Chronology of Data Breaches
Security Breaches 2005 - Present

Posted Date: April 20, 2005
Updated Date: December 31, 2013

Is this your first visit to our Chronology of Data Breaches?

  • Read our FAQ about what we define as a breached record, how we calculate the "total" records breached, our data sources, state breach notice laws, studies and other resources

  • Learn how to use our Chronology and take advantage of its sophisticated search and sort features

  • Get our RSS Feed to see when we add new breaches to the list

What would you like to do?


Click or unclick the boxes then select go.


Select features, then click GO.



Help Guide

Can't find the sort feature you're looking for? Click here to download a CSV file of the data breach list as it exisits today.
Breach Total
867,217,832 RECORDS BREACHED
(Please see explanation about this total.)
from 4,257 DATA BREACHES made public since 2005

Save or Print PDF of Entire Breach List including introduction.Save or Print a PDF of Entire Breach List (including introductory FAQ)

Filter breach list before saving or printing PDF. Conduct a search of the Chronology using its sorting features, and Save or Print a PDF of your search results (Select filters)

If you do not have access to PDF, you can print the Chronology in landscape view.

Date Made Public Name Entity Type
August 10, 2011 University of Wisconsin - Milwaukee
Milwaukee, Wisconsin
EDU HACK

79,000

On May 25, University technology staff learned that unauthorized individuals had installed computer viruses on a University server.  It housed a software system for managing confidential information.  The names and Social Security numbers or people associated with the University could have been exposed.  There was no evidence that unauthorized parties had attempted to download the confidential information.

 
Information Source:
Databreaches.net
records from this breach used in our total: 79,000

May 7, 2005 Department of Justice
Washington, District Of Columbia
GOV PORT

80,000

The laptop was stolen from Omega World Travel of Fairfax, VA.

A laptop containing password protected names and travel account credit card information was stolen sometime between May 7 and May 9.

 
Information Source:
Dataloss DB
records from this breach used in our total: 80,000

July 17, 2007 Louisiana Board of Regents
Baton Rouge, Louisiana
GOV DISC

80,000

Records of students and staff including Social Security numbers,names, and addresses exposed on web.  In all, more than 80,000 names and Social Security numbers were accessible for perhaps as long as two years on an internal Internet site.

 
Information Source:
Dataloss DB
records from this breach used in our total: 80,000

March 4, 2009 New York Police Department
New York, New York
GOV INSD

80,000

A civilian employee of the department's pension fund is accused of stealing eight tapes containing the Social Security numbers and direct-deposit information for 80,000 current and retired cops. The employee, who served as the pension fund's director of communications, has been charged with computer trespass, burglary and grand larceny. He is accused of removing the tapes from a backup data warehouse on Staten Island after disabling security cameras. Police found the missing tapes at his home before arresting him.

 
Information Source:
Dataloss DB
records from this breach used in our total: 80,000

November 18, 2009 Universal American Action Network
St. Petersburg, Pennsylvania
MED DISC

80,000

Thousands of Pennsylvanians are at risk for identity theft because postcards were sent to their homes with their Social Security numbers printed in plain view. The postcards were from the Universal American Action Network, a subsidiary of Universal American Insurance. 80,000 postcards with SSNs on them were sent to Universal clients throughout the country. More than 10,000 were mailed to Medicare participants in Pennsylvania.

 
Information Source:
Dataloss DB
records from this breach used in our total: 80,000

January 31, 2010 Iowa State Racing and Gaming Commission
Des Moines, Iowa
GOV HACK

80,000

The Iowa Racing and Gaming Commission says someone gained access to a computer server that holds more than 80,000 records containing casino employee information. The person who hacked into the system was traced back to China and had used a computer with an external account. The server contains records including names, birth dates and Social Security numbers.

 
Information Source:
Dataloss DB
records from this breach used in our total: 80,000

May 12, 2008 Dave & Buster's
Islandia, New York
BSO HACK

80,000

Three men have been charged with hacking into 11 Dave & Buster's networks and then remotely installing "packet sniffer" software on point-of-sale servers at locations throughout the U.S. A packet sniffer logs information being sent over a network. In this case, the criminals used it to log credit and payment card data as it was sent from the branch locations to corporate headquarters. The hacking took place from April to September 2007. At Dave & Buster's Islandia, New York, location, the hackers accessed details of about 5,000 payment cards. The information was sold to other criminals who then used the card numbers to scam online merchants. The criminals were able to post at least $600,000 in fraudulent transactions from 675 cards taken from this one store.

