used in our total: 23

December 21, 2012 Skagit Valley Casino Resort, Bally Technologies Inc.
Las Vegas, Nevada
BSR PORT

Unknown

An electronic device was stolen from the home office of an employee of Bally Technologies.  The electronic equipment contained names, Social Security numbers, driver's license numbers, and bank account information.  The equipment may have been stolen for its resell value rather than the value of the information.

 
Information Source:
California Attorney General
records from this breach used in our total: 0

December 21, 2012 Fairfax High School
Fairfax, Virginia
EDU HACK

Unknown

Fairfax County Public Schools discovered that student names, ID numbers, grades, and other information were posted online.  Students enrolled in 9th, 10th, and 11th grade were affected.  The information may have only been available for a day before Fairfax County Public Schools began the process of removing it from online.  

 
Information Source:
Databreaches.net
records from this breach used in our total: 0

December 21, 2012 Workers United
New York, New York
BSO PORT

Unknown

The theft of a hard drive from the office of an unnamed independent contractor resulted in the exposure of sensitive information.  The theft occurred on either October 13 or 14 of 2012 and Workers United learned of the issue on October 25.  A database with former Workers United member names and Social Security numbers was on the hard drive.

 
Information Source:
Databreaches.net
records from this breach used in our total: 0

December 20, 2012 Jetro, Restaurant Depot
College Point, New York
BSR CARD

Unknown

Customers who used payment cards in several store locations discovered fraudulent charges on their debit and credit cards.  It is unclear if a breach affected the physical machines in the stores or if the payment processing system was hacked.  The company discovered the issue on December 4 and an investigation revealed that the intrusions began on November 7, 2012.  Anyone who used their payment card in a store between November 7 and December 5 of 2012 should closely review their financial statements.  Customers are also warned to be suspicious of phishing emails or phone calls.  Customers should not give their information out over the phone or respond to emails asking for sensitive information.

 
Information Source:
California Attorney General
records from this breach used in our total: 0

December 19, 2012 New Jersey Department of Health
Trenton, New Jersey
GOV DISC

480 (No SSNs or financial information reported)

Over 480 registered medical marijuana patients received an email from the New Jersey Department of Health.  The email instructed them not to call New Jersey or the dispensary in Montclair to make an appointment.  The email did not hide the email addresses of the recipients.

 
Information Source:
PHIPrivacy.net
records from this breach used in our total: 0

December 18, 2012 A Caring Hand Home Health Care Services, Inc.
Suffolk, Virginia
MED INSD

30

A staffing manager collaborated with the owner of A Caring Hand Home Health Care Services, Inc. (A Caring Hand) to hide Medicaid fraud.  Between January of 2008 and October of 2011 the owner of A Caring Hand submitted about 900 fraudulent Medicaid claims for payment for services provided to 30 Medicaid recipients.  The Medicaid recipients never received those services and around $630,000 was fraudulently obtained by the owner of A Caring Hand.  The staffing manager and other staff members falsified office records at A Caring Hand to cover up the fraud between September 2010 and October 6 of 2011.  The staffing manager was sentenced and the owner of A Caring Hand will be sentenced in January of 2013.

 
Information Source:
PHIPrivacy.net
records from this breach used in our total: 30

December 18, 2012 Western University of Health Sciences
Pomona, California
EDU DISC

Unknown

Western University of Health Sciences' BanWeb Self-Service Federal Work Study reports were accessible to people who used BanWeb with a Western University of Health Sciences user ID and password.  The reports contained names, Social Security numbers, and direct deposit bank account information in some cases. The information was available for an unspecified amount of time. Western University of Health Sciences conducted an investigation and reported that there was no reason to believe sensitive information was accessed by unauthorized BanWeb users.  Western University of Health Sciences disabled access to the reports after learning about the breach on November 14. Notifications were sent on December 18.

 
Information Source:
California Attorney General
records from this breach used in our total: 0

December 17, 2012 Library Systems and Services, LLC
Germantown, Maryland
BSO PORT

Unknown

A laptop was discovered lost or stolen on November 5, 2012.  The possible theft is presumed to have taken place sometime around October 31, 2012.  The laptop may have contained employee names, Social Security numbers, addresses, and dates of birth.

