Chronology of Data Breaches
Security Breaches 2005 - Present

Posted Date: April 20, 2005
Updated Date: December 31, 2013

Is this your first visit to our Chronology of Data Breaches?

  • Read our FAQ about what we define as a breached record, how we calculate the "total" records breached, our data sources, state breach notice laws, studies and other resources

  • Learn how to use our Chronology and take advantage of its sophisticated search and sort features

  • Get our RSS Feed to see when we add new breaches to the list

What would you like to do?


Click or unclick the boxes then select go.


Select features, then click GO.



Help Guide

Can't find the sort feature you're looking for? Click here to download a CSV file of the data breach list as it exisits today.
Breach Total
864,188,052 RECORDS BREACHED
(Please see explanation about this total.)
from 4,252 DATA BREACHES made public since 2005

Save or Print PDF of Entire Breach List including introduction.Save or Print a PDF of Entire Breach List (including introductory FAQ)

Filter breach list before saving or printing PDF. Conduct a search of the Chronology using its sorting features, and Save or Print a PDF of your search results (Select filters)

If you do not have access to PDF, you can print the Chronology in landscape view.

Date Made Public Name Entity Type
January 20, 2009 Kanawha-Charleston Health Department
Charleston, West Virginia
GOV INSD

11,000

People who received flu shots from the agency since October are being warned that their personal information may have been stolen by a former department temporary worker. Information included their names, Social Security numbers, addresses and other personal information.

 
Information Source:
Dataloss DB
records from this breach used in our total: 11,000

March 23, 2010 Connecticut Office of Policy and Management
Hartford, Connecticut
GOV INSD

11,000

Police are investigating the theft of personal information — including Social Security numbers, names and addresses — from as many as 11,000 people who had applied for furnace rebate programs with the state. The investigation by Hartford and state police has led them to a woman who worked at the state Office of Policy and Management from May 2008 until May 2009. There have been no arrests. The state collected Social Security numbers because the refunds are federally taxable and the state was required to send a 1099 tax form to the recipients.

 
Information Source:
Dataloss DB
records from this breach used in our total: 11,000

April 24, 2013 City of Berkeley
Berkeley, California
GOV DISC

11,000

A media group who regularly collects public employee salary and benefit information released Social Security numbers after they were mistakenly included in a file that the City of Berkeley provided.  The information was sent by Berkeley in March and the mistake was discovered in early April.  Around 2,000 active staff members and 9,000 retirees were affected.  mistakenly released the Social Security numbers of the employees as well.  

 
Information Source:
Media
records from this breach used in our total: 11,000

December 14, 2013 Lanap and Implant Center of Pennsylvania
Collegeville, Pennsylvania
MED DISC

11,000

Those who want to know if they were affected may call 1-(570)-704-5854.

The Lanap and Implant Center learned of a breach on September 17, 2012.  Patient information had been uploaded to websites in February of 2010 where it could be downloaded by anyone.  Names, Social Security numbers, addresses, dates of birth, phone numbers, dates of appointments, types of services provided, dental insurance information, and other patient records were available.  At least 5,000 patients were informed of the breach sometime around November 1, 2012.  The information appears to still be available for download.

 
Information Source:
PHIPrivacy.net
records from this breach used in our total: 11,000

June 10, 2008 University of Florida
Gainesville, Florida
EDU DISC

11,300

Current and former students had their Social Security numbers, names and addresses accidentally posted online. The information became available when former student employees of the Office for Academic Support and Institutional Service, or OASIS, program created online records of students participating in the program between 2003 and 2005.

 
Information Source:
Dataloss DB
records from this breach used in our total: 11,300

May 5, 2005 Purdue University
West Lafayette, Indiana
EDU HACK

11,360

Hackers accessed a program which contained University credit card information and the Social Security numbers of current and former employees. Letters were sent to employees and former employees.

 
Information Source:
Dataloss DB
records from this breach used in our total: 11,360

November 30, 2006 Pennsylvania Department of Transportation (PennDOT)
Dunmore, Pennsylvania
GOV STAT

11,384

Affected individuals can call (800) PENNDOT if you have questions.

