Chronology of Data Breaches
Security Breaches 2005 - Present

Posted Date: April 20, 2005
Updated Date: December 31, 2013

Is this your first visit to our Chronology of Data Breaches?

  • Read our FAQ about what we define as a breached record, how we calculate the "total" records breached, our data sources, state breach notice laws, studies and other resources

  • Learn how to use our Chronology and take advantage of its sophisticated search and sort features

  • Get our RSS Feed to see when we add new breaches to the list

What would you like to do?


Click or unclick the boxes then select go.


Select features, then click GO.



Help Guide

Can't find the sort feature you're looking for? Click here to download a CSV file of the data breach list as it exisits today.
Breach Total
815,842,526 RECORDS BREACHED
(Please see explanation about this total.)
from 4,495 DATA BREACHES made public since 2005

Save or Print PDF of Entire Breach List including introduction.Save or Print a PDF of Entire Breach List (including introductory FAQ)

Filter breach list before saving or printing PDF. Conduct a search of the Chronology using its sorting features, and Save or Print a PDF of your search results (Select filters)

If you do not have access to PDF, you can print the Chronology in landscape view.

Date Made Public Name Entity Type
August 19, 2007 Applera
Norwalk, Connecticut
BSO PORT

Unknown

A laptop was stolen from the car of an employee while it was in a parking lot on August 9. The laptop contained full names and Social Security numbers of employees. It is not clear if all 5,530 of Applera's employees were affected by the incident. At least 24 New Hampshire residents were affected.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

September 27, 2007 Kelley Drye and Warren LLP
Washington, District Of Columbia
NGO PORT

Unknown

A laptop was stolen from an external pension auditor on September 12. It contained information related to Kelley's Retirement Savings Plan. This information included names, Social Security numbers, dates of birth, addresses, and/or date of employment.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

December 28, 2010 Apothecary of Colorado
Denver, Colorado
MED PHYS

Unknown

A man handling recyclables near his home found a conspicuous binder in a dumpster.  It turned out that medical marijuana records had been placed there.  The names, Social Security numbers, dates of birth, addresses and phone numbers of patients were in the binder.  The current owners believe the records are from the previous owner or owners.  "Dozens" of people were affected.

 
Information Source:
PHIPrivacy.net
records from this breach used in our total: 0

December 28, 2010 Geisinger Health System
Wilkes-Barre, Pennsylvania
MED DISC

2,928 (No SSNs or financial information reported)

A former physician emailed patient medical information to his home email account in an unencrypted manner. The information included patient names, medical record numbers, procedures and indications. The physician deleted the information from his computer, home network and servers.  The incident occurred on or around November 3.

 
Information Source:
PHIPrivacy.net
records from this breach used in our total: 0

December 27, 2010 Riverside Mercy Hospital, Mercy Health Partners
Toledo, Ohio
MED PHYS

1,000 (No SSNs or financial information reported)

Concerned current and former patients and employees may call 1-877-451-9361 for more information.

Patient and employee records were left in the Hospital after the facility was sold to Toledo Public Schools in 2003. The Hospital closed in 2002 and was sold in 2003. Records were left unsecured in the facility from 2003 until the discovery in November of 2010.

 
Information Source:
PHIPrivacy.net
records from this breach used in our total: 0

December 27, 2010 American Honda Motor Company
Torrance, California
BSR HACK

4.9 million (No SSNs or financial information reported)

A Honda vendor maintaining a customer mailing list for My Acura and Honda's Owner Link websites was hacked. Names, email addresses, vehicle identification numbers and user IDs may have been exposed. There is speculation that this breach is connected to a hack of Silverpop that exposed the information of McDonald's and deviantART subscribers.

UPDATE (1/24/11): Around 2.2 million Honda customers had their information exposed. Around 2.7 million Acura customers had their email addresses exposed, but names and other information were not breached.