 
Information Source:
California Attorney General
records from this breach used in our total: 0

December 17, 2012 World Travel Holdings (WTH)
Wilmington, Massachusetts
BSO HACK

Unknown

CruiseOne and Crusies Inc. are affiliated with WTH and also mailed notifications to their customers.

An unauthorized party accessed WTH's booking system by misusing the log-in credentials of an authorized user.  Encrypted credit card numbers and expiration dates that were stored and could be decrypted in the system were exposed.

 
Information Source:
California Attorney General
records from this breach used in our total: 0

December 17, 2012 EZ Step
San Jose, California
MED INSD

Unknown

The owner of EZ Step and an employee were both charged with conspiracy to commit health care fraud.  They were also charged on multiple counts of health care fraud.  The charges come from allegations that the two people sought reimbursement by forging physician signatures, fabricating prescriptions and equipment orders, forging patient signatures on delivery forms to misrepresent prescription medication and durable equipment deliveries, and altering valid prescriptions between 2005 and 2007.  Arrests were first made in July of 2011.

 
Information Source:
PHIPrivacy.net
records from this breach used in our total: 0

December 13, 2012 Walgreens
San Diego, California
BSR PHYS

Unknown

At least 36 Walgreens stores in San Diego County had violations.  Over 600 Walgreens stores in California counties such as Alameda, Riverside, Los Angeles, San Joaquin, Solano, Monterey, and Yolo were also involved in the lawsuit.

Walgreens was ordered to pay $16.57 million as a part of a settlement of a civil environmental prosecution.  Walgreens was accused of illegally dumping hazardous waste as well as confidential customer medical information.  It is unclear what type of customer medical information was mishandled.

UPDATE (12/13/2012): The civil enforcement lawsuit was first filed in Alameda County in June of 2012.  It was the result of investigations that took place in San Diego County in the summer and fall of 2011. Investigators discovered that "Walgreens routinely and systematically sent hazardous waste to local landfills and failed to take measures to protect" customer medical privacy.

 
Information Source:
PHIPrivacy.net
records from this breach used in our total: 0

December 13, 2012 Yolo Federal Credit Union
Woodland, California
BSF CARD

Unknown

A skimming device on an ATM resulted in fraudulent transactions on over 800 accounts.  The fraudulent transactions appear to date from October 27, 2012 to November 7, 2012. It is not clear how many skimming devices were involved and where they were located.

 
Information Source:
California Attorney General
records from this breach used in our total: 0

December 12, 2012 Wilton Brands, LLC.
Woodridge, Illinois
BSR HACK

Unknown

Wilton learned that a malicious user was able to view user information between July 19 and October 2 of 2012.  The user had added a file to a computer server that hosts www.wilton.com and www.copco.com.  Names, addresses, telephone numbers, and payment card numbers, expiration dates, and security codes may have been accessed.  The discovery was made sometime around October 31 and notifications were sent on December 10.

The malicious user was unable to access payment card information between October 2 and the discovery of the breach on October 31 because Wilton changed its payment processing system on October 2.  Wilton took additional security measures after learning of the breach on or around October 31.

 
Information Source:
California Attorney General
records from this breach used in our total: 0

December 12, 2012 Mt. Diablo Unified School District
Concord, California
EDU STAT

Unknown

A December 1 office burglary resulted in the theft of an unencrypted computer.  The computer contained files that included current and former Mt. Diablo Unified School District employee names, Social Security numbers, dates of birth, and addresses.  People who were employees between 1998 and 2010 may have been affected.

 
Information Source:
California Attorney General
records from this breach used in our total: 0

December 11, 2012 Pepperdine University
Malibu, California
EDU PORT

8,300

A University laptop was stolen from an employee's locked car.  Pepperdine learned of the theft on November 12, 2012.  The laptop may have contained names, Social Security numbers, addresses, and/or dates of birth.

UPDATE (12/11/2012): As many as 8,300 people may have been affected.  The laptop had been used for work related to the IRS and contained data from as far back as 2008.  About 75 percent of the people affected were students.