Thieves stole equipment from a driver's license facility late evening Nov. 28, including computers containing personal information on more than 11,000 people. Information included names, addresses, dates of birth, driver's license numbers and both partial and complete SSNs (complete SSNs for 5,348 people). Also stolen were supplies used to create drivers licenses and photo IDs. The state maintains 97 driver's license facilities.

 
Information Source:
Dataloss DB
records from this breach used in our total: 11,384

June 17, 2010 Ocean Lakes High School
Virgina Beach, Virginia
EDU HACK

11,388

Schools that may have been accessed: Advanced Technology Center, Corporate Landing Middle School, Creeds Elementary School, Fairfield Elementary School, Indian Lakes Elementary School, Kellam High School, Kingston Elementary School, Landstown Middle School, Linkhorn Park Elementary School, Lynnhaven Middle School, New Castle Elementary School, Ocean Lakes Elementary School, Ocean Lakes High School, Red Mill Elementary School, Renaissance Academy, Rosemont Elementary School, Salem Elementary School, Technical & Career Education Center, Thalia Elementary School, Three Oaks Elementary School, Windsor Oaks Elementary School.

Over 11,388 students from schools listed on the Virginia Beach City County Public Schools page of publicschoolreview.com

Because of an incorrect security setting, an Ocean Lakes High School student was able to access a temporary file on a server that contained the names, addresses and Social Security numbers of students at 22 schools. The breach was discovered when the student tried to print some of the information in the school library. In addition to names, addresses and Social Security numbers, the student files also contain parent names, phone numbers, class schedules, birth dates and student ID numbers.

 
Information Source:
Dataloss DB
records from this breach used in our total: 11,388

August 12, 2010 Walsh Pharmacy
Fall River, Massachusetts
MED PORT

11,440

A DVD with patient information was lost in transit.  Information included patient names as well as some Social Security numbers, health insurance information, driver's license numbers and prescription information. The DVD was not in the envelope when the recipient opened it.

UPDATE (8/18/10): The incident involved 11,440 patients.

 
Information Source:
PHIPrivacy.net
records from this breach used in our total: 11,440

January 25, 2007 Wahiawa Women, Infants and Children program (WIC)
Honolulu, Hawaii
GOV INSD

11,500 current and former clients

  (808) 586-8080, http://www.hawaii.gov/dcca/quicklinks/id_theft_info

A WIC employee apparently stole the personal information of agency clients, including SSNs, and committed identity theft on at least 3 families and perhaps 2 more. The Health Director said the agency will no longer use SSNs in its data base.

 
Information Source:
Dataloss DB
records from this breach used in our total: 11,500

March 3, 2007 Johnny's Selected Seeds
Winslow, Maine
BSR HACK

11,500

Hacker accessed credit card account information of online customers. About 20 credit cards have been used fraudulently.

 
Information Source:
Dataloss DB
records from this breach used in our total: 11,500

March 6, 2008 Cascade Healthcare Community
Prineville, Oregon
MED HACK

11,500

A computer virus may have exposed to outside eyes the names, credit card numbers, dates of birth and home addresses of individuals who donated to Cascade Healthcare Community.

 
Information Source:
Dataloss DB
records from this breach used in our total: 11,500

July 25, 2006 Armstrong World Industries, Deloitte & Touche
Lancaster County, Pennsylvania
BSO PORT

12,000

A laptop containing personal information of current and former employers was stolen. The computer was in the possession of the company's auditor, Deloitte & Touche. Data included names, home addresses, phone numbers, SSNs, employee ID numbers, salary data, and bank account numbers of employees who have their checks directly deposited.

 
Information Source:
Dataloss DB
records from this breach used in our total: 12,000

April 11, 2007 ChildNet
Ft. Lauderdale, Florida
NGO PORT

12,000

An organization responsible for managing Broward County's child welfare system believes a dishonest former employee stole a laptop from the agency's office. It contains personal information of adoptive and foster-care parents including financial and credit data, Social Security numbers, driver's license data and passport numbers.

 
Information Source:
Dataloss DB
records from this breach used in our total: 12,000

July 27, 2007 City Harvest
New York, New York
NGO HACK

12,000

 (917) 351-8763

City Harvest is currently investigating a potential improper access of systems that contained credit card information of their donors.

