Chronology of Data Breaches
Security Breaches 2005 - Present

Posted Date: April 20, 2005
Updated Date: December 31, 2013

Is this your first visit to our Chronology of Data Breaches?

  • Read our FAQ about what we define as a breached record, how we calculate the "total" records breached, our data sources, state breach notice laws, studies and other resources

  • Learn how to use our Chronology and take advantage of its sophisticated search and sort features

  • Get our RSS Feed to see when we add new breaches to the list

What would you like to do?


Click or unclick the boxes then select go.


Select features, then click GO.



Help Guide

Can't find the sort feature you're looking for? Click here to download a CSV file of the data breach list as it exisits today.
Breach Total
867,217,832 RECORDS BREACHED
(Please see explanation about this total.)
from 4,257 DATA BREACHES made public since 2005

Save or Print PDF of Entire Breach List including introduction.Save or Print a PDF of Entire Breach List (including introductory FAQ)

Filter breach list before saving or printing PDF. Conduct a search of the Chronology using its sorting features, and Save or Print a PDF of your search results (Select filters)

If you do not have access to PDF, you can print the Chronology in landscape view.

Date Made Publicsort icon Name Entity Type
October 19, 2012 Ecco Health, LLC, Colon & Digestive Health Specialists
Scottsdale, Arizona
MED PORT

5,713 (No SSNs or financial information reported)

A vendor working with patient data for digital conversion from Colon & Digestive lost a flash drive on or around July 16.  It contained patient names, Social Security numbers, dates of birth, addresses, telephone numbers, account numbers, diagnoses, and other protected health information.

 
Information Source:
HHS via PHIPrivacy.net
records from this breach used in our total: 0

October 19, 2012 U.S. National Weather Service, Weather.gov
Silver Spring, Maryland
GOV HACK

Unknown

Hackers targeted the U.S. National Weather Service website Weather.gov in an attempt to exploit vulnerabilities in U.S. government online systems.  The hackers claim to have begun a campaign in response to U.S. cyber attacks in Muslim nations.  Partial login credentials and system and network configuration files were accessed and posted online.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

October 19, 2012 The College of St. Scholastica
Duluth, Minnesota
EDU HACK

28 (No SSNs or financial information exposed)

Hackers were able to guess the answers to student account challenge questions.  The email account passwords of at least 28 students were reset and their account information was most likely accessed. The hackers may have been based in Beijing and most likely gathered the information needed to pass the challenge questions from information on the students' Facebook pages.

 
Information Source:
Databreaches.net
records from this breach used in our total: 0

October 18, 2012 Blount memorial Hospital
Maryville, Tennessee
MED PORT

27,000 (5,000 SSNs reported)

A password-protected laptop was stolen from an employee's home on August 25.  It contained two groups of patient data.  Patient names, dates of birth, responsible party names, patient addresses, physician names, and billing information for 22,000 patients were on the laptop. An additional 5,000 patients had similar information exposed as well as their Social Security numbers and other non-medical information.

 
Information Source:
PHIPrivacy.net
records from this breach used in our total: 5,000

October 18, 2012 Southern Environmental Law Center
Charlottesville, Virginia
NGO HACK

Unknown

Sensitive information from Southern Environmental Law Center was placed online.  Credit card, medical, and donor information such as addresses, phone numbers, and client files were exposed.  The data was accessible via Google search for an unspecified amount of time.  Southern Environmental Law Center is warning people not to open emails about the security failure or click on any links in emails that appear to be from Southern Environmental Law Center.

 
Information Source:
Databreaches.net
records from this breach used in our total: 0

October 16, 2012 University of Georgia (UGA)
Athens, Georgia
EDU HACK

8,500

The passwords of two University of Georgia (UGA) IT employees were reset and misused by an intruder.  Names, Social Security numbers, and other sensitive data of current and former school employees may have been exposed. The breach may have begun as early as September 28, 2012.

 
Information Source:
Media
records from this breach used in our total: 8,500

October 15, 2012 District 202, Plainfield School District
Plainfield, Illinois
EDU HACK

23,000 (No SSNs or financial information exposed)

People who applied online at www.applitrack.com for a job in District 202 may have had their information accessed by a hacker.  The hacker sent messages to former and current job applicants and informed them that the Plainfield School District 202 website was breached. 