 
Information Source:
California Attorney General
records from this breach used in our total: 8,300

December 11, 2012 Jackson Health System, Jackson South Community Hospital
Miami, Florida
MED DISC

566 (No SSNs or financial information exposed)

Approximately 1,200 photo records of 566 patients were publicly posted on November 30.  The information was removed and two managers resigned as a result of the breach.

 
Information Source:
Media
records from this breach used in our total: 0

December 10, 2012 Accume Partners, WeiserMazars
Moorestown, New Jersey
BSF PORT

Unknown

The October 10 theft of a laptop resulted in the exposure of sensitive information.  A WeiserMazars employee had a laptop stolen that contained names, Social Security numbers, and in some cases, addresses, dates of birth, 401(k) information, and payroll information for Accume Partner 401(l) Plan participants.  WeiserMazars audits the statement of net assets available for Accume Partner's 401(k) plan.  WeiserMazars notified Accume Partners on October 31 and Accume Partners sent notifications to those who may have been affected on November 16.

 
Information Source:
California Attorney General
records from this breach used in our total: 0

December 10, 2012 ABQ Health Partners
Albuquerque, New Mexico
MED PORT

Unknown

A laptop computer was discovered lost or stolen.  It contained a spreadsheet of patient names, dates of birth, health plan ID numbers, and diagnosis information.

 
Information Source:
PHIPrivacy.net
records from this breach used in our total: 0

December 10, 2012 West Pittsburgh Partnership
Pittsburgh, Pennsylvania
NGO PHYS

Unknown

A concerned citizen investigated a pile of documents next to a dumpster.  The documents contained names and Social Security numbers.  A local news team responded to the story and contacted a representative from West Pittsburgh Partnership.  West Pittsburgh Partnership began an investigation into how the job placement program documents dating back to 1992 were exposed.

 
Information Source:
Databreaches.net
records from this breach used in our total: 0

December 10, 2012 Michigan State University
East Lansing, Michigan
EDU HACK

1,500 (No Social Security numbers exposed)

A hacker published approximately 1,500 Michigan State University names, email addresses, user IDs, encrypted passwords, and mailing addresses.

 
Information Source:
Media
records from this breach used in our total: 0

December 7, 2012 Pinkerton Government Services (PGS)
Washington, District Of Columbia
BSO STAT

Unknown

The November 15 office theft of several computers may have resulted in the exposure of current and former employee information.  PGS believes that the computers were stolen for their hardware and software value rather than the information they contained.  Some former and current PGS employees had their names, addresses, Social Security numbers, and possibly other types of information exposed.

 
Information Source:
California Attorney General
records from this breach used in our total: 0

December 7, 2012 Carolinas HealthCare System
Charlotte, North Carolina
MED HACK

6,300 (5 SSNs reported)

An unauthorized electronic intrusion may have affected up to 6,300 patients from Carolinas Medical Center-Randolph. The intruder accessed a provider's email account and could have obtained patient names, dates and times of service, dates of birth, diagnosis and prognosis information, medications, results, and referrals.  The Social Security numbers of five patients who had their Social Security numbers sent through or received by the email account may have also been obtained.

 

The issue was discovered on October 8 and the intruder is believed to have accessed emails from the account between March 11, 2012 and October 8, 2012.

 
Information Source:
PHIPrivacy.net
records from this breach used in our total: 5

December 7, 2012 Rock Bottom Auto Sales
Hudson, Florida
BSR PHYS

Unknown

At least eight garbage bags that were left unattended on a dirt road contained sensitive documents.  A woman found the bags and reported the issue to a local news team.  The paperwork included credit applications with names, driver's license information, and Social Security numbers.  

 
Information Source:
Databreaches.net
records from this breach used in our total: 0

December 5, 2012 California Department of Healthcare Services
Sacramento, California
MED DISC

14,000

Those who may have been affected may call 1-855-297-5064 for assistance from DHCS.