 
Information Source:
Dataloss DB
records from this breach used in our total: 12,000

November 15, 2007 Roudebush Veteran's Administration Medical Center
Indianapolis, Indiana
MED STAT

12,000

Two personal computers and a laptop computer were allegedly stolen from an unsecured room. One of the stolen computers contained the names, Social Security numbers and dates of service of approximately 12,000 veterans.

UPDATE (3/19/08) : A 50 year old Indianapolis man was arrested Monday on one count of Class D felony theft after investigators identified him from surveillance video. A probable cause affidavit, a sworn police statement filed in support of the charge, identifies him as a former patient at the facility.The man has been charged in the disappearance of hospital computer equipment that contained the records of nearly 12,000 patients.

 
Information Source:
Dataloss DB
records from this breach used in our total: 12,000

December 6, 2007 Oak Ridge National Laboratory
Oak Ridge, Tennessee
GOV HACK

12,000

Hackers may have infiltrated a non-classified database containing names, Social Security numbers and birth dates of every lab visitor between 1990 and 2004. The assault was in the form of phony e-mails containing attachments, which when opened allowed hackers to penetrate the lab's computer security. The lab has sent letters to about 12,000 potential victims.

 
Information Source:
Dataloss DB
records from this breach used in our total: 12,000

April 21, 2010 US Army Reserve
Fort Totten, New York
GOV PHYS

12,000

The Army is warning about 12,000 military and civilian personnel once associated with a reserve command based at Fort Totten that they should check their credit records, after discovering that it cannot locate files containing information that could make them vulnerable to identity theft. The records cover reservists from Long Island, New York City and upstate who were assigned to the 77th Regional Readiness Command and its subordinate units from 2001 until the unit was absorbed by the 99th Regional Support Command in 2008. The files were discovered missing when the new command asked for an accounting of the old unit’s records. They could have been burned, shredded or stolen.

 
Information Source:
Dataloss DB
records from this breach used in our total: 12,000

April 16, 2010 Blue Cross and Blue Shield of Rhode Island (BCBSRI)
Providence, Rhode Island
MED PHYS

12,000

A filing cabinet containing survey information from approximately 12,000 BlueCHIP for Medicare members was donated to a local nonprofit organization.  The surveys were from 2001 to early 2004 and contained information such as names, Social Security numbers, telephone numbers, addresses and Medicare Identification numbers.

 
Information Source:
Databreaches.net
records from this breach used in our total: 12,000

November 6, 2010 General Services Administration
Washington, District Of Columbia
GOV INSD

12,000

An employee sent an email with the names and Social Security numbers of the entire staff to a private, outside address. Though notification emails were sent at the end of September, many employees learned of the incident in November.

 
Information Source:
Databreaches.net
records from this breach used in our total: 12,000

January 26, 2006 College of St. Scholastica
Duluth, Minnesota
EDU STAT

12,000

A computer was stolen from a locked office in the College's information Technology Department on or around December 24. The computer had Social Security numbers and names of current and former students. The thief was caught and claims that none of the personal information was used.

 
Information Source:
Dataloss DB
records from this breach used in our total: 12,000

January 24, 2011 Grays Harbor Pediatrics
Aberdeen, Washington
MED PORT

12,000

People with questions about the incident may call 1-877-810-7248.

A backup tape was stolen from an employee's car sometime around November 23.  The device was used for storing copies of paper records.  Patients may have had their names, Social Security numbers, insurance details, driver's license information, immunization records, medical history forms, previous doctor records and patient medical records scanned and placed on the backup tape.

 
Information Source:
PHIPrivacy.net
records from this breach used in our total: 12,000

March 16, 2011 St. Louis University
St. Louis, Missouri
EDU HACK

12,800

The University's network was hacked on December 12, 2010. The breach was discovered on December 13 and a statement was available on the University's website on January 31, 2011. Eight hundred students and 12,000 current and former employees and contractors were affected. Only people who worked for Saint Louis University at some point had their Social Security numbers exposed. Some students who received counseling through the University's Student Health Services may have had their names, dates of birth, tests, diagnosis and treatment information exposed.

