A List of Data Breaches

Use our reverse-chronological list to find the data breach of interest.
Note: this list provides resources and information related to data breaches associated with information stored in/accessed from databases.
There are links at the end of each data breach to bring you back to the top of the page.

New York Presbyterian Hospital / Weill Cornell Medical Center (New York, NY)

Date of Occurrence: 1/2008
Number of People Potentially Affected: 50,000

Description of Data Breach - In January, the hospital was made aware of a theft which involved a former employee of the New York Presbyterian Hospital/Weill Cornell Medical Center. The former employee pleaded guilty to selling information since 2006 from the personal records including names, phone numbers and social security numbers of over 50,000 male patients between 58 and 78 years old. Those whose identities have been stolen will receive a letter detailing what happened, and have access to a hotline with credit-monitoring services.

More Information:
New York Post
The Cornell Daily Sun

Return To The Top

Joliet West High School (Joliet, IL)

Date of Occurrence: 3/7/2008
Number of People Potentially Affected: Unknown

Description of Data Breach - A student using a school computer was able to access personal information about every student enrolled. The student allegedly downloaded a list of names and Social Security numbers to his iPod.

More Information:
The Herald News

Return To The Top

Okemo Mountain Resort (Ludlow, VT)

Date of Occurrence: 2/7/2008 through 2/22/2008
Number of People Potentially Affected: 46,569

Description of Data Breach - Okemo Mountain Resort announced that it has been a recent target of criminal effots to gain access to credit data by infiltration of its computer network at Okemo Mountain Ski Area. Okemo believes the intruder gained potential access to credit card data including cardholder names, account numbers and expiration dates for a 16 day period between February 7, 2008 and February 22, 2008.

If you, or a member of your family, were affected:
Toll Free Hotline: (866) 756-5366
More Information:
Okemo Mountain Resort News Release
WTNH Channel 8 News

Return To The Top

Advance Auto Parts, Inc. (Roanoke, VA)

Date of Occurrence: 3/31/2008
Number of People Potentially Affected: 56,000

Description of Data Breach - Advance Auto Parts, Inc. released information regarding the Company becoming the victim of a network intrusion. The investigation by Advance Auto Parts revealed that data from 14 of its stores may have been impacted, potentially compromising customer financial information including credit card, debit card and checking account information of up to 56,000 customers.

If you, or a member of your family, were affected:
Toll Free Hotline: (800) 704-1154
Available through May 31, 2008 from 8AM-12PM EDT
More Information:
Advance Auto Parts News Release
eWeek.com

Return To The Top

Illinois Eye Center (Peoria, IL)

Date of Occurrence: June to November 2007
Number of People Potentially Affected: Unknown

Description of Data Breach - Peoria's Illinois Eye Center has warned its clients that a former employee allegedly accessed confidential patient records for potential identity theft usage. According to a letter the eye center sent to affected patients, the records obtained include patient names, Social Security numbers and birth dates. It is believed females between ages 18 and 25 were targeted.

More Information:
WEEK NBC News

Return To The Top

Anitoch University (Yellow Springs, OH)

Date of Occurrence: 2/13/2008
Number of People Potentially Affected: 70,000

Description of Data Breach - On February 13, 2008, a security incident occurred on one of the Anitoch University's computer systems which contained personal information on about 70,000 people. Investigators determined that an unauthorized intruder breached one of Antioch's computer systems on three different occasions: June 9, 2007, June 10, 2007 and October 11, 2007. The system contains files with Social Security numbers, names, academic records for students and former students, and payroll records for Antioch's employees and former employees. It also contains names and Social Security numbers for student applicants.

If you, or a member of your family, were affected:
Toll Free Hotline: (866) 905-2288
Available April 1 through May 30, 2008 from 9AM-5PM EDT
More Information:
Antioch University FAQs
Antioch University Security Letter
The Associated Press

Return To The Top

Broward County Public Schools (Coconut Creek, FL)

Date of Occurrence: 3/23/2008
Number of People Potentially Affected: 38,000

Description of Data Breach - A high school senior hacked into a district computer and collected Social Security numbers and addresses of district employees. Investigators also found information about students at the high school the senior attended, a host of password hacker programs and credit card generators - or software that can falsify credit card information - in a school computer used by the student.

More Information:
South Florida Sun-Sentinel

Return To The Top

Western Carolina University (Cullowhee, NC)

Date of Occurrence: 3/22/2008
Number of People Potentially Affected: 555

Description of Data Breach - Somene had hacked into a computer server and had access to the Social Security numbers of 555 graduates of the university who had signed up for a newsletter.

