Chronology of Data Breaches
Security Breaches 2005 - Present

Posted Date: April 20, 2005
Updated Date: December 31, 2013

Is this your first visit to our Chronology of Data Breaches?

  • Read our FAQ about what we define as a breached record, how we calculate the "total" records breached, our data sources, state breach notice laws, studies and other resources

  • Learn how to use our Chronology and take advantage of its sophisticated search and sort features

  • Get our RSS Feed to see when we add new breaches to the list

What would you like to do?


Click or unclick the boxes then select go.


Select features, then click GO.



Help Guide

Can't find the sort feature you're looking for? Click here to download a CSV file of the data breach list as it exisits today.
Breach Total
815,842,526 RECORDS BREACHED
(Please see explanation about this total.)
from 4,488 DATA BREACHES made public since 2005

Save or Print PDF of Entire Breach List including introduction.Save or Print a PDF of Entire Breach List (including introductory FAQ)

Filter breach list before saving or printing PDF. Conduct a search of the Chronology using its sorting features, and Save or Print a PDF of your search results (Select filters)

If you do not have access to PDF, you can print the Chronology in landscape view.

Date Made Public Name Entity Type
March 1, 2009 City of Muskogee
Muskogee, Oklahoma
GOV PORT

4,500

The city of Muskogee recently discovered that a computer zip disk containing personal information has been in public circulation since 2000. The disk in some cases contained phone numbers and in other cases contained Sociel Security numbers. It's believed that a forgetful employee scooped up the disk while putting together surplus items no longer used by the city.

 
Information Source:
Dataloss DB
records from this breach used in our total: 4,500

May 23, 2009 Indianapolis Department of Workforce Development
Indianapolis, Indiana
GOV DISC

4,500

The Department of Workforce Development is notifying approximately 4,500 unemployment recipients concerning the accidental disclosure of their Social Security number to the incorrect employer. The release occurred during the printing of DWD's Statement of Benefit Charges by print vendor, Pitney Bowes Management Services Inc. This form is sent to companies listing those who are collecting unemployment benefits against that employer's account. The misprinted statements contained information from individuals who did not work for that company. Approximately 1,200 companies received incorrect statements.

 
Information Source:
Dataloss DB
records from this breach used in our total: 4,500

August 31, 2007 Voxant
Reston, Virginia
BSO HACK

4,500

A hacker accessed the website and obtained personal information of customers.

 
Information Source:
Dataloss DB
records from this breach used in our total: 4,500

November 3, 2007 Kimscrafts
Topsham, Maine
BSR HACK

4,500

KimsCrafts' on-line ordering system experienced a security breach or security breaches between August 13 and October 1.  Customers who placed orders anytime on or after June 25, 2001 may have had their names, addresses and credit card numbers accessed.  It is not clear whether the breach occurred because of an unauthorized user or because of an employee or contractor mistake.

 
Information Source:
Dataloss DB
records from this breach used in our total: 4,500

June 3, 2011 Trinity Medical Center (Montclair Baptist Medical Center)
Birmingham, Alabama
MED PHYS

4,500

A former employee woman was caught stealing patient information for the purpose of identity theft.  Hundreds of pages of information with patient names, Social Security numbers, dates of birth, and some medical information such as scheduled procedure were found at the employee's woman's residential address. The information is from stolen surgery schedules and was taken between March 22 and April 1. The former employee woman was charged with violating the federal Health Insurance Portability and Accountability Act (HIPAA).

UPDATE (2/01/2012): Additional details reveal that the woman was most likely not an employee of Trinity Medical Center and stole the logs of patient information while supposedly visiting a patient. The paper documents were stolen in a flamboyant way as the woman reportedly jumped over a counter to steal the logs.  The files included information from people who had visited in 2006 when Trinity was known as Montclair Baptist Medical Center.  The logs were recovered on April 8 through a USPS investigation.

She pleaded guilty to the theft and was sentenced to 39 months in federal prison on February 1, 2012.  She will also serve five years of supervised release after her prison time is served.  

