Chronology of Data Breaches
Security Breaches 2005 - Present

Posted Date: April 20, 2005
Updated Date: December 31, 2013

Is this your first visit to our Chronology of Data Breaches?

  • Read our FAQ about what we define as a breached record, how we calculate the "total" records breached, our data sources, state breach notice laws, studies and other resources

  • Learn how to use our Chronology and take advantage of its sophisticated search and sort features

  • Get our RSS Feed to see when we add new breaches to the list

What would you like to do?

Chronology of Data Breaches

Custom Sort
Select your desired results. Then click "Go!"

Click or unclick the boxes then select go.


Select features, then click GO.



Help Guide

Can't find the sort feature you're looking for? Click here to download a CSV file of the data breach list as it exisits today.
Breach Total
931,529,111 RECORDS BREACHED
(Please see explanation about this total.)
from 4,467 DATA BREACHES made public since 2005

Save or Print PDF of Entire Breach List including introduction.Save or Print a PDF of Entire Breach List (including introductory FAQ)

Filter breach list before saving or printing PDF. Conduct a search of the Chronology using its sorting features, and Save or Print a PDF of your search results (Select filters)

If you do not have access to PDF, you can print the Chronology in landscape view.

Date Made Publicsort icon Name Entity Type
January 10, 2005 George Mason University
Fairfax, Virginia
EDU HACK

32,000

Names, photos, and Social Security numbers of 32,000 students and staff were compromised because of a hacker attack on the University's main ID server.

 
Information Source:
Dataloss DB
records from this breach used in our total: 32,000

January 18, 2005 University of California, San Diego
San Diego, California
EDU HACK

3,500

A hacker breached the security of two University computers that stored the Social Security numbers and names of students and alumni of UCSD Extension.

 
Information Source:
Dataloss DB
records from this breach used in our total: 3,500

January 22, 2005 University of Northern Colorado
Greeley, Colorado
EDU PORT

15,790 (15,790 employees and an unknown number of employee beneficiaries)

A hard drive was lost or stolen. It contained information on current and former University employees and their beneficiaries and dates back to April of 1997.  Names, dates of birth, SSNs, addresses, bank account numbers and routing numbers may have been accessed.

 
Information Source:
Dataloss DB
records from this breach used in our total: 15,790

February 12, 2005 Science Applications International Corp. (SAIC)
San Diego, California
BSO STAT

45,000 employees

On January 25 thieves broke into a SAIC facility and stole computers containing personal information of past and current employees. Stolen information included names, Social Security numbers, addresses, phone numbers and records of financial transactions.

 
Information Source:
Dataloss DB
records from this breach used in our total: 45,000

February 15, 2005 ChoicePoint
Alpharetta, Georgia
BSO INSD

163,000

Fraudsters who presented themselves as legitimate ChoicePoint customers purchased data profiles from ChoicePoint on individuals and used that data to commit identity theft. The initial number of affected records was estimated at 145,000 but was later revised to 163,000.

UPDATE(1/26/06): ChoicePoint settled with the Federal Trade Commission for $10 million in civil penalties and $5 million for consumer redress.

UPDATE (12/06/06): The FTC announced that victims of identity theft as a result of the data breach who had out-of-pocket expenses can now be reimbursed. The claims deadline is Feb. 4, 2007.

UPDATE (06/24/07): Starting Dec. 2006, the FTC began mailing claims forms to victims of the breach. Its Web site provides information about the claims process. Deadline is Aug. 18, 2007. Victims can be reimbursed for out-of-pocket expenses resulting from identity theft connected to the breach. Call (888) 884-8772, or email cpredress@ftc.gov.

UPDATE (11/04/07): Since its 2005 data security incident, ChoicePoint has implemented enhancements to its privacy and information security framework including the establishment of an Office of Privacy, Ethics and Compliance to reinforce the responsible use and protection of information at ChoicePoint through policies and procedures, audit and compliance, and outreach and education. Visit www.privacyatchoicepoint.com.

UPDATE (1/27/08): Has agreed to pay $10 million to settle a class action lawsuit

 
Information Source:
Security Breach Letter
records from this breach used in our total: 163,000

February 18, 2005 University of Chicago Hospital
Chicago, Illinois
MED INSD

85

The FBI launched an investigation into possible fraud by at least one hospital employee. As many as 85 patients may have been affected.  The hospital contacted all affected patients.

