Chronology of Data Breaches
Security Breaches 2005 - Present

Posted Date: April 20, 2005
Updated Date: December 31, 2013

Is this your first visit to our Chronology of Data Breaches?

  • Read our FAQ about what we define as a breached record, how we calculate the "total" records breached, our data sources, state breach notice laws, studies and other resources

  • Learn how to use our Chronology and take advantage of its sophisticated search and sort features

  • Get our RSS Feed to see when we add new breaches to the list

What would you like to do?

Chronology of Data Breaches

Custom Sort
Select your desired results. Then click "Go!"

Click or unclick the boxes then select go.


Select features, then click GO.



Help Guide

Can't find the sort feature you're looking for? Click here to download a CSV file of the data breach list as it exisits today.
Breach Total
929,676,448 RECORDS BREACHED
(Please see explanation about this total.)
from 4,420 DATA BREACHES made public since 2005

Save or Print PDF of Entire Breach List including introduction.Save or Print a PDF of Entire Breach List (including introductory FAQ)

Filter breach list before saving or printing PDF. Conduct a search of the Chronology using its sorting features, and Save or Print a PDF of your search results (Select filters)

If you do not have access to PDF, you can print the Chronology in landscape view.

Date Made Public Name Entity Type
June 11, 2012 University of North Florida (UNF)
Jacksonville, Florida
EDU HACK

23,246

UNF Housing has set up a webpage to distribute information about the breach. It can be found here.

UNF became aware of a server breach that exposed Social Security numbers and other sensitive information.  Students who submitted housing contracts between 1997 and spring 2011 may have had their information exposed. Multiple servers were affected and secured upon discovery. The information may have been accessed as early as spring of 2011.

 
Information Source:
Databreaches.net
records from this breach used in our total: 23,246

July 25, 2006 Georgetown University Hospital
Washington, District Of Columbia
MED DISC

between 5,600 and 23,000 patients were affected (23,000 added to total below)

Patient data was exposed online via the computers of an e-prescription provider, InstantDx. Data included names, addresses, SSNs, and dates of birth, but not medical or prescription data. GUH suspended the trial program with InstantDX.

 
Information Source:
Dataloss DB
records from this breach used in our total: 23,000

July 17, 2008 University of Maryland
College Park, Maryland
EDU DISC

23,000

University of Maryland accidentally released the addresses and Social Security numbers of thousands of students. A brochure with on-campus parking information was sent by U.S. Mail to students. The University discovered the labels on the mailing had the students' Social Security numbers on it.

 
Information Source:
Dataloss DB
records from this breach used in our total: 23,000

May 22, 2013 Vendini, Inc.
San Francisco, California
BSO HACK

22,900

Those with questions may call Vendini at 800-836-0473.

Vendini's blog statement can be read here: http://blog.vendini.com/

Anyone who used Vendini for ticket purchases may have had their financial information exposed during a March breach.  A hacker accessed Vendini's server and may have obtained customer names, addresses, email addresses, credit card numbers, and credit card expiration dates.  A total of 22,900 customers from Augusta, Maine may have been affected.  It is unclear if people from other states were also affected.

UPDATE (06/12/2013): The unauthorized intrusion was first detected on April 25.  

 
Information Source:
Media
records from this breach used in our total: 22,900

December 14, 2007 Deloitte & Touche, IKON Office Solutions
New York, New York
BSF PORT

22,634

A laptop was stolen from a contractor working on scanning Deloitte's pension fund documents.  The laptop contained names, Social Security numbers, dates of birth, start and end dates and other personnel information of Deloitte partners, principals and other employees.  The laptop was stolen sometime around Thanksgiving.  Deloitte no longer works with the service provider.

 
Information Source:
Dataloss DB
records from this breach used in our total: 22,634

November 13, 2006 Connors State College
Warner, Oklahoma
EDU PORT

Considerably more than 22,500

(918) 463-6267, perline@connorsstate.edu

On Oct. 15, a laptop computer was discovered stolen from the college. (It has since been recovered by law enforcement). The computer contains Social Security numbers and other data for Connors students plus 22,500 high school graduates who qualify for the Oklahoma Higher Learning Access Program scholarships.