 
Information Source:
PHIPrivacy.net
records from this breach used in our total: 4,500

June 6, 2013 Sutter Health East Bay Region: Alta Bates Summit Medical Center, Sutter Delta Medical Center, Eden Medical Center
Sacramento, California
MED UNKN

4,500

Patients who visited Sutter Health's Alta Bates Summit Medical Center, Sutter Delta Medical Center, or Eden Medical Center may have had their names, Social Security numbers, dates of birth, gender, addresses, zip codes, home phone numbers, marital status, names of employers, and work phone numbers exposed.  The Alameda County Sheriff's office notified Sutter Health of the potential breach on May 23.  It is unclear what the source of the breach might be.

UPDATE (06/10/2013): The information was found during a narcotics raid.  The personal information of nearly 4,500 patients was discovered.

UPDATE (07/29/2013): Nelson Family of Companies, a staffing firm, was also involved.

 
Information Source:
California Attorney General
records from this breach used in our total: 4,500

July 30, 2013 US Airways, McKesson, City of Houston, Automatic Data Processing (ADP), AlliedBarton Security Services
Tempe, Arizona
BSO DISC

4,500

A programming error at ADP resulted in the exposure of employee names, Social Security numbers, and other information on W-2 forms.  Employees could have inadvertently downloaded the W-2s of other employees.  The error was corrected on May 4 and involved W-2 forms for tax years 2010, 2011, and/or 2012. ADP alerted US Airways to the issue on June 6, 2013.

UPDATE (09/13/2013): McKesson and the city of Houston were also affected by the breach.

UPDATE (09/30/2013): AlliedBarton Security Services was also affected.  It appears that 206 ADP customers were affected.  Two of the customers affected have at least 4,500 employees.

 
Information Source:
Media
records from this breach used in our total: 4,500

June 29, 2010 University of Maine
Orono, Maine
EDU HACK

4,585

Hackers compromised the personal information of 4,585 students who received services from the school's counseling center. The center provides students with support and mental health services. The information on the servers included names, Social Security numbers and clinical information on every student who sought counseling services from the center between August 8, 2002 and June 21 of this year.

 
Information Source:
Dataloss DB
records from this breach used in our total: 4,585

March 1, 2006 Medco Health Solutions
Columbus, Ohio
MED PORT

4,600

A laptop containing Social Security numbers for State of Ohio employees and their dependents, as well as their birth dates and, in some cases, prescription drug histories was stolen from an employee. The theft occurred in December and Medco contacted Ohio officials in February.  The company agreed to provide free credit monitoring and fraud alert services for the affected families for one year.

 
Information Source:
Dataloss DB
records from this breach used in our total: 4,600

November 1, 2006 U.S. Army Cadet Command
Fort Monroe, Virginia
GOV PORT

4,600 high school seniors

1-866-423-4474, Email: mydata@usaac.army.mil 

A laptop computer was stolen that contained the names, addresses, telephone numbers, birthdates, Social Security numbers, parent names, and mother's maiden names of applicants for the Army's four-year ROTC college scholarship.

 
Information Source:
Dataloss DB
records from this breach used in our total: 4,600

April 21, 2006 Impac Funding Corporation
Newport Beach, California
BSF PORT

4,600

Customers may call (949) 475-6255.

Several laptops were stolen.  Saved emails with the names and Social Security numbers of customers may have been on one of the stolen laptops.

 
Information Source:
Dataloss DB
records from this breach used in our total: 4,600

October 10, 2006 Florida Labor Department
Tallahassee, Florida
GOV DISC

4,624

The names and SSNs of 4,624 Floridians were accessible on the Internet for approximately 18 days in September. The data were not accessible through websites, but an individual came across the information when Googling his own name. The agency has asked Google to remove the pages from its cache, and has notified all affected individuals by mail.  Individuals who had registered with Florida 's Agency for Workforce Innovation were affected.

 
Information Source:
Dataloss DB
records from this breach used in our total: 4,624

September 16, 2012 Lincoln Financial Securities Corporation, Red Boat Advisor Resources
Concord, New Hampshire
BSF HACK

4,657

A server that held TIFF images of customer financial applications was accessed by an unauthorized party between January and early April of 2012. Customers who applied for brokerage accounts, life insurance and annuities, and provided other financial applications may have had their names, Social Security numbers, addresses, email addresses, government issued identification numbers, and financial account information exposed.  Named beneficiaries and other family members may have also had their information exposed.