 
Information Source:
Dataloss DB
records from this breach used in our total: 85

February 25, 2005 Bank of America Corp.
Charlotte, North Carolina
BSF PORT

1,200,000

Computer tapes with credit card information, Social Security numbers, addresses and account numbers were lost.  Bank of America began monitoring the customer accounts on the lost tapes and said it would contact cardholders if unusual activity was detected.  Around 900,000 of the account holders affected were Defense Department employees.

 
Information Source:
Dataloss DB
records from this breach used in our total: 1,200,000

February 25, 2005 PayMaxx
Miramar, Florida
BSF DISC

100,000

A software glitch at PayMaxx Inc., a Franklin, Tenn., payroll processing company, accidentally revealed personal financial information on as many as 100,000 individuals, including Social Security numbers. The problem arose in a PayMaxx feature that enabled employees to use the Internet to get their W-2 forms, the standard tax information form issued by companies to their employees.

 
Information Source:
Dataloss DB
records from this breach used in our total: 100,000

March 8, 2005 DSW Shoe Warehouse, Retail Ventures
Columbus, Ohio
BSR HACK

1,400,000

Credit card information from customers in 25 states was compromised.

UPDATE (04/19/2005): An additional 1,300,000 customers were added to the initial estimate of 100,000.

UPDATE (08/23/2012): DSW was locked in a dispute with National Union over insurance coverage.  A federal appellate court ruled that DSW was entitled to insurance coverage of more than $6.8 million in stipulated losses and prejudgment interest.

 
Information Source:
Dataloss DB
records from this breach used in our total: 1,400,000

March 10, 2005 LexisNexis
Dayton, Ohio
BSO INSD

310000

Unauthorized individuals used IDs and passwords of legitimate customers to obtain consumers' Social Security numbers, driver's license numbers, and names and addresses. Most of the breaches were at the company's subsidiary Seisint Inc., based in Florida.

UPDATE (4/12/05) An internal investigation at LexisNexis has uncovered evidence that an additional 280,000 records may have been involved in this breach, increasing the total from 30,000 to 310,000.

UPDATE (06/30/06): Five men were arrested in connection with this breach.

 
Information Source:
Dataloss DB
records from this breach used in our total: 310,000

March 11, 2005 University of California, Berkeley
Berkeley, California
EDU PORT

98,400

A laptop containing the Social Security numbers of doctoral degree recipients from 1976 to 1999, graduate students enrolled between 1989 and 2003, and graduate school applicants between fall 2001 and spring of 2004 was stolen.  Birth dates and addresses for about one-third of the affected people were also on the laptop.

 
Information Source:
Dataloss DB
records from this breach used in our total: 98,369

March 11, 2005 Kaiser Permanente
Oakland, California
MED DISC

140

A disgruntled employee posted information on her blog noting that Kaiser Permanente included private patient information on systems diagrams posted on the Web.

UPDATE (6/21/2005): The California Department of Managed Health Care fined Kaiser $200,000 for exposing the confidential health information.

 
Information Source:
Dataloss DB
records from this breach used in our total: 140

March 11, 2005 Boston College
Boston, Massachusetts
EDU HACK

120,000

A hacker gained access to a phone banking database that included alumni addresses and Social Security numbers.

 
Information Source:
Dataloss DB
records from this breach used in our total: 120,000

March 12, 2005 Las Vegas Department of Motor Vehicles (LV DMV)
Las Vegas, Nevada
GOV STAT

8,900

A computer and holographic laminate materials were stolen from the Donovan office of the DMV in North Las Vegas.

UPDATE. The equipment was recovered on June 1.

 
Information Source:
Dataloss DB
records from this breach used in our total: 8,900

March 16, 2005 California State University, Chico
Chico, California
EDU HACK

59,000

A university housing and food service computer server containing names and Social Security numbers of faculty, staff, students, former students, and prospective students was hacked.

 
Information Source:
Dataloss DB
records from this breach used in our total: 59,000

March 20, 2005 Northwestern University
Evanston, Illinois
EDU HACK

17,500

Hackers gained access to multiple computers and gathered user ID and password information from the University's network.  The personal information for around 500 faculty members, 2000 staff members, and 14,000 alumni was compromised. 