 
Information Source:
Databreaches.net
records from this breach used in our total: 0

October 23, 2007 American Academy of Pediatrics
Elk Grove Village, Illinois
MED PORT

Unknown

A laptop that may have contained names, Social Security numbers and addresses was lost during a move. The research department of the AAP misplaced a file cabinet and a laptop during the process of moving offices.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

October 19, 2007 Blockbuster Inc.
Lantana, Florida
BSR PORT

Unknown

A computer was stolen from a Blockbuster office during a September 5 burglary. Customer names, addresses, telephone numbers, Blockbuster account numbers, driver's license numbers, credit card numbers and credit card types, and email addresses were on the computer's hard drive.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

October 23, 2007 Longs Drug Stores California Inc.
La Jolla, California
BSR PORT

Unknown

A data storage tape containing backup data relating to pharmacy transactions was stolen during a store burglary. It contained customer names, prescription information and insurance plan membership information. Some membership numbers were or contained Social Security numbers.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

October 8, 2007 National Financial Partners (NFP)
New York, New York
BSF PORT

Unknown

A laptop was stolen from an employee during travel. The information on the laptop included names, tax ID numbers, Social Security numbers and other personal information of NFP's vendors.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

October 25, 2007 Virgin Mobile
Palo Alto, California
BSR DISC

Unknown

Unauthorized third parties attempted to or succeeded in accessing customer account during May.  It appears that the third parties used techniques to gather access customer accounts through customer care telephone lines as opposed to Virgin's website.  It was determined that people were calling customer service and claiming to be a customer or relative of a customer, and obtaining account information.  Third parties may have also called customer service and guessed common surnames and common passwords or secret answers in order to access customer accounts.  After accessing an account via customer care telephone lines, the third parties may have transferred account balances and/or airtime minutes, converted account balances to Virgin merchandise, purchased Virgin airtime or merchandise with credit or debit cards linked to the account, changed account login or contact information, or deactivated the account.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

November 19, 2007 General Cable Corporation
Marshall, Texas
BSO DISC

Unknown

An employee used the wrong email distribution list and sent an email to several unauthorized employees on November 1. The email included names and Social Security numbers of current and former employees, as well as third-party vendors. At least 19 Massachusetts residents and four residents of other states were affected, but the total number of affected individuals nationwide was not revealed.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

November 11, 2007 State of Nevada
Carson City, Nevada
GOV PORT

Unknown

The Nevada State Personnel Director said that hundreds of CDs containing payroll information about state employees had been lost.  Thirteen thousand CDs had been sent to 80 agencies over the last three years and 470 were missing as of November.  The Personnel Director plans to implement a new system to decrease data loss.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

January 4, 2011 White Rock Networks
Plano, Texas
BSO PHYS

Unknown

Nearly 50 boxes of medical records, Social Security numbers, addresses, phone numbers and other personal information were found in a paper recycling dumpster behind a library.  White Rock personnel records from 2000 to 2005 were in the boxes. The company went bankrupt in 2006 and was purchased.  A local news crew contacted at least one of the affected people so that she could retrieve her information.

 
Information Source:
PHIPrivacy.net
records from this breach used in our total: 0

January 1, 2011 Kinetic Concepts Inc, (KCI)
San Antonio, Texas
BSR INSD

Unknown

A call center employee with authorization to access a customer payment card database used some of the information to make fraudulent purchases. The database contained names, addresses, insurance information and dates of birth. The Social Security numbers and payment card information of some customers were also in the database.

 
Information Source:
PHIPrivacy.net
records from this breach used in our total: 0

January 3, 2011 Half Hitch Tackle
Panama City, Florida
BSR HACK

Unknown

A breach of the systems security resulted in the exposure of customer credit and debit cards.  It is possible that the breach originated overseas.  

 
Information Source:
Databreaches.net
records from this breach used in our total: 0

December 31, 2010 Sovereign Bank
Wyomissing, Pennsylvania
BSF HACK

Unknown

The Bank became aware of suspicious online activity on October 15. On December 15, it was determined that a key logger had been installed on a company laptop. Customer names, Social Security numbers and addresses may have been accessed by unauthorized parties. At least 2 New Hampshire residents were affected, but the total number of affected individuals nationwide was not revealed.

 
Information Source:
Databreaches.net
records from this breach used in our total: 0

December 31, 2010 Samuels, Green, and Steel, LLP
Irvine, California
BSO UNKN

Unknown

An unauthorized party obtained the law firm's login information and accessed consumer credit reports.