 
Information Source:
Dataloss DB
records from this breach used in our total: 22,500

May 8, 2007 University of Missouri
Columbia, Missouri
EDU HACK

22,396

(866) 241-5619

A hacker accessed a computer database containing the names and Social Security numbers of employees of any campus within the University system in 2004 who were also current or former students of the Columbia campus.

 
Information Source:
Dataloss DB
records from this breach used in our total: 22,396

August 30, 2010 Aon Consulting
Chicago, Illinois
BSF DISC

22,000

The Social Security numbers, genders and dates of birth of retirees in Delaware were accidentally posted online for four days as part of a Request for Proposal for the State of Delaware. Names were not included.

UPDATE (9/2/10): A woman affected by Aon's failure to remove personal information from the request has filed a class action lawsuit against Aon Consulting.

 
Information Source:
Dataloss DB
records from this breach used in our total: 22,000

September 15, 2005 Miami University
Hamilton, Ohio
EDU DISC

21,762

A report containing Social Security numbers and grades of students was accessible online for three years.  The University is attempting to contact those affected via letters and emails.  A graduate alerted the University to the exposure after running a Google.com search of her name.

 
Information Source:
Dataloss DB
records from this breach used in our total: 21,762

April 15, 2005 California Department of Health Services
Sacramento, California
GOV PORT

21,600

A laptop containing the names, Social Security numbers, and medical information of Medi-Cal beneficiaries was stolen from the car trunk of an employee.  The Department of Health Services began notifying beneficiaries in late May.

 
Information Source:
Dataloss DB
records from this breach used in our total: 21,600

August 23, 2006 U.S. Department of Education, Direct Loan Servicing Online
Atlanta, Georgia
GOV DISC

21,000

http://www.dlssonline.com

A faulty Web site software upgrade resulted in personal information of 21,000 student loan holders being exposed on the U.S. Department of Education's loan Web site. Information included names, birthdates, SSNs, addresses, phone numbers, and in some cases, account information. Affiliated Computer Services Inc. is the contractor responsible for the breach. The breach did not include those whose loans are managed through private companies.

 
Information Source:
Dataloss DB
records from this breach used in our total: 21,000

September 17, 2006 U.S. Dept. of Education, Direct Loan Servicing
Greenville, Texas
GOV DISC

21,000

A security breach exposed private information of student loan borrowers from Aug. 20-22 during a computer software upgrade. Users of the DOE's Direct Loan Web site were able to view information other than their own if they used certain options when accessing the program's web pages. SSNs were among the data elements exposed online.  Software company Affiliated Computer Services (ACS) created the technology for the Direct Loan Servicing feature on the DoE's site.

 
Information Source:
Dataloss DB
records from this breach used in our total: 21,000

December 5, 2006 Nassau Community College
Garden City, New York
EDU PHYS

21,000

A printout is missing that contains information about each of NCC's 21,000 students, including names, SSNs, addresses, and phone numbers. It disappeared from a desk in the Student Activities Office.

 
Information Source:
Dataloss DB
records from this breach used in our total: 21,000

December 18, 2007 Pennsylvania Department of Aging
Harrisburg, Pennsylvania
GOV PORT

21,000

A state Department of Aging-owned laptop computer containing personal information on senior citizens was stolen from a Johnstown home. The information included names, addresses, Social Security numbers and some medical information.

 
Information Source:
Dataloss DB
records from this breach used in our total: 21,000

November 6, 2008 Harvard Law School
Cambridge, Massachusetts
EDU PORT

21,000

A computer tape containing Social Security numbers, addresses, and financial information was either lost or stolen. About 8,000 records of present and former clients contained Social Security numbers another 13,000 had other identification information that was contained on the tape.

 
Information Source:
Dataloss DB
records from this breach used in our total: 21,000

February 16, 2009 Wyndham Hotels & Resorts
Parsippany, New Jersey
BSO HACK

21,000

http://www.wyndhamworldwide.com/customer_care/data-claim.cfm

In mid-September 2008, the company discovered that a sophisticated hacker penetrated the computer systems of one of the hotels. By going through the centralized network connection, the hacker was then able to access and download information from several, but not all, of the other WHR properties and create a unique file containing payment card information of a small percentage of WHR customers. Potentially exposed through this breach are guest and/or cardholder names and card numbers, expiration dates and other data from the card's magnetic stripe.