 
Information Source:
Media
records from this breach used in our total: 17,500

March 20, 2005 University of Nevada, Las Vegas
Las Vegas, Nevada
EDU HACK

5,000

A hacker was caught accessing the University's server and may have gotten information from the Student Exchange and Visitor Information System (SEVIS).

 
Information Source:
Dataloss DB
records from this breach used in our total: 5,000

March 25, 2005 Purdue University
West Lafayette, Indiana
EDU HACK

1,200 (not included in total because news stories are not clear if SSNs or financial information were exposed)

Computers in the College of Liberal Arts' Theater Dept. were hacked, exposing personal information of employees, students, graduates, and business affiliates.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

April 5, 2005 MCI
Colorado Springs, Colorado
BSO PORT

16,500

A laptop containing names and Social Security numbers of current and former employees was stolen from the car trunk of an MCI financial analyst.  An MCI spokesperson stated that MCI would continue its policy of allowing laptops to be taken home by employees and will evaluate new security technologies.

 
Information Source:
Dataloss DB
records from this breach used in our total: 16,500

April 5, 2005 University of California, Davis
Davis, California
EDU HACK

1,100

The names and Social Security numbers of students, faculty, visiting speakers and staff may have been compromised when a hacker accessed a main computer.

 
Information Source:
Dataloss DB
records from this breach used in our total: 1,100

April 6, 2005 University of California, San Francisco (UCSF)
San Francisco, California
EDU HACK

7,000

A server in the accounting and personnel departments was hacked. It contained information on 7,000 students, faculty, and staff members. The affected individuals were notified March 23.

 
Information Source:
Dataloss DB
records from this breach used in our total: 7,000

April 8, 2005 Eastern National
Ft. Washington, Pennsylvania
NGO HACK

15,000

A hacker gained access to a server containing the names, credit card information, and billing addresses of 15,000 customers.  Letters were mailed to all customers who bought products through the educational website for national parks.

 
Information Source:
Dataloss DB
records from this breach used in our total: 15,000

April 8, 2005 San Jose Medical Group
San Jose, California
MED STAT

187,000

UPDATE(10/10/07): A former branch manager at the San Jose Medical Group has been sentenced to almost two years in prison for stealing medical records for about 187,000 patients. The accused pleaded guilty in May to one count of health care-related theft after he stole computer equipment from his former employer, including a DVD that contained patients' names, Social Security numbers, medical diagnoses and other information.

 
Information Source:
Dataloss DB
records from this breach used in our total: 187,000

April 11, 2005 Tufts University
Boston, Massachusetts
EDU HACK

106,000

RuffaloCODY is the software management company.

The University's donor database was breached sometime in late 2004.  The database was managed by a software company for nonprofit organizations named RuffaloCODY.  Letters were sent to the alumni who may have had their personal information stolen.

 
Information Source:
Dataloss DB
records from this breach used in our total: 106,000

April 15, 2005 Polo Ralph Lauren, HSBC
New York, New York
BSR HACK

180,000

Credit card data was stolen. Individuals holding the HSBC-issued General Motors Mastercard were told their cards should be replaced.

UPDATE(07/10/07): U.S. Secret Service agents found Ralph Polo Lauren customers' credit card numbers in the hands of Eastern European cyber thieves who created high-quality counterfeit credit cards. Victims are from the U.S., Europe, Asia and Canada, among other places, Several Cuban nationals in Florida were arrested with more than 200,000 credit card account numbers.

 
Information Source:
Dataloss DB
records from this breach used in our total: 180,000

April 15, 2005 California Department of Health Services
Sacramento, California
GOV PORT

21,600

A laptop containing the names, Social Security numbers, and medical information of Medi-Cal beneficiaries was stolen from the car trunk of an employee.  The Department of Health Services began notifying beneficiaries in late May.

 
Information Source:
Dataloss DB
records from this breach used in our total: 21,600

April 20, 2005 TD Ameritrade
Omaha, Nebraska
BSF PORT

200,000

A backup tape was lost, stolen, or accidentally destroyed while being shipped.  The tape contained account information from clients or former clients between the years of 2001 and 2003.  Ameritrade notified the affected clients and offered one free year of credit protection services.