UPDATE (10/19/2012): A 14-year-old Joliet West High School student was removed from class and taken to a juvenile detention center for his alleged involvement in the breach.

 
Information Source:
Databreaches.net
records from this breach used in our total: 0

October 13, 2012 City of Burlington, Washington
Burlington, Washington
GOV HACK

Unknown

A hacker or hackers managed to transfer $400,000 in city funds to accounts across the country. The cyber attack occurred sometime between Tuesday night and Wednesday morning.  City employees may have also had their direct deposit bank account information compromised.

 
Information Source:
Databreaches.net
records from this breach used in our total: 0

October 12, 2012 AutoCarry
North Bergen, New Jersey
BSO PHYS

100

An office burglary that occurred on October 10 resulted in the exposure of customer information.  Paper documents that contained credit card numbers, addresses, and other personal information were taken.

 
Information Source:
Databreaches.net
records from this breach used in our total: 100

October 12, 2012 Korn/Ferry International
Los Angeles, California
BSO HACK

Unknown

Those with questions may call 1-800-971-5875.

A cyber breach affected Korn/Ferry databases.  Names, Social Security numbers, driver's license numbers, government-issued identification numbers, credit card numbers, and health information may have been exposed.  The information may have been available to unauthorized parties for months before the breach was discovered in August of 2012.

 
Information Source:
Databreaches.net
records from this breach used in our total: 0

October 12, 2012 Army Material Command
Huntsville, Alabama
GOV PHYS

400 (Unknown number of SSNs)

An employee transported a hard copy of sensitive employee documents home.  The employee is not believed to have took the information for fraudulent or criminal activity.

 
Information Source:
Databreaches.net
records from this breach used in our total: 0

October 12, 2012 FEI Company
Hillsboro, Oregon
BSR PORT

Unknown

The August 29 theft of a laptop resulted in the exposure of employee information.  Employee names, Social Security numbers, information related to taxpayer I.D., dates of birth, home addresses, and employment information such as salaries were exposed.

 
Information Source:
Databreaches.net
records from this breach used in our total: 0

October 11, 2012 Centers for Medicare & Medicaid Services (CMS)
Baltimore, Maryland
GOV UNKN

363 (No SSNs or financial information reported)

The CMS experienced 13 breaches between September 23, 2009 and December 31, 2011.  The CMS failed to notify beneficiaries of seven of the breaches in a timely manner.  The HHS's Office of the Inspector General (OIG) also alleges that the notifications mailed to beneficiaries did not disclose what type of information had been exposed, the date the breach occurred, or how CMS was working to prevent future breaches.

 
Information Source:
PHIPrivacy.net
records from this breach used in our total: 0

October 11, 2012 PST Services, Inc., Litton and Giddings Radiological Associates, P.C.
Springfield, Montana
MED PHYS

Unknown

Litton and Giddings' janitorial service, PST Services, failed to shred patient billing records before sending them to a Springfield recycling company.  The records may have been viewed by unauthorized parties before being destroyed at the recycling center.  

 
Information Source:
PHIPrivacy.net
records from this breach used in our total: 0

October 10, 2012 Northwest Florida State College
Niceville, Florida
EDU HACK

279,000 (At least 200,050 SSNs exposed)

An internal review revealed a hack of Northwest College servers.  One or more hackers accessed at least one folder in the server between May 21, 2012 and September 24, 2012.  Over 3,000 employees, 76,000 Northwest College student records, and 200,000 students eligible for Bright Future scholarships in 2005-06 and 2006-07 were affected.  Bright Future scholarship data included names, Social Security numbers, dates of birth, ethnicity, and genders.  Current and former employees that have used direct deposit anytime since 2002 may have had some information exposed. At least 50 employees had enough information in the folder to be at risk for identity theft.