 
Information Source:
PHIPrivacy.net
records from this breach used in our total: 4,657

January 15, 2014 South Carolina Department of Employment and Workforce
Columbia, South Carolina
GOV INSD

4,658

 A South Carolina Department of Employment and Workforce human resources employee allegedly downloaded the personal information of 4,658 current and former DEW employess to a personal device, according to authorities.

The data downloaded may have included payroll information, Social Security numbers and bank account information. The employee has since been fired. The incident allegedly occurred on December 18, 2013.

 
Information Source:
Media
records from this breach used in our total: 4,658

May 7, 2008 SAIC
, Maryland
BSO PORT

4,690

The breach appears to have occurred somewhere in Maryland.  Please call (877) 277-8001 for more information.

SAIC stockholders are at risk of identity theft after a box of magnetic backup tapes went missing. The tapes contained names, addresses, Social Security numbers, stock account information, transaction activity and possibly bank account numbers for current or former shareholders.

 
Information Source:
Media
records from this breach used in our total: 4,690

June 4, 2008 Oregon State University
Corvallis, Oregon
EDU HACK

4,700

The Oregon State Police are investigating the theft of personal information from online customers of the OSU Bookstore who used credit cards to purchase items.

 
Information Source:
Dataloss DB
records from this breach used in our total: 4,700

July 14, 2008 Washington Metropolitan Area Transit Authority
Washington, District Of Columbia
GOV DISC

4,700

Metro accidentally published the Social Security numbers of past and present employees on its Web site. The numbers were posted with a solicitation to companies for workers' compensation and risk management services.

 
Information Source:
Dataloss DB
records from this breach used in our total: 4,700

June 6, 2006 University of Texas at El Paso
El Paso, Texas
EDU HACK

4,719

Students demonstrated that student body and faculty elections could be rigged by hacking into student information including Social Security numbers.

 
Information Source:
Dataloss DB
records from this breach used in our total: 4,719

January 29, 2008 Wake County (NC) Emergency Medical Services
Raleigh, North Carolina
MED PORT

4733

A Panasonic Toughbook used by county paramedics to store patient information on ambulance runs went missing from the WakeMed emergency department and now is thought to have been stolen. The laptop contained names, addresses and Social Security numbers.

UPDATE (2/7/08):  The laptop also may have the names and Social Security numbers of emergency personnel. The number includes county paramedics, firefighters and contracted emergency medical technicians and paramedics from municipal agencies.

 
Information Source:
Dataloss DB
records from this breach used in our total: 4,733

November 18, 2005 Indiana University Kelley School of Business
Indianapolis, Indiana
EDU HACK

5,278 (4,778 SSNs reported)

Students at the Indianapolis and Bloomington campuses may have been affected.

A hacker may have accessed the names, Social Security numbers and grades of students who enrolled in Introduction to Business courses between 2001 and 2005. The computer may have been hacked and installed with malware as early as August. A representative believes the breach occurred because the files were stored on a computer that did not have current anti-virus and system-protection software.

 
Information Source:
Dataloss DB
records from this breach used in our total: 4,778

March 13, 2008 University Health Care
Salt Lake City, Utah
MED PORT

4,800

A laptop and flash drive containing patient data were stolen after hours from a locked office. Data included patients' names, addresses, and in some cases, medications, health insurance policy numbers, and Social Security numbers.

 
Information Source:
Dataloss DB
records from this breach used in our total: 4,800

August 16, 2012 Office of Dr. Jeffrey Paul Edelstein
Chandler, Arizona
MED STAT

4,800

Those with questions may call 1-877-615-3743.

Someone who had key access to a building containing a computer server stole the server on May 28.  Patient data including names, Social Security numbers, dates of birth, addresses, telephone numbers, account numbers, and diagnoses were on the server.  The server contained multiple layers of password protection.  

 
Information Source:
PHIPrivacy.net
records from this breach used in our total: 4,800

June 10, 2011 Texas Department of Assistive and Rehabilitative Services
Austin, Texas
GOV UNKN

4,900

Current and former employees of the Texas Rehabilitation Commission, the Commission for the Blind and the Commission for the Deaf and Hard of Hearing may have also been affected.