 
Information Source:
Dataloss DB
records from this breach used in our total: 200,000

April 21, 2005 Carnegie Mellon University
Pittsburgh, Pennsylvania
EDU HACK

19,000

The compromised information included Social Security numbers and grades from master's alumni classes 1997 through 2004, job offer information from master's alumni classes 1985 through 2004, contact information for all alumni, and Social Security numbers and grades from doctoral students enrolled between 1998 and 2004.  Between 5,000 and 6,000 of those affected had their credit card information and Social Security numbers compromised. Emails and letters were sent to those who were affected.

 
Information Source:
Dataloss DB
records from this breach used in our total: 19,000

April 26, 2005 Michigan State University's Wharton Center
East Lansing, Michigan
EDU HACK

40,000

A hacker may have stolen the credit card information of visitors attending a performing arts venue.  Warnings were sent to Wharton visitors who used their credit cards anytime between September of 2003 and the incident.

 
Information Source:
Dataloss DB
records from this breach used in our total: 40,000

April 26, 2005 Christus St. Joseph's Hospital
Houston, Texas
MED STAT

16,000

Two computers used for converting paper medical records into digital files were stolen.  One of the computers contained Social Security numbers and medical records for hundreds of patients.  Letters were sent to about 16,000 patients.

 
Information Source:
Dataloss DB
records from this breach used in our total: 16,000

April 28, 2005 Georgia Southern University
Stateboro, Georgia
EDU HACK

tens of thousands (at least 20,000)

Hackers accessed a University server which contained thousands of credit card and Social Security numbers collected over three years.  Students who received bookstore credit through scholarship or financial aid between the fall 2003 and spring of 2005 semesters, and anyone who made credit purchases at campus stores, stadium, or website are at risk.  Email alerts were sent to students and alumni.

 
Information Source:
Dataloss DB
records from this breach used in our total: 20,000

April 28, 2005 Wachovia, Bank of America, PNC Financial Services Group and Commerce Bancorp
Hackensack, New Jersey
BSF INSD

676,000

Note: location listed is the corporate headquarters of Bank of America, not necessarily where the breach occurred.

Bank employees illegally sold account information to someone posing as a collection agency. Customers affected were notified and received one year of free credit monitoring services.

 
Information Source:
Dataloss DB
records from this breach used in our total: 676,000

April 29, 2005 Oklahoma State University
Stillwater, Oklahoma
EDU PORT

37,000

A laptop used for student job placement seminars was lost or stolen.  It contained the Social Security numbers of current and former students.

 
Information Source:
Dataloss DB
records from this breach used in our total: 37,000

May 2, 2005 Time Warner, Iron Mountain Inc.
New York, New York
BSO PORT

600,000

Backup tapes containing the personal information of current and former employees from as far back as 1986 was lost or stolen during shipping. An 800 number was set up to answer questions and provide free credit monitoring for one year.

UPDATE (5/3/2005): A contractor named Iron Mountain Inc. lost the tapes during shipping. 

 
Information Source:
Dataloss DB
records from this breach used in our total: 600,000

May 4, 2005 Colorado Health Department
Denver, Colorado
GOV PORT

1,600 (families)

A laptop containing Social Security numbers, medical records, family medical history, and addresses was stolen from an employee's car.  The State Health Department is not monitoring the affected group and has only contacted some of the families involved.

 
Information Source:
Dataloss DB
records from this breach used in our total: 1,600

May 5, 2005 Purdue University
West Lafayette, Indiana
EDU HACK

11,360

Hackers accessed a program which contained University credit card information and the Social Security numbers of current and former employees. Letters were sent to employees and former employees.

 
Information Source:
Dataloss DB
records from this breach used in our total: 11,360

May 5, 2005 Arbella Mutual Insurance Company
Quincy, Massachusetts
BSF DISC

Unknown

The Massachusetts Registry of Motor Vehicles was the breached entity.

A customer discovered that he could view the Registry of Motor Vehicles database by visiting a website printed on the bottom of his insurance paperwork.  He was able to look up people by name and then obtain their address, date of birth, license number, driving history and even their Social Security number most times.  The company corrected the problem quickly.  The company believes the error was temporary and that few outsiders were able to access the information.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

May 7, 2005 Department of Justice
Washington, District Of Columbia
GOV PORT

80,000

The laptop was stolen from Omega World Travel of Fairfax, VA.

A laptop containing password protected names and travel account credit card information was stolen sometime between May 7 and May 9.