 
Information Source:
Databreaches.net
records from this breach used in our total: 200,050

October 10, 2012 PlaySpan
Foster City, California
BSR HACK

100,000 (No SSNs or financial information exposed)

A hacker or hackers accessed PlaySpans computer system.  User IDs, encrypted passwords, and email addresses of online players were exposed.  Users are advised to immediately change their passwords and also any similar passwords for other logins associated with compromised email addresses. PlaySpan Marketplace may have also been affected and could be linked to user financial information.

 
Information Source:
Media
records from this breach used in our total: 0

October 10, 2012 Equifax
Atlanta, Georgia
BSF DISC

17,000

Equifax settled charges with the Federal Trade Commission after it was discovered that Equifax Information Services improperly sold lists of consumer data.  People who were late on their mortgage payments had their information sold to firms that should not have received the information and subsequently resold it to other firms.  Equifax agreed to pay nearly $1.6 million to resolve charges that it violated the FTC and Fair Credit Reporting Acts. The settlement prohibits Equifax from providing prescreened lists to unauthorized parties, having poor procedures for releasing prescreened lists, and selling prescreened lists in certain circumstances.

 
Information Source:
Media
records from this breach used in our total: 17,000

October 8, 2012 TD Bank
Cherry Hill, New Jersey
BSF PORT

260,000

Two data backup tapes were lost during shipping in late March 2012.  The tapes included customer names, Social Security numbers, addresses, account numbers, debit card numbers, and credit card numbers.

UPDATE (10/13/2012): A total of 260,000 customers from Maine to Florida were notified.  

 
Information Source:
California Attorney General
records from this breach used in our total: 260,000

October 8, 2012 GreenStone Homes
Columbus, Ohio
BSO PHYS

Unknown

A pile of thousands of documents were found in the street. Two bags were stuffed with financial information such as tax returns with Social Security numbers. The information was found in the driveway of a model home that had been foreclosed in July 2011.

 
Information Source:
Databreaches.net
records from this breach used in our total: 0

October 8, 2012 Ohio State University, Harvard University, Stanford University, Cornell University, Princeton University, John Hopkins University, University of Michigan, University of Wisconsin, University of Houston, New York University, University of Maryland
,
EDU HACK

Unknown

There is no specific location for this breach.

The University of Texas, University of Colorado, University of Pennsylvania, Duke University, Rutgers University, University of Pittsburgh, University of Florida, Case Western Reserve University, Texas A&M University, Boston University, Purdue University, University of Arizona, Arizona State University, University of Utah, Ohio State College of Dentistry, and additional universities were affected.  Universities outside of the United States were also affected.

Each affected university is listed here: http://pastebin.com/AQWhu8Ek

A hacking group called Team GhostShell targeted universities around the world.  A total of 53 universities were affected.  Most of the data exposed was publicly available, but student, staff, and faculty usernames and passwords were also exposed. It is unclear if any financial information or Social Security numbers were taken from universities.

 
Information Source:
Databreaches.net
records from this breach used in our total: 0

October 8, 2012 www.naperville.il.us
Naperville, Illinois
GOV HACK

Unknown

A cyber intruder injected a virus into the website of the city of Naperville.  City officials claim that no resident credit card information was compromised.  There is no evidence that any type of information was stolen from the website.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

October 4, 2012 Monterey Institute of International Studies, Middlebury College
Monterey, California
EDU PORT

Unknown

A September 14, 2012 home burglary resulted in the theft of a laptop.  The laptop was password-protected and was stolen along with other items.  Student names and Social Security numbers were on the laptop.  

 
Information Source:
California Attorney General
records from this breach used in our total: 0

October 2, 2012 Town Council of Chapel Hill
Chapel Hill, North Carolina
GOV DISC

12

A licensed clinical social worked accidentally attached confidential client information to an email that was forwarded to town council colleagues. A copy of her and her husband's 2011 income tax returns was also in the email. The email automatically became available to the public and the error was noticed nearly a week later.  Unfortunately, the email was also forwarded a second time to a public account.  Consequently, the information was publicly available for a week.  

Many of the affected clients were University of North Carolina students.  Names, Social Security numbers, clinical notes about client mental health, payment amounts, and insurance forms were exposed.