UPDATE (04/05/2010): In reaching a settlement with Dave & Buster’s, the FTC quietly and without fanfare introduced a new security standard, requiring the company to monitor and filter outbound Internet traffic to block the unauthorized export of sensitive information. The consent decree puts companies on notice that they may face FTC scrutiny and penalties if they fail to use data loss prevention software.

UPDATE (07/19/2012): A member of the hacking ring was sentenced to seven years in prison.  Around 80,000 payment card numbers were taken from the 11 Dave & Buster's locations.  It appears that the hacker was part of a larger conspiracy that last between 2005 and 2008 and affected Hannaford Bros. grocery chain, Heartland Payment Systems, TJX retail chain, BJ's Wholesale Club, OfficeMax, Boston Market, 7-Eleven, JCPenney, Barnes & Noble, Sports Authority, and Forever 21. Two other members of the hacking ring were sentenced to 20 years in prison and 30 years in prison.

 
Information Source:
Dataloss DB
records from this breach used in our total: 80,000

December 8, 2011 Subway
Milford, Connecticut
BSR HACK

80,000

Over 150 Subway franchises and at least 50 other small retailers had customer data hacked from their point-of-sale (POS) systems.  Four Romanian hackers were indicted for hacking and misusing the credit card information between 2008 and May of 2011.  Over $3 million in fraudulent charges on customer cards was obtained by scanning the internet for vulnerable POS systems and then easily breaking the passwords to these systems. Keyloggers and a backdoor were also installed to allow further access to the system.  Retailers who were hit had used a certain type or types of basic POS software and many had failed to change the default password for the software.

UPDATE (01/08/2013): A Romanian national was arrested and sentenced for his role in the POS system hack of Subway.  Three other Romanians face charges related to the breach.

UPDATE (03/19/2013): The scheme may have affected 150 restaurants and may have led to $10 million in fraudulent charges.  Two additional hackers were sentenced on conspiracy to commit computer fraud and conspiracy to commit access device fraud charges.

 
Information Source:
Databreaches.net
records from this breach used in our total: 80,000

January 4, 2008 Mariner Health Care, Windham Brannon, SavaSeniorCare Administrative Services, LLC
Atlanta, Georgia
BSF PORT

80,124

Cash and several laptops were stolen from Windham's Atlanta office on the evening of December 31, 2007.  Windham provides audit services for Mariner's and SaveSeniorCare's 401(k) benefit plans.  Current and former employees may have had their names, Social Security numbers, addresses, dates of birth, salary information and 401(l) account information.

 
Information Source:
Dataloss DB
records from this breach used in our total: 80,124

August 29, 2013 Republic Services
Phoenix, Arizona
BSO PORT

82,160

An unspecified number of current and former employees were affected by the theft of a laptop.  The laptop was stolen from an employee's home on August 10.  The laptop contained names and Social Security numbers.

UPDATE (09/03/2013): As many as 82,160 current and former employees may have been affected.

 
Information Source:
Media
records from this breach used in our total: 82,160

June 17, 2009 Blackbaud Inc.
Charleston, South Carolina
BSO PORT

84,000

A computer that was stolen from a car in Charleston, SC, last year contained personal financial information on 84,000 University of North Dakota donors. The missing laptop belonged to Daniel Island-based software giant Blackbaud Inc., which stressed that all of the information was password-protected and encrypted.

 
Information Source:
Media
records from this breach used in our total: 84,000

March 15, 2006 Ernst & Young, IBM
New York, New York
BSF PORT

84,000

A laptop with sensitive information was stolen from an employee's car in January. IBM employees who may have been stationed overseas during their careers were affected. Names, Social Security numbers, dates of birth, genders, family sizes and tax identifiers for employees were exposed. Those affected were notified in March.

 
Information Source:
Dataloss DB
records from this breach used in our total: 84,000

February 12, 2011 Saint Francis Broken Arrow (Broken Arrow Medical Center)
Broken Arrow, Oklahoma
MED STAT

84,000

A computer that had not been used since May of 2004 was stolen from a secured information systems room. Patient billing information and some employee records were exposed. The information would have included names, Social Security numbers, dates of birth, addresses and patient insurance and diagnostic information.