 
Information Source:
Dataloss DB
records from this breach used in our total: 80,000

May 11, 2005 Stanford University
Stanford, California
EDU HACK

9,900

The University's Career Development Center was hacked. This exposed the names, Social Security numbers, and other personal information of users. Names and credit card information for some employers that registered with the site were also in the database.

 
Information Source:
Dataloss DB
records from this breach used in our total: 9,900

May 12, 2005 Hinsdale Central High School
Hinsdale, Illinois
EDU HACK

2,400

Two students were accused of hacking into the School's computer system and stealing student and staff Social Security numbers.  The students had the information for months before being caught.  Letters were sent to affected families. The Social Security Administration and the Federal Trade Commission were also notified.

 
Information Source:
Dataloss DB
records from this breach used in our total: 2,400

May 14, 2005 Georgia Technology Authority (GTA)
Atlanta, Georgia
GOV INSD

465,000

A former computer programmer for Georgia Technology Authority downloaded state driver's license information which contained names, addresses, driver's license numbers, and in some cases Social Security numbers.

 
Information Source:
Dataloss DB
records from this breach used in our total: 465,000

May 16, 2005 Westborough Bank
Westborough, Massachusetts
BSF INSD

750

A former employee who ran an investment program from 1998 to 2001 may have given Social Security numbers and account information to a convicted felon known for defrauding senior citizens.  The bank mailed warning letters.

 
Information Source:
Dataloss DB
records from this breach used in our total: 750

May 18, 2005 Jackson Community College
Jackson, Michigan
EDU HACK

8,000

A hacker may have downloaded the passwords and Social Security numbers of employees and students.  The College sent new, high security passwords to students and employees.

 
Information Source:
Dataloss DB
records from this breach used in our total: 8,000

May 18, 2005 University of Iowa
Iowa City, Iowa
EDU HACK

30,000

A computer containing credit card numbers and campus ID numbers for University Book Store customers was breached by a hacker.

 
Information Source:
Dataloss DB
records from this breach used in our total: 30,000

May 19, 2005 Valdosta State University
Valdosta, Georgia
EDU HACK

40,000

A computer server containing campus ID card information and Social Security numbers was hacked. The cards were designed to be used as debit cards by students and employees.

 
Information Source:
Dataloss DB
records from this breach used in our total: 40,000

May 27, 2005 Cleveland State University
Cleveland, Ohio
EDU PORT

44,420

A laptop containing personal information from applicants, current students, and former students was stolen from the University's admissions office.  The information included Social Security numbers and addresses from as far back as 2001.  Letters were sent to those affected.  

UPDATE (12/24/05):CSU found the stolen laptop

 
Information Source:
Dataloss DB
records from this breach used in our total: 44,420

May 28, 2005 Merlin Information Services
Kalispell, Montana
BSO INSD

5,875

An individual fraudulently obtained personal information about thousands of victims from Merlin Information Services and used that information to commit identity theft by opening up credit card accounts. He posed as a private investigator, thus giving Merlin the impression that he was a legitimate user of their services. He conducted at least 1,873 queries through the Merlin system to obtain information on approximately 5,875 people.

 
Information Source:
Media
records from this breach used in our total: 5,875

May 30, 2005 Motorola
Schaumburg, Illinois
BSO STAT

Unknown

Two computers were stolen from third party vendor Affiliated Computer Services (ACS).  They had security safeguards and contained names and Social Security numbers of Motorola employees.  Motorola notified affected staff by email and offered fraud insurance coverage.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

June 4, 2005 Duke University Medical Center
Durham, North Carolina
EDU HACK

14,000 (No reports of full SSNs or financial information)

A hacker broke into the computer system, stealing thousands of passwords and fragments of Social Security numbers.  Fourteen thousand affected people were notified, including 10,000 employees of Duke University Medical Center.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

June 6, 2005 Citigroup, UPS
New York, New York
BSF PORT

3,900,000

Customers are being notified that backup tapes containing their account information were lost or stolen while being shipped by UPS.

 
Information Source:
Dataloss DB
records from this breach used in our total: 3,900,000

Breach Total
931,529,111 RECORDS BREACHED
(Please see explanation about this total.)
from 4,467 DATA BREACHES made public since 2005
Showing 1-50 of 4467 results


X

Sign In!

Loading