Names and Social Security numbers were discovered on the website of the Department of Health Care Services.  People who sent their information in order to become a provider of In-Home Supportive Services (IHSS) may have had their information exposed online between November 5, 2012 and November 20.  The issue was discovered on November 14 and was not fully addressed until November 20.  

The list should have only contained provider names, addresses, and provider types. It also contained Social Security numbers that were listed in the column for Provider Billing Numbers.  The Social Security numbers were not easily recognizable in this format.

UPDATE (12/11/2012): Nearly 14,000 people were affected.

 
Information Source:
California Attorney General
records from this breach used in our total: 14,000

December 4, 2012 Louisiana State University (LSU) Hospital System
Baton Rouge, Louisiana
MED INSD

416

A dishonest employee working in the billing department used her position to access account information.  She scanned checks and identification information from the LSU hospital system database and passed them on to at least four women.  The scheme was discovered when the four women were allegedly caught on camera making purchases with fake checks.  Handwritten Social Security numbers, check and ID card printing items, computers, and copies of scanned checks were found when the womens' homes were searched.

At least seven people face charges that include identity theft, conspiracy to commit identity theft, conspiracy to commit monetary abuse, and possession of fraudulent documents for identification purposes.  The dishonest employee was charged with 377 counts of identity theft.

UPDATE (01/02/2013): LSU Health notified 416 patients after a hospital employee discovered fraudulent activity on her checking account.

 
Information Source:
PHIPrivacy.net
records from this breach used in our total: 416

December 4, 2012 Surgical Associates of Utica, Quanterion Solutions, Inc.
Utica, New York
MED STAT

1,017 (No SSNs or financial information reported)

The theft of a network server on or around September 18 may have resulted in the exposure of sensitive patient information.  A notification was sent to the US Department of Health and Human Services (HHS) on November 16.

 
Information Source:
HHS via PHIPrivacy.net
records from this breach used in our total: 0

December 4, 2012 First Step Counseling, Inc.
Metuchen, New Jersey
MED PHYS

638 (No SSNs or financial information reported)

An unauthorized disclosure of paper records may have exposed patient information.  The breach may have taken place between May 1, 2011 and August 5, 2011.  It was discovered or reported on November 16 of 2012.

 
Information Source:
HHS via PHIPrivacy.net
records from this breach used in our total: 0

December 4, 2012 CVS Caremark
Woonsocket, Rhode Island
MED PHYS

955 (No SSNs or financial information reported)

The theft of paper records may have resulted in the exposure of patient information.  The theft may have occurred on August 13, 2012 and was reported or discovered on November 16, 2012.

 
Information Source:
HHS via PHIPrivacy.net
records from this breach used in our total: 0

December 1, 2012 University of Virginia Medical Center, Continuum Home Infusion
Charlottesville, Virginia
MED PORT

1,846 (Unknown number of SSNs)

A handheld electronic devices used by Continuum pharmacists was discovered missing on October 5.  The device was not encrypted and contained patient names, addresses, diagnoses, medications, and health insurance identification numbers.  Some health insurance identification numbers were Social Security numbers or contained Social Security numbers.  Patients who received services from Continuum during the month of September 2012 and potential patients who were referred to Continuum between August 2007 and September 2012.  Notifications were sent on November 30.

 
Information Source:
PHIPrivacy.net
records from this breach used in our total: 0

December 1, 2012 Jackson North Medical Center, Jackson Health System
Miami, Florida
MED INSD

566

A dishonest volunteer was caught passing patient information to people who used it to file fraudulent tax returns.  The volunteer used his smart phone to capture patient records while working in an emergency room.  Around 1,200 photos of 566 patient records were found on his phone. The breach was discovered when three men were caught using free wi-fi at McDonald's to file fraudulent tax returns in March.

UPDATE (01/11/2013): Jackson Health banned volunteers from using cell phone in patient areas in order to prevent similar events from occurring.