 
Information Source:
PHIPrivacy.net
records from this breach used in our total: 84,000

October 7, 2008 University of North Dakota Alumni Association
Grand Forks, North Dakota
EDU PORT

84,554

A laptop computer containing sensitive personal and financial information on alumni, donors and others was stolen from a vehicle belonging to a software vendor retained by the UND. The information, included individuals' credit card and Social Security numbers,

 
Information Source:
Dataloss DB
records from this breach used in our total: 84,554

June 12, 2012 Bethpage Federal Credit Union
Bethpage, New York
BSF DISC

86,000

An employee accidentally posted data onto a file transfer protocol site that was not secure on May 3.  The data contained customer VISA debit card names, addresses, dates of birth, card expiration dates and checking and savings account numbers.  The error was discovered on June 3. The data was accessed, but there was no evidence of identity theft or fraud as of June 12.  New cards were issued to 25% of the affected members and the remaining members will have their affected cards deactivated on June 30.

 
Information Source:
Databreaches.net
records from this breach used in our total: 86,000

April 12, 2012 Housatonic Community College
Bridgeport, Connecticut
EDU HACK

87,667 

Two campus computers were determined to have been infected by malware.  The breach occurred when a faculty or staff member opened an email that contained a virus.  The virus was immediately detected.  Faculty, staff, and students affiliated with the school between the early 1990's and the day of the breach may have had their names, Social Security numbers, dates of birth, and addresses exposed.  Housatonic's president acknowledged that the cost of handling the breach could be as much as $500,000.

 
Information Source:
Dataloss DB
records from this breach used in our total: 87,667

May 4, 2008 Staten Island University Hospital
Staten Island, New York
MED STAT

88,000

Computer equipment stolen from an administrator contained personal information from patients. Social Security numbers and health insurance numbers were contained in computer files on a desktop computer and the backup hard drive.

 
Information Source:
Dataloss DB
records from this breach used in our total: 88,000

September 23, 2008 Texas Lottery Commission
Austin, Texas
GOV INSD

89,000

A former Texas Lottery Commission computer analyst has been arrested for copying the personal data of Texas lottery winners. He downloaded his own work files off his computer and took them to his next job. The names and Social Security numbers of 27,075 mid-level lottery winners -- people who have won prizes from $600 up to around $1 million -- were on the employee's hard drive.

UPDATE 10/31/08: 89,000 lottery winners are being notified their personal information, including Social Security numbers, may have been breached.

 
Information Source:
Dataloss DB
records from this breach used in our total: 89,000

January 12, 2006 People's Bank
Bridgeport, Connecticut
BSF PORT

90,000

A computer tape containing names, addresses, Social Security numbers, and checking account numbers was lost while being transported by UPS.  The bank alerted the affected customers and provided them with a credit monitoring service for one year.

 
Information Source:
Dataloss DB
records from this breach used in our total: 90,000

May 19, 2007 Stony Brook University
Stony Brook, New York
EDU DISC

90,000

http://www.stonybrook.edu/sb/disclosure/, Call Center, (866) 645-5830 (available until July 15, 2007)

SSNs and university ID numbers of faculty, staff, students, alumni, and other community members were visible via the Google search engine after they were posted to a Health Sciences Library Web server April 11. It was discovered and removed 2 weeks later.

 
Information Source:
Dataloss DB
records from this breach used in our total: 90,000

November 29, 2013 University of Washington Medicine
Seattle, Washington
MED HACK

90,000

An employee at UW Medicine opened an email attachment that contained malicious software in early October.  The malware affected the employee's computer and any information on the computer may have been compromised.  Patient names, Social Security numbers, phone numbers, addresses, and medical record numbers may have been affected.  Patients who were seen at UW Medicine dating back to at least 2008 could have had their information exposed.  Notifications of the breach were sent at the end of November.

 
Information Source:
Media
records from this breach used in our total: 90,000

August 23, 2011 Lincoln Financial Group, Lincoln National Life Insurance Company, Lincoln Life and Annuity Company of New York
New York, New York
BSF DISC

91,763

A programming error caused the names and Social Security numbers of current and former retirement plan enrollees to be accessible to unauthorized plan administrators.  The error had existed in the database's search function since October 2009.  A plan administrator notified Lincoln Financial Group of the issue on July 18.  