 
Information Source:
Dataloss DB
records from this breach used in our total: 21,000

June 9, 2010 TennCare, New Mexico Human Services Department
Chicago, Illinois
MED PORT

76,000 (21,000 cases involving SSNs)

This theft affects people in Tennessee and New Mexico. Around 9,600 people from New Mexico and over 10,000 from Tennessee were affected.

An employee from a subcontractor company called West Monroe Partners was robbed of a laptop containing information for a Medicaid billing company named DentaQuest. DentaQuest was responsible for dental benefits of the New Mexico Human Services Department and TennCare. Around 21,000 people had their full names and Social Security numbers on the stolen laptop. Approximately 55,000 others had some form of personal information on the laptop.

 
Information Source:
Databreaches.net
records from this breach used in our total: 21,000

July 23, 2010 Thomas Jefferson University Hospitals
Philadelphia, Pennsylvania
EDU PORT

21,000

A password-protected laptop was stolen from the office of an employee on June 14.  The computer should not have contained protected health information, but did.  It also contained the name, birth date, gender, ethnicity, diagnosis, Social Security number, insurance information, and hospital account number of approximately 24,000 patients.

 
Information Source:
Databreaches.net
records from this breach used in our total: 21,000

July 25, 2012 Oregon State University
Corvallis, Oregon
EDU INSD

21,000

An unnamed check printing vendor for the University copied data from the University's cashier's office during software upgrades.  The information included 30,000 to 40,000 checks that contained student and employee names, University IDs, check numbers, and check amounts.  Current and former student, faculty, and staff records older than 2004 may have included Social Security numbers. it does not appear that the vendor acted with malicious intent.

 
Information Source:
Media
records from this breach used in our total: 21,000

April 20, 2012 Office of Dr. Rex Smith
Eugene, Oregon
MED STAT

20,915

An office burglary that occurred on or around February 19 resulted in the theft of medications and a computer.  The computer contained patient names, Social Security numbers, and dates of birth. It is unclear if the computer was encrypted.  The total number of patients affected and all types of information exposed are also unclear.

 
Information Source:
PHIPrivacy.net
records from this breach used in our total: 20,915

July 24, 2008 Village of Tinley Park
Chicago, Illinois
GOV PORT

20,400

Computer backup tapes that contain thousands of Social Security numbers of Tinley Park residents have been lost. The tapes containing information from as long ago as 15 years were lost while being transferred from the village hall to another site within the Chicago suburb.

 
Information Source:
Dataloss DB
records from this breach used in our total: 20,400

April 28, 2005 Georgia Southern University
Stateboro, Georgia
EDU HACK

tens of thousands (at least 20,000)

Hackers accessed a University server which contained thousands of credit card and Social Security numbers collected over three years.  Students who received bookstore credit through scholarship or financial aid between the fall 2003 and spring of 2005 semesters, and anyone who made credit purchases at campus stores, stadium, or website are at risk.  Email alerts were sent to students and alumni.

 
Information Source:
Dataloss DB
records from this breach used in our total: 20,000

October 27, 2006 Gymboree
San Francisco, California
BSR PORT

up to 20,000 employees

A thief stole 3 laptop computers from Gymboree's corporate headquarters. They contained unencrypted human resources data (names and Social Security numbers) of thousands of workers.

 
Information Source:
Dataloss DB
records from this breach used in our total: 20,000

June 14, 2007 Division of Workforce Services
Salt Lake City, Utah
GOV UNKN

20,000

(801) 281-1267

Children's Social Security numbers are believed to have been compromised by identity thieves.

 
Information Source:
Media
records from this breach used in our total: 20,000

July 17, 2007 Western Union
Greenwood Village, Colorado
BSF HACK

20,000

Credit card information and names were hacked from a database. The thieves got names, addresses, phone numbers and complete credit-card information.