Current and former employees may have had their personal information exposed.  Notification of the incident was sent as soon as Department of Assistive and Rehabilitative Services (DARS) officials learned of the breach.  Though a law enforcement investigation is taking place, no information regarding the date of the breach, the cause of the breach or the type of information exposed has been disclosed.  

 
Information Source:
Databreaches.net
records from this breach used in our total: 4,900

March 20, 2005 University of Nevada, Las Vegas
Las Vegas, Nevada
EDU HACK

5,000

A hacker was caught accessing the University's server and may have gotten information from the Student Exchange and Visitor Information System (SEVIS).

 
Information Source:
Dataloss DB
records from this breach used in our total: 5,000

March 25, 2010 Evergreen Public Schools
Vancouver, Washington
EDU INSD

5,000

A 21-year-old former Evergreen Public Schools student has pleaded guilty to criminal charges in connection with a computerized payroll security breach that put more than 5,000 past and current Vancouver district school employees at risk of identity theft. The man had "shoulder-surfed" a password from an Evergreen school employee while still a student there.

 
Information Source:
Dataloss DB
records from this breach used in our total: 5,000

December 15, 2009 Detroit's Health Department
Detroit, Michigan
GOV PORT

5,000

(877) 737-4780

Police are investigating two incidents in which patients' medical records -- including social security numbers -- were stolen from the city's health department. The first theft occurred in late October when a flash drive was stolen from a health department employee's car. It contained files with birth certificate information for babies born in 2008 and the first half of 2009 whose parents reside in the 48202 and 48205 zip codes. Also a part of the files were information on the mothers' names and health conditions, the fathers' names, addresses, Medicaid numbers and social security numbers. The second incident happened over the Thanksgiving break when five computers were stolen from the immunization program at the department's Herman Kiefer Health Complex. One of the computers contained Medicare and Medicaid seasonal flu billing information for 2008.

 
Information Source:
Dataloss DB
records from this breach used in our total: 5,000

June 8, 2006 University of Michigan Credit Union
Ann Arbor, Michigan
BSF PHYS

5,000

Paper documents containing personal information of credit union members were stolen from a storage room. The documents were supposed to have been digitally imaged and then shredded. Instead, they were stolen and used to perpetrate identity theft.

 
Information Source:
Dataloss DB
records from this breach used in our total: 5,000

December 5, 2009 Wake County Schools
Raleigh, North Carolina
EDU DISC

5,000

The Wake County school system accidentally sent out about 5,000 postcards with students' Social Security Numbers printed on the front. Wake schools mailed about 15,000 reminders asking parents to specify if they want to keep their children in magnet or traditional calendar schools. About a third of those cards had the Social Security Numbers printed alongside the child's name - a holdover from recent years when those nine-digit numbers were used to identify students.

 
Information Source:
Dataloss DB
records from this breach used in our total: 5,000

May 24, 2007 Beacon Medical Services
Aurora, Colorado
MED DISC

5,000

Private medical and financial information including patient records from at least 10 Colorado clinics and hospitals, and one hospital in Peoria, Illinois that should have been only accessible through VPN access were inadvertently available on the Internet.

 
Information Source:
Dataloss DB
records from this breach used in our total: 5,000

July 27, 2007 American Education Services, Vista Financial Inc
Harrisburg, Pennsylvania
BSF PORT

5,000

Personal information was on a laptop stolen in a burglary at a subcontractor's headquarters. The information, which was not encrypted, included names, addresses, phone numbers, e-mail addresses and Social Security numbers.

 
Information Source:
Dataloss DB
records from this breach used in our total: 5,000

February 5, 2010 Wyoming Department of Health Kid Care CHIP
Cheyenne, Wyoming
GOV DISC About 5,000
Applicants of the Wyoming Kid Care CHIP program had their information exposed online. Family home addresses and the Social Security numbers of children involved were available to the general public via a Google search.  
Information Source:
Databreaches.net
records from this breach used in our total: 5,000

January 4, 2008 Health Net
Mountain View, California
MED PORT

5,000

Additional locations: Connecticut.