More Information:
Asheville Citizen-Times

Return To The Top

U.S. Department of State

Date of Occurrence: 3/20/2008
Number of People Potentially Affected: Unknown

Description of Data Breach - The passport files of all three major presidential candidates were breached by unauthorized searches by four employees. It is expected and assumed that there are more affected individuals, but due to the sensational nature of events, the full extent of the breach is not known. It is not clear whether the employees saw anything other than basic personal data such as name, citizenship, age, Social Security number and place of birth, which is required when a person fills out a passport application.

More Information:
MSNBC News Story
Associated Press Story
Stanley, Inc. Official Company Statement
Statement from The Analysis Corporation

Return To The Top

Wolters Kluwer (New Hampshire)

Date of Occurrence: 3/10/2008
Number of People Potentially Affected: Unknown

Description of Data Breach - On February 27, 2008, Lippincott Williams & Wilkins, a Wolters Kluwer business was informed by the company that hosts one of their websites, www.stedmans.com, that personal information collected from consumers through the website may have been compromised through an unauthorized intrusion into the server that stores information from individuals who purchased products at their website. The personal information that may have been compromised may include names, addresses, telephone numbers, email addresses, credit card numbers, expiration dates, and card verification numbers of individuals who made purchases at the site from apporximately August 30, 2007 to February 27, 2008.

If you, or a member of your family, were affected:
Phone: (800) 621-7500
More Information:
The New Hampshire State Attorney General breach notification

Return To The Top

Lasell College (Newton, MA)

Date of Occurrence: 2/06/2008
Number of People Potentially Affected: 20,500

Description of Data Breach - Lasell College recently learned that on or about February 6, 2008, an employee without proper authority accessed the College's computer network. The hacker accessed data containing personal information about current and former students, faculty, staff and alumni. Information included names and Social Security numbers.

If you, or a member of your family, were affected contact Ruth Shuman, Dean for Institutional Advancement:
Phone: (617) 243-2140
More Information:
Lasell College News Advisory
The Boston Globe
The New Hampshire Attorney General breach notification

Return To The Top

The Dental Network (New Hampshire)

Date of Occurrence: 3/10/2008
Number of People Potentially Affected: Unknown

Description of Data Breach - A security breach of the Dental Network web site left access to member personal data, including names, Social Security numbers, addresses and dates of birth unprotected for approximately two weeks. The Dental Network is and independent licensee of the Blue Cross and Blue Shield Association.

If you, or a member of your family, were affected:
Phone: (866) 879-7402
Website: ids.thedentalnet.org
More Information:
The New Hampshire Attorney General breach notification

Return To The Top

Hannaford (Portland, ME)

Date of Occurrence: 3/17/2008
Number of People Potentially Affected: 4,200,000

Description of Data Breach - This security breach affects all of its 165 stores in the Northeast, 106 Sweetbay stores in Florida and a smaller number of independent groceries that sell Hannaford products. The company is currently aware of abut 1,800 cases of reported fraud related to the security breach. Credit and debit card numbers were stolen during the card authorization transmission process, but no personal information was divulged.

If you, or a member of your family, were affected:
Customer Information Center: (866) 591-4580
More Information:
Hannaford CEO Message
The Boston Globe
PC World

Return To The Top

Utah Division of Finance (Salt Lake City, UT)

Date of Occurrence: 3/15/2008
Number of People Potentially Affected: 500

Description of Data Breach - Computer files containing the personal information of approximately 500 individuals may have been accessed by unauthorized persons during a security breach. An initial investigation indicates it is highly unlikely the person who breached the computer system was able to access any personal information.

More Information:
The Salt Lake Tribune

Return To The Top

Harvard University (Cambridge, MA)

Date of Occurrence: 3/12/2008
Number of People Potentially Affected: 6,600

Description of Data Breach - Harvard University notified students at the Graduate School of Arts and Sciences that their personal information may have been compromised when a hacker hijacked the school's web server. The server contained approximately 6,600 summaries from admissions candidates consisting of each applicant's name, Social Security number, date of birth, address, e-mail address, phone numbers, test scores, previous school attended, and school records. The remainder of the admissions data did not involve Social Security numbers. There were approximately 500 summaries that included Harvard University ID numbers.

More Information:
Harvard University Gazette
The Boston Globe
The Boston Herald

Return To The Top

MTV Networks (Los Angeles, CA)

Date of Occurrence: 2/7/2008
Number of People Potentially Affected: 5,000

Description of Data Breach - Computer files with confidential data on employees at MTV Networks were breached by someone outside the company. Personal information in the files included names, birth dates, Social Security numbers and compensation data.