 
Information Source:
PHIPrivacy.net
records from this breach used in our total: 12,000

June 11, 2011 Penn State Altoona
Altoona, Pennsylvania
EDU HACK

12,000

A virus infected a Penn State Altoona computer that contained the names, addresses and Social Security numbers of alumni, faculty and staff members.  The virus appeared on the computer sometime during the spring semester and was discovered on March 15.  Those who were affected were not notified until June because the full list of affected people and their contact information had to be obtained by investigators.  Only alumni with identical Social Security numbers and student IDs were affected.

 
Information Source:
Databreaches.net
records from this breach used in our total: 12,000

September 30, 2011 Florida Hospital
Orlando, Florida
MED INSD

12,000

Patients with questions may call (855) 366-0141. Patients in Orange, Osceola, and Seminole counties were affected.

Patients who visited emergency departments of three Central Florida county Florida Hospitals between January 1, 2010 and August 15, 2011 may have had their information improperly accessed by one or more employees.  Patient names, Social Security numbers, dates of birth and insurance information were exposed.  Several employees were fired for misconduct, but one employee was fired for viewing patient information without authorization for the purpose of identifying motor vehicle accident victims.  The hospital launched an investigation after a car-accident victim felt that a soliciting attorney had somehow obtained his medical information.

UPDATE (10/19/2011): The FBI is now investigating the disclosure of patient information.  It appears that three employees sold accident victim data to an attorney referral service.  Former patients have also been contacted by funeral homes and at least one patient became an identity theft victim.

UPDATE (08/18/2012): One dishonest employee who worked at Florida Hospital Celebration allegedly viewed the emergency room records of 763,000 patients. A total of 12,000 patients from the group of 763,000 were contacted by the Hospital and notified of the risk of identity theft.

UPDATE (10/22/2012): The former employee worked at Florida Hospital from July 2006 until July 2011 and was responsible for registering emergency patients.  The scam involved patient phone referrals to a lawyer or chiropractor who knew details about car accidents and hospital treatments. The dishonest employee had illegally gathered the patient information during emergency visits. He pleaded guilty to conspiracy to obtain health information and wrongful disclosure of health information. 

UPDATE (01/07/2013): A man associated with Metro Chiropractic and Wellness Center and City Lights Medical Center pleaded guilty to charges related to illegally obtaining patient information from two spouses who worked at Florida Hospital Celebration. He was charged with one count of conspiracy to defraud the United States and four counts of making a payment to a non-licensed physician.

UPDATE (04/12/2013): One former patient affected by the breach has brought a lawsuit against Adventist Health System/Sunbelt, Inc.  Florida Hospital Celebration and 36 other hospitals compose the Adventist network. The former patient is alleging that their privacy rights as a patient were violated when Adventist Health System/Sunbelt Inc. failed to prevent emergency room works from selling access to their medical records.

UPDATE (07/12/2013): The lawsuit that was filed in April was dismissed by a judge on July 3. Another lawsuit was then filed in Orange County Circuit Court in Orlando.

 
Information Source:
PHIPrivacy.net
records from this breach used in our total: 12,000

March 20, 2013 Savannah River Site (SRS)
Aiken, South Carolina
GOV DISC

12,000

A security breach allowed access to the personal records of at least 12,000 SRS workers.  The breach does not appear to be the result of a cyber attack.  Workers may have had financial information exposed.

 
Information Source:
Media
records from this breach used in our total: 12,000

November 8, 2013 Baltimore County
Baltimore, Maryland
GOV INSD

12,000

A contractor who worked for Baltimore County between December of 2011 and July of 2012 was found to have saved the personal information of 12,000 county employees to computers for reasons unrelated to work.  The information was discovered during an investigation in Florida and came from payroll files dated between January and March of 2007.  Employees who had their paychecks direct deposited were affected and the bank account information of 6,633 employees was exposed.  Baltimore county employees are no longer allowed to download personal information to county computers and more than 5,000 county hard drives will be cleared of related data.