 
Information Source:
Databreaches.net
records from this breach used in our total: 91,763

June 2, 2006 Ahold USA, parent company of Stop & Shop, Giant stores and Tops stores via subcontractor Electronic Data Systems (EDS)
Landover, Maryland
BSR PORT

92,000

Additional location: Plano, TX

An EDS employee lost a laptop computer during a commercial flight that contained pension data of former employees of Ahold's supermarket chains including Social Security numbers, birth dates and benefit amounts.  The laptop was lost form the checked baggage of a domestic commercial airline flight on May 2, 2006.  The laptop was not recovered even though the incident was reported immediately.

 
Information Source:
Dataloss DB
records from this breach used in our total: 92,000

August 18, 2008 Dominion Enterprises
Richmond, Virginia
BSO HACK

92,095

(757) 351-7951

A computer server within InterActive Financial Marketing Group (IFMG), a division of Dominion Enterprises located in Richmond, Virginia, was hacked into and illegally accessed by an unknown and unauthorized third party between November 2007 and February 2008. The data intrusion resulted in the potential exposure of personal information, including the names, addresses, birth dates, and Social Security numbers of 92,095 applicants who submitted credit applications to IFMG's family of special finance Web sites.

 
Information Source:
Dataloss DB
records from this breach used in our total: 92,095

April 26, 2006 Pershing LLC
Jersey City, New Jersey
BSF PORT

92,541

A Pershing employee lost a laptop computer. Personal information of clients may have been stored on the laptop. Names, Social Security numbers, addresses, brokerage account numbers and account holdings may have been exposed.

 
Information Source:
Dataloss DB
records from this breach used in our total: 92,541

March 3, 2006 Metropolitan State College of Denver (MSCD)
Denver, Colorado
EDU PORT

93,000

http://www.mscd.edu/securityalert/

A laptop containing student information was stolen.  The information included names and Social Security numbers of students who registered for Metropolitan State courses between the 1996 fall semester and the 2005 summer semester.

 
Information Source:
Security Breach Letter
records from this breach used in our total: 93,000

July 16, 2010 Buena Vista University
Storm Lake, Iowa
EDU HACK

93,000

Someone gained unauthorized access to a BVU database. The database contained records of names, Social Security numbers, and driver's license numbers of BVU applicants, current and former students, parents, current and former faculty and staff, alumni and donors. These records go back as far as 1987.

 
Information Source:
Databreaches.net
records from this breach used in our total: 93,000

April 5, 2011 MidState Medical Center
Hartford, Connecticut
MED PORT

93,500

People with comments or questions regarding this incident may call (855) 398-6435.

A former Hartford Hospital employee misplaced a computer hard drive on February 15. It contained patient names, Social Security numbers, addresses, dates of birth and medical record numbers. Not all of the patients who were affected had their Social Security numbers exposed.

UPDATE (04/07/2011): Connecticut's Attorney General and Consumer Protection Commissioner are investigating the breach and data security policies of Hartford Medical Center and Midstate Medical Center.  Additional details reveal that the hospital employee misplaced the computer hard drive after taking it home. The Connecticut Attorney General is asking that affected patients receive two years of credit monitoring services, identity theft insurance and reimbursement for placing and lifting security freezes.

UPDATE (07/10/2012): The Connecticut Attorney General has decided to end an investigation of MidState's practices.  The Attorney General claimed to base his decision to close the investigation with no further action on the fact that the Hospital had taken significant actions on behalf of the affected patients.

 
Information Source:
PHIPrivacy.net
records from this breach used in our total: 93,500

May 11, 2011 Michaels Stores Inc.
New York, New York
BSR CARD

94,000

The location listed is Michaels headquarters.  Customers from multiple states were affected.

Those with questions may call 800-MICHAELS (642-4235).

A number of PIN pads in Chicago-area Michaels stores were found to have been tampered with.  Michaels checked 7,200 PIN pads in 964 US stores.  Fewer than 90 pads were found to have been compromised, but the affected pads were in 20 states. Michaels expects the process of replacing the pads to last about 15 days. The number of affected customers is in the tens of thousands. PIN pads in Canada will also be checked.