 
Information Source:
PHIPrivacy.net
records from this breach used in our total: 566

November 30, 2012 Inova Fairfax Hospital Cardiac Care Center, Inova Fair Oaks Hospital
Fairfax, Virginia
MED CARD

Unknown

Someone discovered card skimming devices at an ATM near a gift shop of the Inova Fairfax Hospital Cardiac Care Center and at an ATM next to the Inova Fair Oaks Hospital cafeteria.  One device was discovered by a hospital employee who attempted to use the ATM and witnessed the skimmer fall from the ATM.  A skimming device was previously discovered at the same Inova Fairfax Hospital Cardiac Care Center ATM in September.  It is unclear how long the devices were there and people who used them are urged to check their financial statements.

 
Information Source:
PHIPrivacy.net
records from this breach used in our total: 0

November 30, 2012 Florida Hospital Tampa (formerly University Community Hospital Medical Center), Crothall Healthcare, Naval Medical Center (Bob Wilson Naval Hospital)
Tampa, Florida
MED INSD

45

Three people were arrested for their roles in filing 225 fraudulent tax returns.  They face charges of conspiracy, theft of government property, and aggravated identity theft.  About $555,000 in refund money was obtained.  One of the defendants worked at Florida Hospital Tampa through a maintenance and housekeeping company.  Information came from a variety of medical centers in California and Florida.  There was an incident where the dishonest worker provided her co-conspirators with a list of names and Social Security numbers from patients seen at Florida Hospital Tampa on January 17 of 2012 and another incident where ER patient names, Social Security numbers, and other information was stolen from Crothall Healthcare in January.  

 
Information Source:
PHIPrivacy.net
records from this breach used in our total: 45

November 30, 2012 Western Connecticut State University
Danbury, Connecticut
EDU DISC

235,000

A computer vulnerability allowed the information of students, student families, and other people affiliated with the University to be exposed. The records covered a 13 year period and included Social Security numbers.  High school students who had associations with the University may have had their SAT scores exposed as well.  The issue existed between April 2009 and September 2012.  

 
Information Source:
Media
records from this breach used in our total: 235,000

November 29, 2012 WestCoast Children's Clinic
Oakland, California
MED DISC

Unknown

A referral document containing sensitive information was accidentally sent in an email to an unauthorized recipient.  Patient names, Social Security numbers, dates of birth, addresses, and health concerns were sent to a county social worker. The county social worker deleted the sensitive email and any other existing copies of the document were securely deleted from the network.  

The WestCoast Children's Clinic will not provide referral forms to outside agencies in order to protect against future inadvertent sharing of private information.  Disciplinary actions will also be taken against the employees involved in the privacy breach.

 
Information Source:
California Attorney General
records from this breach used in our total: 0

November 29, 2012 St. Catherine Medical Center
Ashland, Pennsylvania
MED PHYS

Unknown

Sensitive patient and employee records were left unsecured in the abandoned medical center.  A November 10 auction of office equipment and computers was held in the medical center, but one person reported seeing piles of sensitive documents and being able to access sensitive items like badges of former employees. The person provided pictures of personnel records and other items that should have been secured. A representative speaking on behalf of those responsible for safeguarding private information responded that the pictures were taken behind an area that had been secured with a rope. Additionally, the person claims that one of the computers that was purchased at the auction still contained sensitive information.

 
Information Source:
PHIPrivacy.net
records from this breach used in our total: 0

November 29, 2012 Vidant Pungo Hospital
Belhaven, North Carolina
MED PHYS

1,100 (No SSNs or financial information reported)

Patient information was exposed by the accidental disposal of paper jackets with old radiology films.  Patient information such as name, address, age, date of birth, race, sex, name of radiology procedure and radiology procedure date was exposed.  The paper jackets were sent to a local landfill.

 
Information Source:
PHIPrivacy.net
records from this breach used in our total: 0

November 28, 2012 Advanced Data Processing, Inc. (ADPI), Grady EMS
Roseland, New Jersey
BSF INSD

At least 15,000 people were affected.

Information from certain ambulance agencies was inappropriately accessed and disclosed.  Patient account information such as names, Social Security numbers, dates of birth, and record identifiers were exposed by a dishonest ADPI employee. ADPI learned of the breach on October 1. The dishonest employee was fired and apprehended by authorities.