Thousands of Health Net employees in Connecticut and other states have been notified that their names and Social Security numbers were on a laptop computer that was stolen more than a month ago from a company vendor. The laptop had information on about 5,000 employees companywide and an undisclosed number of health-care providers outside the Northeast.

 
Information Source:
Dataloss DB
records from this breach used in our total: 5,000

January 15, 2008 Department of Revenue Wisconsin
Madison, Wisconsin
GOV PHYS

5,000

Breach locations:   Lena, Marinette, Little Suamico, Freedom, Kaukauna, Kimberly, Little Chute, Krakow, Keshena and Lakewood

Taxpayers in northeastern Wisconsin had their Social Security numbers exposed in a state mailing. A folding error, apparently the result of a faulty machine, allowed the Social Security numbers to be seen through the clear address window of the envelope.

 
Information Source:
Dataloss DB
records from this breach used in our total: 5,000

February 2, 2008 Diocese of Providence
Providence, Rhode Island
NGO STAT

5,000

Four computers were taken, and one had personal information on current and former Catholic school employees. The theft possibly exposed names, addresses and Social Security numbers.

 
Information Source:
Dataloss DB
records from this breach used in our total: 5,000

March 8, 2008 MTV Networks
Los Angeles, California
BSO HACK

5,000

Computer files with confidential data on employees at MTV Networks were breached by someone outside the company. Personal information in the files included names, birth dates, Social Security numbers and compensation data.

 
Information Source:
Dataloss DB
records from this breach used in our total: 5,000

March 26, 2008 Presbyterian Intercommunity Hospital
Whittier, California
MED STAT

5,000

About 5,000 past and current employees at Presbyterian Intercommunity Hospital had their private information stolen. The data included Social Security numbers, birth dates, full names and other records stored on a desktop computer that was stolen.

 
Information Source:
Media
records from this breach used in our total: 5,000

May 8, 2008 Dominican University
River Forest, Illinois
EDU HACK

5,000

Two students were able to access records on a staff network storage area. The files accessed were three spreadsheets that included students' names, addresses, phone numbers, birthdays and Social Security numbers.

 
Information Source:
Dataloss DB
records from this breach used in our total: 5,000

May 21, 2008 Oklahoma Corporation Commission
Oklahoma City, Oklahoma
GOV STAT

5,000

The Oklahoma Corporation Commission is removing hard drives from all surplus computer equipment after a server containing the names and Social Security numbers of thousands of residents was sold at an auction.

 
Information Source:
Media
records from this breach used in our total: 5,000

June 12, 2008 Columbia University
New York, New York
EDU DISC

5,000

Social Security numbers of some 5,000 Columbians were accidentally posted by a student employee on a Google-hosted site in February 2007. Student Services discovered the leak in June 2008 and removed the sensitive data after it had been available for 16 months.

 
Information Source:
Dataloss DB
records from this breach used in our total: 5,000

July 17, 2008 Department of Consumer Affairs
Sacramento, California
GOV INSD

5,000

A Consumer Affairs personnel specialist in Sacramento, emailed an alpha personnel file containing names and Social Security numbers of the department's more than 5,000 staff to a personal Yahoo email account at the end of the day, her last day at the department.

 
Information Source:
Dataloss DB
records from this breach used in our total: 5,000

August 12, 2008 Wells Fargo
Minneapolis, Minnesota
BSF HACK

5,000

Wells Fargo is notifying customers that hackers have accessed their confidential personal data by illegally using its access codes. Personal information including names, addresses, dates of birth, Social Security numbers, driver's licence numbers and in some cases, credit account information was accessed by unauthorised persons.

 
Information Source:
Dataloss DB
records from this breach used in our total: 5,000

November 1, 2008 Seattle School District
Seattle, Washington
EDU DISC

5,000

Personal information, including Social Security numbers, was inadvertently released to a local union representing some district workers. The 5,000 employees are more than half the district's work force. Included were about 700 members of International Union of Operating Engineers Local 609, which represents custodial, nutritional services, security- and alarm-monitoring workers.