The Chicago-area was the hardest hit; 14 stores had compromised PIN pads. Customers who used their debit or credit cards at Michaels are encouraged to monitor their transaction records. Michaels Stores released an official statement.

UPDATE (05/19/2011): A suit seeks class-action status and more than $5 million in damages for people whose credit and debit accounts were compromised by the breach.  The lawsuit claims that Michaels failed to protect customers from "cyber-pickpockets" who stole sensitive banking information from checkout keypads at stores in 20 states. Michaels is accused of knowingly violating federal and state law by failing to take reasonable steps to safeguard customers' personal information.  Michaels is also accused of failing to alert customers as soon as the security breach was discovered. There is now a theory that thieves used a combination of  "false card readers", wireless cameras or electronic membranes placed over keypads to collect the PINs and card information of MIchaels' customers. This allowed them to create fraudulent debit and credit cards.

UPDATE (05/31/2011): A second lawsuit was filed in late May.  The new suit also seeks class-action status.  It alleges that Michaels failed to safeguard shoppers' credit and debit PINs and other information.  The second lawsuit was filed by an Illinois resident who saw over $1,000 in fraudulent charges after making an $18.16 purchase at Michaels.

UPDATE (06/20/2011): An extensive fraud case has hit multiple areas of Oregon.  Over 250 people have reported fraudulent charges related to cards that were used at Michaels stores.

UPDATE (06/27/2011): Four suspects were caught making fraudulent debit card transactions on camera.  The images have been distributed by investigators hoping that someone in the Beaverton, Oregon area will recognize one or more of the people.  

Additionally, Michaels now faces a total of four lawsuits related to the data breach.

UPDATE (07/13/2011): A number of Iowa residents began reporting debit card fraud that could potentially be related to the Michaels breach.

UPDATE (03/21/2012): Two men will be sentenced for their roles in setting up phony debit and credit card pads in the 84 Michaels stores.  Each pleaded guilty to one count of conspiracy to commit bank fraud, one count of bank fraud, and one count of aggravated identity theft. A total of 94,000 credit and debit card account numbers were stolen.

UPDATE (07/30/2012): The two men were each sentenced to 36 months in prison for conspiracy to commit bank fraud.  An additional 24 months were added for aggravated identity theft.  The must also pay $42,000 in restitution and will have five years of supervised release.

 
Information Source:
Databreaches.net
records from this breach used in our total: 94,000

June 9, 2012 Franklin's Budget Car Sales, Inc.
Statesboro, Georgia
BSR DISC

95,000

The FTC fined Franklin's Budget Car Sales for compromising consumers' personal information by allowing peer-to-peer software to be installed on its network.  Any computers that were connected to the peer-to-peer network could have accessed Franklin's network of consumer names, Social Security numbers, addresses, dates of birth, and driver's license numbers.  The FTC claimed that Franklin's failed to assess risks to the consumer information it collected and stored online and failed to adopt policies to prevent or limit unauthorized disclosure of information.  Franklin's also allegedly failed to prevent, detect and investigate unauthorized access to personal information on its networks, failed to adequately train employees and failed to employe reasonable measures to respond to unauthorized access to personal information.  Franklin's settlement agreement bars Franklin's from misrepresentations about the privacy, security, confidentiality, and integrity of personal information it collected from consumers.  Franklin's must also establish and maintain a comprehensive information security program and undergo data security audits.

 
Information Source:
Databreaches.net
records from this breach used in our total: 95,000

November 24, 2008 Starbucks Corp.
Seattle, Washington
BSR PORT

97,000

A laptop containing private information on employees was stolen. The information included names, addresses and Social Security numbers.
 

 
Information Source:
Dataloss DB
records from this breach used in our total: 97,000

February 19, 2009 University of Florida
Gainesville, Florida
EDU HACK

97,200

(877) 657-9133

A foreign hacker gained access to a University of Florida computer system containing the personal information of students, faculty and staff. The files included the names and Social Security numbers of individuals who used UF's Grove computer system since 1996.

 
Information Source:
Dataloss DB
records from this breach used in our total: 97,200

March 11, 2005 University of California, Berkeley
Berkeley, California
EDU PORT

98,400

A laptop containing the Social Security numbers of doctoral degree recipients from 1976 to 1999, graduate students enrolled between 1989 and 2003, and graduate school applicants between fall 2001 and spring of 2004 was stolen.  Birth dates and addresses for about one-third of the affected people were also on the laptop.