UPDATE (12/04/2012): The former ADPI employee stole information associated with Grady EMS ambulance service. About 900 Grady EMS patients had their information exposed between June 15, 2012 and October 12, 2012.

UPDATE (01/05/2013): A detailed list of the organizations and number of people who were affected is available on phiprivacy.net herehttp://www.phiprivacy.net/?p=10825

UPDATE (03/08/2013): Osceola County EMS released a notification in March of 2013 here: http://tinyurl.com/a335kak

UPDATE (03/14/2013): The Yuma, Arizona Fire Department was also affected by the breach.  ADP handles the billing for Yuma's emergency medical services.  Names, Social Security numbers, dates of birth, and record identifiers may have been accessed.

UPDATE (08/28/2013): ADPI learned of the tax scheme after being notified by Tampa, Florida police.  The IRS confirmed that Valparaiso Fire Department information was compromised by the breach in July of 2013.  Patients seen at Valparaiso Fire Department or by Valparaiso Fire Department ambulances between January 1 and June 21 of 2012 may have had their names, Social Security numbers, and dates of birth exposed.

 
Information Source:
California Attorney General
records from this breach used in our total: 15,000

November 28, 2012 Westside Park Elementary School Based Health Center
Adelanto, California
MED PHYS

1,370 (No SSNs or financial information reported)

A burglary sometime around October 1 may have resulted in the exposure of patient names, Social Security numbers, phone numbers, addresses, dates of birth, health conditions, medications, and other health information.  The information was in a locked room that was accessed, but it appears that none of the paper records were stolen.  Thieves took a television and other items. 

 
Information Source:
PHIPrivacy.net
records from this breach used in our total: 0

November 27, 2012 Soundental Associates P.C.
West Haven, Connecticut
MED PORT

Unknown

A bag of personal items and back-up media cartridges from Soundental was stolen from an employee's car on September 24.  The back-up cartridges had patient names, addresses, treatment records, and dates of birth.  Social Security numbers were also exposed in some cases.  The cartridges had been scrambled to prevent easy access.

 
Information Source:
PHIPrivacy.net
records from this breach used in our total: 0

November 27, 2012 Long Chiropractic
Dayton, Ohio
MED PHYS

Unknown

A November 26 office burglary may have resulted in the theft of patient records.  A safe with computer disks and a laptop computer were stolen.  It is unclear if either contained sensitive patient information.  The burglars were in the office for 15 minutes and may have taken or viewed sensitive patient information in other areas.

 
Information Source:
PHIPrivacy.net
records from this breach used in our total: 0

November 27, 2012 University of Arkansas for Medical Sciences (UAMS)
Little Rock, Arkansas
MED INSD

1,500 (No SSNs or financial information reported)

Anyone who was a patient at UAMS and had surgery or was seen by a neurosurgeon from January 2010 to June 2010 may call UAMS toll-free hotline at 888-729-2755 to learn if they were affected by the breach.

A former resident doctor kept the personal information of about 1,500 patients as part of a lawsuit she filed against UAMS.  She also claimed to have kept the information for research purposes.  UAMS became aware of the issue on October 9 when the former resident doctor used the documents as part of her lawsuit.  UAMS learned that she kept additional documents on November 7 and had provided them to UAMS attorneys on June 25. Some patients had their names, addresses, dates of birth, medical record numbers, and dates of service exposed.  Other patients had their ages, locations of care, dates of service, diagnoses, medications, surgical procedures, procedure names, and lab results exposed.

 
Information Source:
PHIPrivacy.net
records from this breach used in our total: 0

November 27, 2012 Pinnacle Foods Group, LLC
Clinton, Wisconsin
BSR PORT

1,818

Those with questions may call Pinnacle at (855) 477-6879.

A laptop taken from an employee's home on October 11 contained sensitive information.  It contained names, Social Security numbers, driver's license numbers, credit card numbers , and other personal information.

 
Information Source:
Databreaches.net
records from this breach used in our total: 1,818

Breach Total
864,188,052 RECORDS BREACHED
(Please see explanation about this total.)
from 4,252 DATA BREACHES made public since 2005
Showing 701-750 of 4252 results


X

Sign In!

Loading