 
Information Source:
Databreaches.net
records from this breach used in our total: 0

December 31, 2010 CHS, Inc.
St. Paul, Minnesota
BSR DISC

Unknown

PATR-1099 forms were mailed with names and Social Security numbers visible from the outside of the envelope. The company became aware of the problem after a recipient notified them of the mistake. The error did not affect all recipients.

 
Information Source:
Databreaches.net
records from this breach used in our total: 0

December 31, 2010 Armstrong Atlantic State University
Savannah, Georgia
EDU PORT

Unknown

Affected individuals may call (912) 344-3529.

A portable hard drive was stolen from the nursing department in early October.  It contained the Social Security numbers of several hundred alumni.  

 
Information Source:
Databreaches.net
records from this breach used in our total: 0

December 10, 2007 Peerless Industries Inc., C I Host Chicago Datacenter
Chicago, Illinois
BSR STAT

Unknown

C I Host experienced a burglary on October 2. Peerless's web-servers had been housed there and were stolen during the incident. Customer names, addresses, email addresses, telephone numbers, and encrypted credit card numbers were on one or more of the stolen web-servers. Affected customers were notified during the first half of November.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

December 20, 2007 Jackson National Life Insurance Company, INVEST Financial Corporation
Lansing, Michigan
BSF HACK

Unknown

Jackson discovered a breach that allowed access to client information through the Internet-based trading program Streetscape. The incident involved the unauthorized use of a password. Client INVEST accounts and balances, names, Social Security numbers, tax ID numbers, addresses and dates of birth were accessed.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

January 2, 2008 Centocor, Inc.
Horsham, Pennsylvania
BSR PORT

Unknown

In early October, Centocor was notified by its IT vendor that one or two computers could not be located. Centocor's vendor investigated and reported that several more computers could not be found on November 29. Centocor believes that a former, contracted employee of the vendor removed the computers from the Horsham facilities. One of the laptops probably contained a file with information intended for management of National Faculty and Rounds on the Road Speakers programs. Names, cities and states, Social Security numbers and tax ID numbers of speaker consultants may have been exposed.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

January 6, 2011 Adventist Behavioral Health
Rockville, Maryland
MED PHYS

Unknown

Patients whose information was compromised may call (301) 251-4567.

An employee error caused sensitive patient documents to be sent to a recycling facility. Some of the documents, which should have been shredded instead of recycled, were found on December 29 after being blown out of a recycling truck.  The documents included patient names and dates of birth.  The papers that fell off the truck were shredded by Adventist and any documents that remained at the facility were destroyed there.  The employee responsible for the mistake was not fired.

 
Information Source:
PHIPrivacy.net
records from this breach used in our total: 0

January 6, 2011 Grant Medical Center, OhioHealth
Columbus, Ohio
MED INSD

501 (No SSNs or financial information reported)

Affected individuals may call 1 888-845-0818.

On November 5, several out-of-service computers were determined to be missing from a storage facility.  An investigation revealed that a dishonest employee had stolen the computers, attempted to clear the hard drives and was in the process of reselling them.  Information from patients treated at Grant between 2008 and November 5 of 2010 may have remained on the stolen computers.  

UPDATE (1/14/11): The breach affected 501 individuals.

 
Information Source:
PHIPrivacy.net
records from this breach used in our total: 0

January 6, 2011 Marsh U.S. Consumer, Seabury and Smith, ITT Corporation
Tulsa, Oklahoma
BSO DISC

Unknown

Some ITT Corporation employees may have been able to view unencrypted personal information of other ITT employees when accessing an ITT website serviced by Marsh U.S. Consumer. The incident resulted from a programming issue and occurred from November 1 through November 8. Employees and their spouses may have had their Social Security numbers and medical history information exposed. Marsh U.S. Consumer is a service of Seabury and Smith. At least nine New Hampshire residents were affected by the breach, but the total number of individuals affected nationwide was not revealed.

 
Information Source:
PHIPrivacy.net
records from this breach used in our total: 0

January 8, 2011 Duval Clerk of Courts
Jacksonville, Florida
GOV DISC

Unknown

People who want to check their information in the Duval system must go to http://www.duvalclerk.com, scroll to the bottom of the page, click "search court and official records", click "OnCore" and type in their name.

Someone discovered sensitive information on the government website. Some Social Security numbers and bank account numbers were viewable. Records entered after and around 2002 are carefully checked for Social Security numbers and bank accounts, but some records prior to that time still contain sensitive information. The clerk's office removed sensitive information from several records after being notified of the problem.