 
Information Source:
Dataloss DB
records from this breach used in our total: 98,369

September 15, 2008 Forever21
Los Angeles, California
BSR HACK

98,930

(888) 757-4447, http://www.forever21.com/notice/notice.html

If you shopped at the stores between November 26, 2003, and October 24, 2005, criminals may have hijacked your credit and debit card numbers from its computers. Approximately 20,500 of these numbers were obtained from the Fresno store transaction data. The data included credit and debit card numbers and in some instances expiration dates and other card data, but did not include customer name and address.

 
Information Source:
Dataloss DB
records from this breach used in our total: 98,930

May 5, 2009 Fulton County Board of Registration and Elections
Atlanta, Georgia
GOV PHYS

99,000

Boxes were found in a trash bin at Atlanta Technical College. They contained about 75,000 voter registration application cards and 24,000 precinct cards. Many of the documents contained personal information on active voters, such as full names and Social Security numbers.

 
Information Source:
Dataloss DB
records from this breach used in our total: 99,000

February 25, 2005 PayMaxx
Miramar, Florida
BSF DISC

100,000

A software glitch at PayMaxx Inc., a Franklin, Tenn., payroll processing company, accidentally revealed personal financial information on as many as 100,000 individuals, including Social Security numbers. The problem arose in a PayMaxx feature that enabled employees to use the Internet to get their W-2 forms, the standard tax information form issued by companies to their employees.

 
Information Source:
Dataloss DB
records from this breach used in our total: 100,000

August 9, 2005 University of Utah
Salt Lake City, Utah
EDU HACK

100,000

A server containing library archival databases was hacked.  The server included names and Social Security numbers of former University employees.  The University issued a warning that people may try to get personal information by posing as University officials involved in the investigation.

 
Information Source:
Dataloss DB
records from this breach used in our total: 100,000

September 10, 2005 Kent State University
Kent, Ohio
EDU STAT

100,000

Five desktop computers were stolen from the locked offices of two deans. Names, Social Security numbers, and grades were on the computers.  The information goes back to 2000 for students and 2002 for instructors.  Affected students and professors were alerted by the University.

 
Information Source:
Dataloss DB
records from this breach used in our total: 100,000

December 1, 2005 First Trust Bank
Memphis, Tennessee
BSF PORT

100,000

A man claiming to be a janitor bypassed security and stole a laptop from the bank.  The laptop contained Social Security numbers and other personal information of current and former customers.  Affected customers were contacted and the theft was caught on tape.

 
Information Source:
Dataloss DB
records from this breach used in our total: 100,000

July 7, 2006 Naval Safety Center, United States Navy
Norfolk, Virginia
GOV DISC

100,000

The SSNs and other personal information of more than 100,000 naval and Marine Corps aviators and air crew, both active and reserve, were exposed on the Center website and on 1,100 computer discs mailed to naval commands.

 
Information Source:
Dataloss DB
records from this breach used in our total: 100,000

May 5, 2007 Transportation Security Administration (TSA)
Crystal City, Virginia
GOV PORT

100,000

A computer hard drive containing payroll data from January 2002 to August 2005 including employee names, Social Security numbers, birth dates, bank account and routing information of current and former workers including airport security officers and federal air marshals was stolen.

UPDATE (5/14/07) The American Federation of Government Employees is suing the TSA for the loss of the hard drive. It calls the breach a violation of the Privacy Act.

 
Information Source:
Dataloss DB
records from this breach used in our total: 100,000

July 16, 2007 Transportation Security Administration (TSA)
Arlington, Virginia
GOV PORT

100,000

Authorities realized in May a storage device was missing from TSA headquarters. The drive contained historical payroll data, Social Security numbers, dates of birth, addresses, time and leave datas, bank account, routing information, and details about financial allotments and deductions.

 
Information Source:
Media
records from this breach used in our total: 100,000

November 1, 2008 Baylor Health Care System Inc.
Dallas, Texas
MED PORT

100,000 (7,400 were SSN)

 (800) 554-5281

A laptop computer containing limited health information on 100,000 patients was stolen from an employee's car. Included were 7,400 patients whose Social Security numbers were stored on the computer.