More Information:
Reuters
Rocky Mountain News

Return To The Top

Tenet Healthcare (Dallas, TX)

Date of Occurrence: 2/13/2008
Number of People Potentially Affected: 37,000

Description of Data Breach - A former employee working in the Tenet Healthcare Corporation billing center in Frisco, Texas is confirmed to have stolen the names, Social Security numbers and other personal information belonging to at least 90 patients, but also had access to 37,000 other accounts.

If you, or a member of your family, were affected:
Phone: (800) 553-6101 between 8 AM and 6 PM weekdays
More Information:
The Beaufort Gazette online story

Return To The Top

Description of Data Breach - Davidson Companies announced that a database containing sensitive personal information belonging to clients and former clients was accessed via an "illegal network intrusion". A computer hacker broke into a database and obtained the names and Social Security numbers of virtually all of the Great Falls financial services company's clients. The database also included information such as account numbers and balances.

Description of Data Breach - An "international gang of cyber criminals" hacked into OmniAmerican bank systems. They stole account numbers, created new personal identification numbers (PINs), fabricated debit cards, then withdrew cash from ATMs in Eastern Europe, Russia, Ukraine, Britain, Canada and New York. Fewer than 100 accounts, some of them dormant, were compromised.

Description of Data Breach - A student employee breached the security of the Baylor Information Network to access the Bear ID and passwords of those logging on to the BIN. This access didn't include sensitive information like Social Security Numbers, financial information or academic records. It was just unlawful access to Bear IDs and passwords. The information did, however, give access to Baylor e-mail and Blackboard accounts.

Description of Data Breach - A possible data dreach occured on a food vendor's computer server. Credit card numbers, cardholder names and expiration dates were exposed, leaving hundreds, possibly thousands, of university students, staff and guests open to identity theft, with victims reporting fake charges on their cards. Social Security numbers were not accessible.

Description of Data Breach - Former and perspective residents of a university housing complex affected by a hacker that was able to access a server containing personal information, including Social Security numbers. A computer with an overseas IP address was able to access the personal information�including Social Security numbers, names and addresses�of 540 current graduate students living in graduate family housing and 3,710 former students and applicants.

Description of Data Breach - Personal and financial data may have been compromised by an intrusion into the systems of the online retailer's Web site. Compromised information included the names, addresses, telephone numbers and Visa credit card numbers.

Description of Data Breach - A hacker accessed the administration site for Robotics Online gaining access to individual orders that contained credit card information. Seven residents of New Hampshire were affected, but national totals were not indicated.

Description of Data Breach - At least six central Ohioans are now under investigation by the U.S. Secret Service for hacking into a government Web site and stealing Social Security numbers to create false credit accounts. More than 270 people nationwide might have been victimized by a security lapse in the Franklin County Municipal Court Web site. Someone was randomly feeding Social Security numbers into a clerk's site, which contained personal information for thousands of people charged with misdemeanors, some guilty of only a speeding ticket. Once a number was hit on, the name, address, age and other information could be used to obtain credit cards and open bank accounts.

Description of Data Breach - This potential breach of security with its e-commerce website would have allowed access to consumer information from August 13, 2007 to October 1, 2007 that was limited to names, addresses and credit card numbers

Description of Data Breach - An unauthorized person reportedly gained access to a computer system and confidential files that included the Social Security numbers, birth date information and addresses for 11,000 alumni and current DSC employees who graduated from or worked at DSC from 1986 to 2005.

Description of Data Breach - Two publicly accessible documents that contained the record of nearly 500 recipients of the federal Perkins Loan; along with each recipient's address, date of birth, Social Security number, legal name and loan amount; were accessible on the Bates network.

Description of Data Breach - An unknown hacker remotely accessed a computer server that housed records containing credit card numbers and Social Security numbers of students who enrolled online for MSU Extended University courses during the last two years. The data in question were encrypted, and there is no evidence that personal information was stolen.

Description of Data Breach - Personal information on anyone who worked or volunteered for the Pembroke schools in the last four years was accessible via the Internet because of a weakness in the district�s computer system. The information included names, birth dates and Social Security numbers.

Description of Data Breach - A hacker illegally gained access to a computer belonging to The Nature Conservancy. The computer contained personal information on current and former employees and their dependents. The stolen information included the names, home addresses, Social Security numbers and birth dates. It also included direct deposit bank account numbers for employees who were on the payroll between 2000 and 2004, as well as the Social Security numbers of those employees� dependents. When employees accessed a particular Web site, the site planted a program on the employees� computers that copied the contents of the hard drives and sent the information to the hacker.