 
Information Source:
Databreaches.net
records from this breach used in our total: 0

January 14, 2008 Raymour and Flanigan Furniture
New York, New York
BSR INSD

Unknown

An employee stole an unknown number of customer credit card details.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

January 15, 2008 Casa Del Sol Day Care
Mission, Texas
BSO PHYS

Unknown

Several boxes of Social Security numbers, bank account details and medical records were found in a dumpster.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

January 5, 2008 Commerce Bank, Citizens Bank, NewConcept Inc.
Philadelphia, Pennsylvania
BSF INSD

Unknown

Employees of several organizations were found to be involved in a fraud ring. Using customer information, the criminals attempted to defraud Commerce Bank and Citizens Bank. People in Philadelphia, the Eastern District of Pennsylvania, New Jersey, the Eastern District of New York and elsewhere were affected. The fraud ring was in effect between March of 2007 and May 15 of 2007.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

January 18, 2008 Corbin Social Services Office
Corbin, Kentucky
GOV PORT

Unknown

Nine thousand dollars worth of laptops were stolen from the office sometime during the week or January 18. One or more of the laptops contained personal information.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

January 16, 2008 Aspen Grove Market
Boulder, Colorado
BSR DISC

Unknown

Employee information and customer credit card information was stolen from a website.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

January 22, 2008 Private Medical Practice
Fort Myers, Florida
MED PHYS

Unknown

Medical documents with Social Security numbers were found in a dumpster.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

January 22, 2008 Private Accounting Practice
Fort Myers, Florida
BSF PHYS

Unknown

Tax documents discovered in a dumpster contained customer names and Social Security numbers.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

January 10, 2011 Entertainment Software Rating Board (ESRB)
New York, New York
BSO DISC

1,000 (No SSN or financial information exposed)

People who contacted ESRB to complain about a Blizzard Entertainment change in privacy were sent a response that included the emails of other people who had contacted ESRB with similar concerns.  Blizzard had proposed implementing Real ID (required usage of real first and last name) for participation in forums, but abandoned it after a backlash.

 
Information Source:
Databreaches.net
records from this breach used in our total: 0

December 2, 2010 KMax Systems
Kissimmee, Florida
BSR PHYS

Unknown

A box of job applications was thrown out by a new manager.  Someone found the applications and showed them to another person who then contacted some of the applicants.  Addresses, Social Security numbers, driver's license numbers, names, phone numbers and other information typical of an employment application were exposed.  Some of the applications also had questionable interview comments that seemed irrelevant to the selection process.

 
Information Source:
Media
records from this breach used in our total: 0

January 14, 2011 California Therapy Solutions
, California
MED PORT

1,226 (No SSNs or financial information reported)

The breach could have affected four different offices in southern California. No city is listed.

The November 15 theft of a device resulted in the exposure of protected patient health information.

 
Information Source:
HHS via PHIPrivacy.net
records from this breach used in our total: 0

January 14, 2011 Osceola Medical Center, Hils Transcription Service
Osceola, Wisconsin
MED HACK 500 (No SSNs or financial information reported)
The November 25 hack of a Hils Transcription server exposed the health information of 500 patients.  
Information Source:
HHS via PHIPrivacy.net
records from this breach used in our total: 0

January 14, 2011 International Union of Operating Engineers Health and Welfare Fund, Zenith Administrators, Inc.
Baltimore, Maryland
NGO PHYS

800 (No SSNs or financial information reported)

Papers pertaining to Union's employee benefits program were stolen from Zenith's office on November 3. Zenith administers the benefits program. The papers contained health information.

 
Information Source:
HHS via PHIPrivacy.net
records from this breach used in our total: 0

January 14, 2011 Azure Acres
New York, New York
MED PORT

699 (No SSNs or financial information reported)

People in Sebastopol, California were affected.  Concerned patients may call (855) 252-3784.

The November 12 theft of a physician's laptop resulted in the exposure of client information.  The information included full name and billing information, but did not include addresses or Social Security numbers.  Azure Acres is a drug and alcohol abuse facility.