 
Information Source:
PHIPrivacy.net
records from this breach used in our total: 12

October 2, 2012 Robeson County Board of Elections
Lumberton, North Carolina
GOV PORT

71,000 (Partial SSNs exposed)

Five password-protected laptop computers that contained personal information of registered voters in Robeson County were discovered stolen in September.  Voters had their names, addresses, dates of birth, and the last four digits of their Social Security numbers exposed.  The computers went missing between July 18 and September 4. They were most likely taken while outside of their normally secured area and left with unsupervised community volunteers.  Driver's license numbers may have also been exposed.  Those who were affected were mailed letters on September 12.

 
Information Source:
Databreaches.net
records from this breach used in our total: 0

October 1, 2012 San Mateo Union High School District
San Mateo, California
EDU HACK

Unknown

Hackers accessed San Mateo Union High School District's computer system and attempted to use it to infiltrate FBI and CIA electronic systems. The District became aware of the problem when United States Naval Intelligence informed them that the District's servers had been compromised.  The hackers appear to have used additional organizations in their scheme.

 
Information Source:
Databreaches.net
records from this breach used in our total: 0

September 29, 2012 Health and Sports Rehab, Inc.
Dorchester, Massachusetts
MED INSD

Unknown

A dishonest intern stole personal information while working at the clinic.  The information was used to create and cash fraudulent checks and the dishonest intern pled guilty.

 
Information Source:
PHIPrivacy.net
records from this breach used in our total: 0

September 28, 2012 University of Chicago
Chicago, Illinois
EDU DISC

9,100

A postcard mailed to University of Chicago employees contained their Social Security numbers. The cards were mailed on September 24 to remind employees about open enrollment, but also had Social Security numbers printed on the outside.

 
Information Source:
Databreaches.net
records from this breach used in our total: 9,100

September 28, 2012 Brightline Interactive, Army Chief of Public Affairs
Alexandria, Virginia
GOV DISC

518 (31 SSNs reported)

An army awards database was found to be available online.  The database was being handled by the defense contractor Brightline Interactive and was mistakenly uploaded to a public server at an unknown time.  Those who received awards for actions since September 11, 2001 were affected.

 
Information Source:
Databreaches.net
records from this breach used in our total: 31

September 27, 2012 Apex Laboratory
Farmingdale, New York
MED HACK

Unknown

Apex Laboratory learned from law enforcement investigators on July 30 that an unauthorized party or parties accessed their computer systems.  Patients may have had their names, Social Security numbers, addresses, phone numbers, dates of birth, gender, and insurance identification numbers were exposed.

 
Information Source:
PHIPrivacy.net
records from this breach used in our total: 0

September 27, 2012 Rite Aid Corporation
Camp Hill, Pennsylvania
BSR DISC

Unknown

A customer using RiteAid's mobile app to check a prescription noticed that he was able to access the names, addresses, and prescription records of other customers.  The customer was able to identify some of the problems by using his computer science background.  He noticed there was no secure login tied to web service calls made from the smartphone application.  The customer was able to correspond with several RiteAid representatives and RiteAid began to address some of the security concerns.

 
Information Source:
PHIPrivacy.net
records from this breach used in our total: 0

September 27, 2012 Medical Solutions Management, Inc.
Hicksville, New York
MED PHYS

1,000

The owner of Medical Solutions Management, Inc. was convicted of wrongful disclosure of private patient information and Medicare fraud. The owner stole private patient information from nursing homes in Long Island and used the information to submit fraudulent claims to Medicare over the course of four and a half years.  Over 1,000 people were affected. She faces a sentence of up to 10 years per count and could be fined up to $250,000 for each conviction count.

UPDATE (04/11/2013): The dishonest owner was sentenced to 12 years in prison. A total of 1.3 million dollars was seized from the owner and she was ordered to forfeit it at her sentencing. She had submitted 10 million dollars in fraudulent Medicare billings.

 
Information Source:
PHIPrivacy.net
records from this breach used in our total: 1,000

September 27, 2012 Center 4 Health Enlightenment Enrichment Empowerment Renewal Services (CHEERS)
Phoenix, Arizona
NGO INSD

180

A dishonest employee accessed and misused CHEERS client names, Social Security numbers, and birth dates.  She, her sister, and her husband filed 180 tax returns under stolen identities and claimed over $1 million in tax refunds. The three face between three years and five years in prison.