 
Information Source:
Media
records from this breach used in our total: 12,000

January 30, 2012 TryMedia (TM Acquisition)
Seattle, Washington
BSR HACK

12,456

TryMedia is a division of RealNetwork.  RealNetworks is located in Seattle, Washington. 

Try Media's ActiveStore application was attacked by intruders who were able to intercept and obtain the credit card information of customers.  Credit card numbers, expiration dates, security codes, addresses, email addresses, and passwords to user accounts for transactions that occurred between November 4, 2011 and December 2, 2011 were accessed.  

 
Information Source:
Databreaches.net
records from this breach used in our total: 12,456

March 2, 2010 Shands at UF
Gainesville, Florida
MED PORT

12,500

Shands at UF sent notification letters to about 12,500 people Monday warning them that a laptop containing their personal and medical information was stolen. An employee had uploaded the information onto his home laptop for work-related purposes. The laptop held information about patients referred to the gastroenterology clinical services department. Included were names, addresses, medical record numbers, and in the case of 650 patients, Social Security numbers.

 
Information Source:
Dataloss DB
records from this breach used in our total: 12,500

December 9, 2011 Logan County Emergency Ambulance Service Authority (LEASA)
Logan, West Virginia
MED PORT

12,563

Affected patients may call (304) 792-0191 (ext. 201) or email psheppard@leasa.org for more information.

A laptop was discovered missing on October 1, 2011.  It was either lost or stolen.  It contained names, Social Security numbers, addresses, and health information from patients. The laptop appears to have not been used to connect to the internet since October 1 and LEAS is attempting to block potential use of the device.

 
Information Source:
HHS via PHIPrivacy.net
records from this breach used in our total: 12,563

April 3, 2007 Commerce Banc Insurance Services (CBIS)
Cherry Hill, New Jersey
BSF PORT

12,876

A CBIS vendor had a laptop stolen.  CBIS employees may have had their names, Social Security numbers, and possibly health information exposed.

 
Information Source:
Dataloss DB
records from this breach used in our total: 12,876

November 11, 2005 Georgia Tech University Office of Enrollment Services
Atlanta, Georgia
EDU STAT

13,000

On October 16 of 2005 computers were stolen from campus which contained the names, Social Security numbers, addresses and birth dates of current and prospective students. Notifications were sent to those who were affected.

 
Information Source:
Dataloss DB
records from this breach used in our total: 13,000

June 18, 2006 ING U.S. Financial Services, Jackson Health System
Miami, Florida
BSF PORT

13,000

Two ING laptops that carried sensitive data affecting Jackson Health System hospital workers were stolen in December 2005. The computers, belonging to financial services provider ING, contained information gathered during a voluntary life insurance enrollment drive in December and included names, birth dates and Social Security numbers.

 
Information Source:
Dataloss DB
records from this breach used in our total: 13,000

June 18, 2006 ING U.S. Financial Services
Washington, District Of Columbia
BSF PORT

13,000

A laptop was stolen from an employee's home.  It contained retirement plan information including Social Security numbers of D.C. city employees.

 
Information Source:
Dataloss DB
records from this breach used in our total: 13,000

June 26, 2006 AAAAA Rent-A-Space
Colma, California
BSO DISC

13,000

Customer's account information including name, address, credit card, and Social Security number was easily accessible due to a security gap in AAAAA's online payment system.

 
Information Source:
Dataloss DB
records from this breach used in our total: 13,000

May 11, 2007 Highland Hospital (Rochester, NY)
Rochester, New York
MED PORT

13,000

HighlandHospitalAdmin@urmc.rochester.edu

Two laptop computers, one containing patient information including Social Security numbers, were stolen from a business office. The computers were sold on eBay, and the one containing personal information was recovered.

 
Information Source:
Dataloss DB
records from this breach used in our total: 13,000

August 29, 2008 Louisiana Real Estate Commission
Baton Rouge, Louisiana
GOV DISC

13,000

A glitch during a computer upgrade caused the names, addresses and Social Security numbers of licensed agents to be exposed on the Internet. The commission was transferring its online programs to a new server when the sensitive electronic file, which is not normally posted on the Internet, was left unsecured and slipped in among the commission materials that could be seen online.