 
Information Source:
PHIPrivacy.net
records from this breach used in our total: 0

January 13, 2011 St. Vincent Hospital
Indianapolis, Indiana
MED UNKN

1,800 (No SSNs or financial information reported)

St. Vincent encouraged patients who received letters to call 800-805-7004.

In November, Saint Vincent officials learned that several associate email accounts had been breached. A third party managed to obtain email logins. Patient names, dates of service and clinical information may have been accessed.

 
Information Source:
PHIPrivacy.net
records from this breach used in our total: 0

January 13, 2011 Green River District Health Department, Fox Technology Group (now part of Intergranetics)
Owensboro, Kentucky
MED DISC

18,871 (more than half with SSNs)

The personal information of people who visited Green River District Health Department was accidentally placed online by Fox Technology. A resident notified the Department after discovering personal information online. Many visitor names were given with dates of birth; around half included Social Security information as well. The information was exposed sometime in October of 2010 or before. The problem was fixed soon after the Department was notified.

UPDATE (3/16/2011): There were 18,871 visitors who were affected, not 9,986.

 
Information Source:
PHIPrivacy.net
records from this breach used in our total: 0

January 12, 2011 Kadlec Regional Medical Center
Richland, Washington
MED HACK

Unknown

Those with questions may call (877) 451-9363.

A computer server that contained brain scan and other patient studies was hacked sometime around September 15. Patient names, dates of birth, ages, genders, medical record numbers and doctors' names were exposed. The breach was discovered on November 11 during routine monitoring of computer network backups. The server was removed from service and a firm was hired to investigate the issue.

 
Information Source:
PHIPrivacy.net
records from this breach used in our total: 0

January 12, 2011 Universal Medical Center
Tucson, Arizona
MED INSD

Unknown

Three staff members and one contract employee were fired for viewing sensitive patient information without cause. The electronic medical records of patients who were injured during a terrorist shooting spree may have intrigued the workers. There were no reports of confidential patient information being released to the public.

 
Information Source:
PHIPrivacy.net
records from this breach used in our total: 0

January 18, 2011 Iowa Telecommunications, Experian
Newtown, Iowa
BSO UNKN

Unknown

One of Experian's clients experienced a breach that gave unauthorized users access to Experian's pool of consumer names, Social Security numbers, dates of birth and account numbers.  Someone gained access to the Experian login information for Iowa Telecommunications and was able to obtain consumer report information in the company's name.

 
Information Source:
Databreaches.net
records from this breach used in our total: 0

January 19, 2011 Abbott Medical Optics, Baylor College of Medicine Department of Ophthalmology
Malpitas, California
MED PORT

Unknown

More information is available at (713) 798-2667.

Backup tapes with information from Ophthalmology department equipment were stolen from Abbott's office after being collected from Baylor. The information on the tapes included the eye contour measurement charts, names and physician names of patients who were preparing for Lasik surgery.

 
Information Source:
PHIPrivacy.net
records from this breach used in our total: 0

January 19, 2011 U.S. Postal Service
St. Louis, Missouri
GOV PHYS

Unknown

The back door of a contractor truck popped open during its journey between a St. Louis distribution center and Memphis, Tennessee. Hundreds of pieces of U.S. mail were scattered across 70 miles of highway.  A recovery effort was launched by police officers and postal workers within 24 hours. Most of the mail included statements and bills that were headed for the West Coast.

 
Information Source:
Databreaches.net
records from this breach used in our total: 0

January 18, 2008 SAIC
Mclean, Virginia
BSO HACK

Unknown

Malicious software was discovered on a computer used to collect customer information. The information included name, billing and shipping address, phone and fax number, credit card number and security code.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

January 28, 2008 Spectrum Family Medical
Henderson, Nevada
MED PHYS

Unknown

Dozens of boxes were found in an apartment complex dumpster.  Hundreds of patient records, copies of Social Security cards and copies of driver's licenses were left exposed.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

January 25, 2008 DCI Donor Services (DCIDS)
Nashville, Tennessee
NGO PORT

Unknown

A laptop was stolen from a student intern's home. It contained the Social Security numbers of donor recipients.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

Breach Total
815,842,526 RECORDS BREACHED
(Please see explanation about this total.)
from 4,495 DATA BREACHES made public since 2005
Showing 751-800 of 4495 results


X

Sign In!

Loading