 
Information Source:
Databreaches.net
records from this breach used in our total: 180

September 26, 2012 American Heart Association, Olive Crest
Las Vegas, Nevada
NGO PORT

Unknown

An office burglary resulted in the exposure of personal information.  Two or more laptops with donor information and a docking station were stolen.

 
Information Source:
Databreaches.net
records from this breach used in our total: 0

September 24, 2012 CIty of Tulsa, Oklahoma
Tulsa, Oklahoma
GOV HACK

Unknown

Those with questions may call (918) 596-2699.

A hacker or hacker managed to infiltrate and bring down the City of Tulsa's website.  It is unclear if any information was accessed, but notifications were sent to people who applied online for jobs or submitted online police reports.  Names, Social Security numbers, addresses, and driver's license numbers may have been exposed.

UPDATE (10/01/2012): A member or members of the IT department used a third-party firm to test the City's computer system.  There was no unauthorized access.

 
Information Source:
Media
records from this breach used in our total: 0

September 23, 2012 Town of Willimantic, Connecticut
Willimantic, Connecticut
GOV PORT

Unknown

An employee's laptop was stolen from his unattended office between 10 a.m. and noon on September 17.  The laptop was password-protected.  It contained the information of town employees.  Social Security and bank account numbers may have been exposed.

 
Information Source:
Media
records from this breach used in our total: 0

September 21, 2012 Central States Southeast and Southwest Areas Health and Welfare Fund
Des Plaines, Illinois
NGO PHYS

754 (No SSNs or financial information reported)

An incident occurred on July 31 that may have caused sensitive health information to be exposed. The information was in the form of paper records that were exposed in some undisclosed way.

 
Information Source:
HHS via PHIPrivacy.net
records from this breach used in our total: 0

September 21, 2012 Library Resources, Inc. (LRI)
Philadelphia, Pennsylvania
MED PORT

3,183 (No SSNs or financial information reported)

Consumers with questions may call LRI's Quality Management Hotline at 1-888-634-2155 ext. 629.

The August 4th theft of a laptop resulted in the exposure of sensitive information. The laptop contained names, Medicaid numbers, and short summary information used for administrative purposes. 

 
Information Source:
HHS via PHIPrivacy.net
records from this breach used in our total: 0

September 21, 2012 Lana Medical Care
Ormond Beach, Florida
MED PORT

500 (No SSNs or financial information reported)

The August 18th theft of a laptop resulted in the exposure of patient information.

 
Information Source:
HHS via PHIPrivacy.net
records from this breach used in our total: 0

September 21, 2012 Office of Dr. Clark-Neitzel
Olympia, Washington
MED PORT

942

A July 24 office burglary resulted in the theft of medical bags and a laptop.  Affected patients were mailed notification letters on September 7.  Patient names, Social Security numbers, addresses, dates of birth, and medical information was exposed.  

 
Information Source:
HHS via PHIPrivacy.net
records from this breach used in our total: 942

September 21, 2012 Tricounty Behavioral Health Clinic
Acworth, Georgia
MED PORT

4,000 (No SSNs or financial information reported)

Those with questions may call 888-261-6360.

An August 26 office theft of a laptop resulted in the exposure of patient information. 

 
Information Source:
HHS via PHIPrivacy.net
records from this breach used in our total: 0

September 20, 2012 Transcend Capital
Austin, Texas
BSF HACK

236

A hacker breached a data server located at a Transcend Capital branch during the week of August 20.  Client names, Social Security numbers, addresses, account numbers, telephone numbers, email addresses, security positions, and cash positions may have been exposed.  Clients were encouraged to change their passwords.  A total of 236 clients who are California residents were affected, but the total number of clients affected nationwide was not disclosed.

 
Information Source:
California Attorney General
records from this breach used in our total: 236

September 19, 2012 Cabinet for Health and Family Services
Frankfort, Kentucky
MED HACK

2,500 (No SSNs or financial information reported)

The Cabinet for Health and Family Services displayed an official notice on their website here: http://chfs.ky.gov/news/HIPAA+Notice.htm

An employee was the victim of a phishing attack via email sent by a hacker.  The employee's account was then compromised.  Unauthorized activity was identified on the account within half an hour and the account was immediately disabled.  