 
Information Source:
Dataloss DB
records from this breach used in our total: 13,000

August 30, 2008 Ohio Police & Fire Pension System
Columbus, Ohio
GOV INSD

13,000

A former mailroom supervisor at the Ohio Police & Fire Pension System forwarded the names, addresses and Social Security numbers from his work e-mail address to his personal e-mail address before quitting his job. The file contains information for 13,000 of the approximately 24,000 retired members of the Ohio Police & Fire Pension System, most of whom are former police officers.

 
Information Source:
Dataloss DB
records from this breach used in our total: 13,000

January 6, 2010 Eugene School District
Eugene, Oregon
EDU HACK

13,000

Email databreach@4j.lane.edu or call (541) 790-7730 for more information.

Hackers breached the security of a computer server containing the names, phone numbers and employee ID numbers of current and former Eugene School District employees. The server in question did not contain other personal information but was attached to servers that contain Social Security numbers and other sensitive data. It is possible that the individuals responsible may have accessed names, addresses, dates of birth, Social Security numbers, tax identification numbers and direct-deposit bank account information for current and former staff members.

 
Information Source:
Dataloss DB
records from this breach used in our total: 13,000

June 25, 2010 University Hospital
Augusta, Georgia
MED PORT

13,000

Two backup tapes containing personal information have gone missing. The hospital does not suspect theft and does believe that there is a very low probability that the personal information on the tapes can be misused. However, credit monitoring services are being offered to those who were affected. The hospital gave up looking for the tapes on May 7th and began notifying patients in late June. 

Per phone interview with University Hospital, Social Security number were involved but they are unaware of any financial data involved in this breach.

 
Information Source:
Dataloss DB
records from this breach used in our total: 13,000

November 13, 2007 Youth Women's Christian Association (YWCA)
New York, New York
NGO STAT

13,000

Staff discovered that a computer had been stolen from the office sometime around October 1.  It contained the names and Social Security numbers of active participants in the YWCA Retirement Fund.  Individuals who participated between January 1, 2002 and September 28 were affected.

 
Information Source:
Dataloss DB
records from this breach used in our total: 13,000

February 23, 2011 Chapman University, Brandman University
Los Angeles, California
EDU DISC

13,000

A student discovered a document with sensitive information in an unsecured folder. It contained names, Social Security numbers, student ID numbers and financial aid information. Around 11,000 current and former Chapman students, 1,900 applicants and an unspecified number of Brandman students were affected. Only students and people affiliated with the University could have accessed the file, and it appears that the student who reported the incident was the only one who accessed the file.

 
Information Source:
Databreaches.net
records from this breach used in our total: 13,000

March 29, 2011 BP Global
New Orleans, Louisiana
BSO PORT

13,000

An employee lost a laptop that contained the personal information of people who were seeking compensation for damages caused by BP's 2010 oil spill. The laptop was lost on March 1 of 2011 while the employee was traveling for business. It contained a spreadsheet with claimant names, Social Security numbers, addresses and phone numbers.

 
Information Source:
Databreaches.net
records from this breach used in our total: 13,000

July 30, 2011 Belmont Savings Bank (BSB)
Boston, Massachusetts
BSF PORT

13,000

Belmont Savings Bank has agreed to pay a fine of $7,500 related to a consumer data breach case with the Massachusetts attorney general's office.  In May, a bank employee left a backup tape on a desk rather than storing it.  A cleaning crew disposed of the tape later that night.  Names, Social Security numbers and account numbers were exposed.  The tape contained the personal information of over 13,000 customers, but is believed to have been incinerated after disposal along with other sensitive materials from BSB.

 
Information Source:
Databreaches.net
records from this breach used in our total: 13,000

September 14, 2012 Feinstein Institute for Medical Research
Manhasset,
MED PORT

13,000

Those with questions may call 888-591-3911.

A laptop stolen on or around September 2, 2012 contained current and former patient names, Social Security numbers, and other personal information.  The laptop was taken from the car of a contractor or employee and may have also contained current and former patient mailing addresses, dates of birth, and medical information. Participants in about 50 different research studies that date back an unknown number of years were affected.