 
Information Source:
Dataloss DB
records from this breach used in our total: 5,000

July 16, 2010 Connecticut Department of Labor
Bridgeport, Connecticut
GOV PORT

5,000

A highly encrypted laptop was stolen from the office of the Connecticut Department of Labor. The laptop contained confidential information about unemployment insurance claims, wage discrepancy complaints and some Bridgeport area employers.

 
Information Source:
Databreaches.net
records from this breach used in our total: 5,000

June 30, 2006 Washington Regional Medical Center
Fayetteville, Arkansas
GOV PORT

5,000

A computer from the Human Resources Division of Washington Regional Medical Center was stolen on April 14. The computer was stolen from the employee's office during a 45 minute absence. Current and former employees may have had their personal information exposed.

 
Information Source:
Dataloss DB
records from this breach used in our total: 5,000

November 29, 2011 University of California Riverside (UCR)
Riverside, California
EDU HACK

5,000

Those with questions may call 1-855-827-2277.

Several customers of the UCR Dining Services location reported fraudulent credit and debit card activity to UCR.  On or around November 16, it became clear that registers at UCR food services locations were compromised by a cyber hacker.  Anyone who used a card, including visitors, between the summer of 2011 and November 16, 2011 may have had their financial information obtained. The information includes cardholder names, numbers, expiration dates, and an encrypted version of debit PINs.

 
Information Source:
Databreaches.net
records from this breach used in our total: 5,000

October 27, 2011 Department of Education
Washington, District Of Columbia
GOV DISC

5,000

As many as 5,000 users of the Department of Education's website may have had their information viewed by other users who logged in to the website.  The breach lasted for six to seven minutes and exposed Social Security numbers and other student information.  The site was shut down and examined for 48 hours after the incident.

 
Information Source:
Databreaches.net
records from this breach used in our total: 5,000

July 24, 2012 New York University Langone Medical Center, Office of Dr. Eric C. Parker, Office of Dr. Patrick J. Kelly
New York, New York
MED STAT

8,400 (5,000 SSNs reported)

Those with questions may call (877) 615-3775.  

The May 23 office theft of a desktop computer resulted in the exposure of patient information.  The computer was password protected and had security software, but was not encrypted. Patient names, addresses, dates of birth, telephone numbers, insurance information, and clinical information may have been exposed.  Additionally, approximately 5,000 patients had their Social Security numbers exposed.

 
Information Source:
PHIPrivacy.net
records from this breach used in our total: 5,000

October 18, 2012 Blount memorial Hospital
Maryville, Tennessee
MED PORT

27,000 (5,000 SSNs reported)

A password-protected laptop was stolen from an employee's home on August 25.  It contained two groups of patient data.  Patient names, dates of birth, responsible party names, patient addresses, physician names, and billing information for 22,000 patients were on the laptop. An additional 5,000 patients had similar information exposed as well as their Social Security numbers and other non-medical information.

 
Information Source:
PHIPrivacy.net
records from this breach used in our total: 5,000

May 31, 2013 Bon Secours Hampton Roads Health System, Bon Secours Mary Immaculate Hospital
Newport News, Virginia
MED INSD

5,000

An April 2013 audit revealed that a patient's medical record had been accessed in a way that was inconsistent with hospital policy.  A further investigation revealed that two team members of the patient care team had accessed the records of multiple patients in ways that were inconsistent with their job function.  The employees were fired.   Patient names, dates and times of service, provider and facility names, Social Security numbers, internal hospital medical records and account numbers, dates of birth, diagnosis, medications, vital signs, and other treatment information may have been accessed.

 
Information Source:
PHIPrivacy.net
records from this breach used in our total: 5,000

May 6, 2014 Molina Healthcare
Long Beach, California
MED PHYS

5,000

Molina Healthcare has communicated to former members about a data breach that included their Social Security numbers.

Molina said it contracted with a printing company to print postcards that contained information about benefits offered. Unfortunately the postcards did not contain names of the individuals, but addresses and Social Security numbers of the individual.

 

 

 
Information Source:
Media
records from this breach used in our total: 5,000

Breach Total
815,842,526 RECORDS BREACHED
(Please see explanation about this total.)
from 4,488 DATA BREACHES made public since 2005
Showing 3551-3600 of 4488 results


X

Sign In!

Loading