 
Information Source:
Dataloss DB
records from this breach used in our total: 100,000

March 11, 2009 Binghamton University
Binghamton, New York
EDU STAT

100,000

Binghamton University kept payment information for every student, possibly dating back at least ten years in a storage area next to one of the most trafficked lecture halls on campus, behind a door that was not only unlocked but taped open. The information itself contained Social Security numbers, credit card numbers, scans of tax forms, business information (including Social Security numbers and salary information for employees of students' parents), asylum records and more, all kept in a haphazard and disorganized fashion, sprawled out in boxes, in unlocked (yet lockable) filing cabinets and shelving units. If the information inside the room pertained only to the current students enrolled and their parents that would mean the story would effect, roughly, forty-two thousand people. However, because the information goes back at least ten years, if not more, the potential number of people effect lies well in the hundred thousands.

 
Information Source:
Media
records from this breach used in our total: 100,000

April 11, 2009 Peninsula Orthopaedic Associates
Salisbury, Maryland
MED PORT

100,000

As many as 100,000 patients of Peninsula Orthopaedic Associates are being warned to protect themselves against identity theft after tapes containing patient information were stolen. Patients also were advised to keep an eye on benefits statements from their health insurance companies since they may also be at risk for medical identity theft. The records from Peninsula Orthopaedic were stolen March 25 while in transport to an off-site storage facility. Patients' personal information including their Social Security numbers, employers and health insurance plan numbers may have been among the information stolen.

 
Information Source:
Dataloss DB
records from this breach used in our total: 100,000

May 2, 2012 Florida Department of Children and Families
Tallahassee, Florida
GOV DISC

100,000

The information of Florida child care workers was placed on a state website.  The information was not password protected and could have been found through an internet search. An unnamed vendor working for the state of Florida was responsible for placing the information online.  Florida daycare workers may have had their dates of birth, names, and Social Security numbers exposed. It is not clear how long the information was exposed.

 
Information Source:
Databreaches.net
records from this breach used in our total: 100,000

November 10, 2012 Alere Home Monitoring, Inc.
Livermore, California
MED PORT

100,000

The September 23 theft of an employee's unencrypted laptop resulted in the exposure of information of over 100,000 patients.  The laptop was stolen from the employee's home.  Names, Social Security numbers, addresses, and diagnosis information of patients taking drugs to prevent blood clots were exposed. Alere became aware of the breach on October 1.

 
Information Source:
PHIPrivacy.net
records from this breach used in our total: 100,000

February 22, 2013 Crescent Health Inc., Walgreens
Anaheim, California
MED STAT

100,000

Desktop computer hardware was stolen from the Anaheim Billing Center of Crescent Healthcare, Inc. on December 28, 2012.  The theft was discovered on Monday, December 31 and reported to law enforcement.  Names, Social Security numbers, health insurance identification numbers, health insurance information, dates of birth, diagnoses, other medical information, disability codes, addresses, and phone numbers may have been exposed.

UPDATE (04/03/2013): Over 100,000 people were affected.

 
Information Source:
California Attorney General
records from this breach used in our total: 100,000

November 27, 2006 Greenville County School District
Greenville, South Carolina
EDU STAT

At least 101,000 students and employees

School district computers sold to the WH Group at auctions between 1999 and early 2006 contained the birth dates, SSNs, driver's license numbers and Department of Juvenile Justice records of approximately 100,000 students. The computers also held sensitive data for more than 1,000 school district employees.

UPDATE(12/10/06): A judge ordered the WH Group to return the computers and the confidential data on them to the school district.

 
Information Source:
Dataloss DB
records from this breach used in our total: 101,000

August 3, 2012 Memorial Healthcare System (MHS)
,
MED INSD

102,153

MHS discovered a second breach during the process of investigating a dishonest employee's misuse of patient data in January of 2012.  Employees of affiliated physicians' offices may have improperly accessed patient information through a web portal used by physicians who provide care and treatment at MHS.  Patient names, Social security numbers, and dates of birth may have been accessed during the period between January 1, 2011 and July 5, 2012.  

 
Information Source:
HHS via PHIPrivacy.net
records from this breach used in our total: 102,153

Breach Total
867,217,832 RECORDS BREACHED
(Please see explanation about this total.)
from 4,257 DATA BREACHES made public since 2005
Showing 4001-4050 of 4257 results


X

Sign In!

Loading