 
Information Source:
PHIPrivacy.net
records from this breach used in our total: 13,000

September 6, 2013 Conexis, State of Virginia
Blacksburg, Virginia
EDU DISC

13,000

Employees of the state of Virginia who are enrolled in the Commonwealth's 2014 Flexible Spending Account had their information exposed.  Conexis erroneously sent summary reports of Blue Cross/Blue Shield Flexible Spending Account Services to 11 state human resources and payroll employees.  The reports included participants from across the state rather than from specific locations related to the human resources and payroll employees' work.  The human resources and payroll employees who received information that was not intended for them signed a certification confirming that they had deleted or destroyed the information.

 
Information Source:
Media
records from this breach used in our total: 13,000

May 6, 2011 E-Pro Tax Service, Emory Healthcare
Chicago, Illinois
BSF INSD

13,079

An investigation into a few stolen Social Security checks that had been fraudulently deposited into Duluth banks uncovered three separate identity theft rings.  At least six conspirators managed to defraud 5,779 people.  A former real estate broker created a tax service company in order to access credit reports from a third-party credit reporting agency.  Names, dates of birth and Social Security numbers were exposed.  The former real estate agent then made about $2.5 million by stealing Social Security checks, filing 393 fraudulent tax returns and passing counterfeit checks.  After police linked her to the stolen Social Security checks, they searched her home and found boxes of financial documents which included old mortgage applications, tax forms and HUD documents.  Investigators have not charged any other conspirators and do not believe that the woman was the head of the operations.

UPDATE (10/24/2011): More organizations were linked to the breach when investigators searched the dishonest employee's home.  The dishonest employee had a connection with a someone who used to work as a clerk at the hospital.  More than 3,000 patient bills containing names, Social Security numbers, dates of birth, and other confidential information were printed by the inside contact.  The hospital bills of at least 32 Emory orthopedic clinic patients were stolen and used to file fraudulent tax returns.  Nine patients became identity theft victims. Emory notified 7,300 employees of the breach and had fired the dishonest clerk in July.

 
Information Source:
Databreaches.net
records from this breach used in our total: 13,079

July 13, 2009 LexisNexis
Dayton, Ohio
BSO UNKN

13,329

LexisNexis has warned more than 13,000 consumers that a Florida man who is facing charges in an alleged mafia racketeering conspiracy may have accessed some of the same sensitive consumer databases that were once used to track terrorists. The accused would provide names, addresses and account numbers as part of a fake check-cashing operation. But he's also accused of using computer databases to get information on potential extortion or assault targets as well as individuals suspected by the Enterprise members of being involved with law enforcement.

 
Information Source:
Dataloss DB
records from this breach used in our total: 13,329

April 18, 2011 UMass Memorial Healthcare
Worcester, Massachusetts
MED DISC

13,500

Employees were able to access the pay stub information of other employees at shared workstations.  Any UMass Memorial employee who accessed their HRConnect by using one of the 10 malfunctioning kiosks or shared workstations between October 7 and March 11, 2011 may have been affected.  The problem was fixed as of March 16.  Employees were able to access the names, bank names, bank transit numbers and bank account numbers of previous employees who had used the kiosks to connect to HRConnect. The portion of the 13,500 employees who were affected is unknown.

 
Information Source:
Databreaches.net
records from this breach used in our total: 13,500

April 3, 2013 United HomeCare Services, Inc., United Home Care Services of Southwest Florida, LLC
Fort Myers, Florida
MED PORT

13,617

A total of 12,299 United HomeCare Services, Inc. clients were affected. Additionally, 1,318 United Home Care Services of Southwest Florida clients were affected. 

The January 8 theft of a billing manager's laptop resulted in the exposure of patient information.  It was stolen from the manager's car.  It contained client names, Social Security numbers, health plan numbers, dates of birth, and addresses dating as far back as 2002.  Some patients may have also had treatment service codes or diagnostic codes on the laptop.

 
Information Source:
HHS via PHIPrivacy.net
records from this breach used in our total: 13,617

Breach Total
864,188,052 RECORDS BREACHED
(Please see explanation about this total.)
from 4,252 DATA BREACHES made public since 2005
Showing 3601-3650 of 4252 results


X

Sign In!

Loading