 
Information Source:
PHIPrivacy.net
records from this breach used in our total: 0

September 19, 2012 United States Navy, Smart Web Move
Washington, District Of Columbia
GOV HACK

200,000 (No SSNs or financial information reported)

A hacker or hackers accessed sensitive information and posted it online.  Former and current Navy personnel who used Smart Web Move to arrange household moves could have been affected.  The compromised database stored 11 years of private information, but only 20 people had their information publicly posted.  Usernames, email addresses, security questions and corresponding answers were exposed.

 
Information Source:
Databreaches.net
records from this breach used in our total: 0

September 19, 2012 Blue Cross Blue Shield of Massachusetts (BCBS)
Boston, Massachusetts
MED INSD

15,000

A BCBS vendor misused BCBS employee information.  The misuse appears to have been limited to one instance.  Names, Social Security numbers, dates of birth, compensation information, and bank account information may have been exposed.

 
Information Source:
Media
records from this breach used in our total: 15,000

September 18, 2012 Northstar Healthcare
Chicago, Illinois
MED DISC

170 (No SSNs or financial information reported)

An email that was sent to patients displayed the names of all patients who received the email.  The email was sent to patients being treated for HIV or AIDS and inadvertently revealed names and HIV status.

 
Information Source:
PHIPrivacy.net
records from this breach used in our total: 0

September 17, 2012 St. Therese Medical Group
Bakersfield, California
MED STAT

Unknown

A July 22 Saint Therese office theft of a computer resulted in the exposure of patient information.  The computer was unencrypted; however, it was password protected.Names, Social Security numbers, dates of birth, health insurer names, dates of treatment, amount billed, and account balances were exposed. Notifications were sent on September 17.

 
Information Source:
California Attorney General
records from this breach used in our total: 0

September 16, 2012 Quest Diagnostics
Madison, New Jersey
MED INSD

Unknown

A dishonest employee was discovered to have forwarded emails that contained sensitive personal information in late July.  The emails included names, Social Security numbers, addresses, dates of birth, driver's license numbers, financial account information, and medical/health insurance information.  

 
Information Source:
PHIPrivacy.net
records from this breach used in our total: 0

September 16, 2012 Lahey Clinic
Burlington, Massachusetts
MED PORT

Unknown

The loss of a physician's unencrypted, password-free Blackberry at an airport on July 1 resulted in the exposure of patient names, dates of birth, medical record numbers, diagnosis information, procedure names, and test results.  Lahey Clinic was able to remove all data from the device remotely on July 6. Affected patients were notified in late August.

 
Information Source:
PHIPrivacy.net
records from this breach used in our total: 0

September 16, 2012 Lincoln Financial Securities Corporation, Red Boat Advisor Resources
Concord, New Hampshire
BSF HACK

4,657

A server that held TIFF images of customer financial applications was accessed by an unauthorized party between January and early April of 2012. Customers who applied for brokerage accounts, life insurance and annuities, and provided other financial applications may have had their names, Social Security numbers, addresses, email addresses, government issued identification numbers, and financial account information exposed.  Named beneficiaries and other family members may have also had their information exposed.

 
Information Source:
PHIPrivacy.net
records from this breach used in our total: 4,657

September 14, 2012 Feinstein Institute for Medical Research
Manhasset,
MED PORT

13,000

Those with questions may call 888-591-3911.

A laptop stolen on or around September 2, 2012 contained current and former patient names, Social Security numbers, and other personal information.  The laptop was taken from the car of a contractor or employee and may have also contained current and former patient mailing addresses, dates of birth, and medical information. Participants in about 50 different research studies that date back an unknown number of years were affected.

 
Information Source:
PHIPrivacy.net
records from this breach used in our total: 13,000

Breach Total
867,217,832 RECORDS BREACHED
(Please see explanation about this total.)
from 4,257 DATA BREACHES made public since 2005
Showing 801-850 of 4257 results


X

Sign In!

Loading