Description of Data Breach - One of Ameritrade�s databases was hacked and contact information for its more than 6.3 million customers was stolen. A spokeswoman for the Omaha-based company said more sensitive information in the same database, including Social Security numbers and account numbers, does not appear to have been taken. "We were able to conclude that while Social Security Numbers are stored in this particular database, SSNs were not retrieved." The company said names, e-mail addresses, phone numbers, and home addresses were taken in the data breach. Company customers did received unwanted spam because of this breach.

Description of Data Breach - A number of files containing Social Security numbers, test scores and course grades were exposed online. It appears the person responsible for the breach may not have known enough about computers to realize the information could be accessed outside the university system.

Description of Data Breach - Hackers stole the names, e-mail addresses and telephone numbers of about 146,000 subscribers to USAJOBS.gov. The hackers accessed the information from the resume database run by Monster.com, which provides the technology for USAJOBS.gov. Monster Worldwide told OPM that no Social Security numbers were compromised.

Description of Data Breach The company that maintained the hospital's online bill payment system, transferred patient information from one server to another to perform maintenance but didn't take security measures, leaving information such as names, addresses and Social Security numbers exposed.

Description of Data Breach - A database containing Social Security numbers, dates of birth and names of people employed at the facility between 1997 and 2002 was unintentionally moved �from a secure private drive that was accessible only by the human resources department to a shared directory that could be accessed by other employees here.�

Description of Data Breach City Harvest is currently investigating a potential improper access of systems that contained credit card information of their donors.

Description of Data Breach University databases were hacked. Names, addresses, Social Security numbers, birth dates, and in some cases, the school districts where former students were teaching were exposed, however "University Spokeswoman Kelly Cunningham said the initial review indicated that the server was being used to launch an attack on a computer unaffiliated with the University, and that students' personal information was not a specific target".

Description of Data Breach Credit card information and names were hacked from a database. The thieves got names, addresses, phone numbers and complete credit-card information.

Description of Data Breach - Computer-security safeguards were breached and accessed information including the applicants' names, birth dates and, in most cases, Social Security numbers.

Description of Data Breach Social Security numbers of faculty, students and prospective students were stored on the Web database program that was compromised.

Description of Data Breach This breach occurred in one of the computer applications that resulted in exposure of sensitive information belonging to current and former U.Va. faculty members. The information included names, Social Security numbers and dates of birth. The investigation has revealed that on 54 separate days between May 20, 2005 and April 19, 2007, hackers tapped into the records of 5,735 faculty members.

Description of Data Breach - A hacker launched a worm that attacked a University computer server used by the College of Arts and Sciences. Information for 45,000 students enrolled at UC-B from 2002 to the present was exposed, including SSNs. The breach was discovered May 12. Apparently anti-virus software had not been properly configured.

Description of Data Breach - A computer server in the office of the Illinois Dept. of Financial and Professional Regulation was breached earlier this year. SSNs, tax numbers, and addresses of banking and real estate professionals were exposed. The hacking incident was discovered May 3

Description of Data Breach - A hacker accessed a college computer that contained the names, addresses, birth dates, Social Security numbers and phone numbers of students and information on some parents with the suspected motivation of using the system to send spam e-mails.

Description of Data Breach A hacker accessed a computer database containing the names and Social Security numbers of employees of any campus within the University system in 2004 who were also current or former students of the Columbia campus.

Description of Data Breach Personal information of former employees mostly in the School of Electrical and Computer Engineering including names, addresses, Social Security number, other sensitive information, and about 400 state purchasing card numbers was compromised by unauthorized access to a Georgia Tech computer account.

Description of Data Breach - Up to 600 files of G.E.D. recipients were viewed when the online database was hacked. Files included names, addresses, birthdates, and SSNs of G.E.D. graduates from 1965 to 2002.

Description of Data Breach - A computer security breach exposed the personal information, including SSNs, of children enrolled in the FAMIS program, Family Access to Medical Insurance Security.

Description of Data Breach - A hacker broke into a UM computer server mid-January and might have accessed personal information, including SSNs, of 1,220 researchers on 4 campuses. The passwords of 2,579 individuals might also have been exposed.

Description of Data Breach - The TJX Companies Inc. experienced an "unauthorized intrusion" into its computer systems that process and store customer transactions including credit card, debit card, check, and merchandise return transactions. It discovered the intrusion mid-December 2006. Transaction data from 2003 as well as mid-May through December 2006 may have been accessed. According to its Web site, TJX is "the leading off-price retailer of apparel and home fashions in the U.S. and worldwide."