 
Information Source:
Dataloss DB
records from this breach used in our total: 20,000

November 1, 2007 City University of New York
New York, New York
EDU PORT

20,000

A broken laptop containing personal information was taken from the School's financial aid office.

 
Information Source:
Dataloss DB
records from this breach used in our total: 20,000

March 3, 2008 Kaft Foods
Northfield, Illinois
BSO PORT

20,000

A company-owned laptop computer was stolen from an employee of Kraft Foods traveling on company business. The laptop contained the names and may have contained Social Security numbers.

 
Information Source:
Dataloss DB
records from this breach used in our total: 20,000

March 20, 2008 Lasell College
Newton, Massachusetts
EDU HACK

20,000

A hacker accessed data containing personal information on current and former students, faculty, staff and alumni. Information included names and Social Security numbers.

 
Information Source:
Dataloss DB
records from this breach used in our total: 20,000

April 29, 2010 St. Jude Heritage Medical Group
Orange, California
MED PHYS

20,000

(800) 627-8106

20,000 patients may have had their personal information stolen after a break-in at the St. Jude Heritage Healthcare Clinical Management Services building in Fullerton. The thieves stole five computers. The stolen patient data included Social Security numbers, dates of birth and in some cases, health related information.

 
Information Source:
Dataloss DB
records from this breach used in our total: 20,000

February 22, 2013 LexisNexis, Sprechman & Associates
Miami, Florida
BSO INSD

20,000

LexisNexis informed Sprechman & Associates that the unusual, excessive activity of an associate caused them to eliminate that associate's access to LexisNexis' database.  The associate was later found to have misused Social Security numbers in order to file over 11 million dollars in fraudulent tax refund claims. The dishonest associate was not immediately fired from Sprechman & Associates and was terminated in July 2012 when law enforcement used a warrant to search his home and office computers.  

 
Information Source:
Databreaches.net
records from this breach used in our total: 20,000

March 18, 2014 IRS
, Pennsylvania
GOV INSD

20,000

A former emloyee of the IRS took home a computer thumb drive that contained personal information on 20,000 current and former employees and contractors. The information included Social Security numbers, names and addresses. The thumb drive was plugged into the employees unsecured network, which could have left the information vulnerable.

This incidence dates back to 2007 before the IRS stared using automatic encryption. The IRS will not comment why they did not discover this breach until now, or if the employee who used the thumb drive is still working at the IRS.

 
Information Source:
Media
records from this breach used in our total: 20,000

July 14, 2014 Orangeburg-Calhoun Technical College
Orangeburg, South Carolina
EDU PORT

20,000

"Orangeburg-Calhoun Technical College in South Carolina is notifying 20,000 former and current students and faculty members that an unencrypted laptop computer stolen this month from a staff member's office contained their personal information."

The information contained on the laptops included names, birth dates and Social Security numbers of individuals.

The college stated that the information goes back 6 or 7 years and that they believe the thief was after the hardware, not the data stored on it. The college neglected to comment on whether or not they are providing credit monitoring services for those affected.

 
Information Source:
Media
records from this breach used in our total: 20,000

July 20, 2011 Swedish Medical Center
Seattle, Washington
MED DISC

19,799

The full names and Social Security numbers of current and former employees were accessible online for nearly nine weeks. Employees who worked for Swedish, but not Swedish Physician Division,  in 1994, 1995, 2002, 2003, 2004 and 2006 had their information posted sometime between the middle of April and June 17, 2011. The cause of the accidental disclosure was not reported.

 
Information Source:
Databreaches.net
records from this breach used in our total: 19,799

September 28, 2006 New York State Banking Department
New York, New York
BSF DISC

19,640

During the routine process of indexing the search engine of the Department's website, data files from the 2005 Volume of Operations Reports were inadvertently made accessible to members of the public between July 27 and August 29. Personal information included the Social Security numbers of all independent contractors employed by both licensed mortgage bankers and registered mortgage brokers. Social Security numbers of all felons employed by those registrants who also opted to electronically failed their 2005 VOO reports were also available through the Department's website search engine.

 
Information Source:
Dataloss DB
records from this breach used in our total: 19,640

June 23, 2010 Florida International University
Miami, Florida
EDU DISC

19,495

Florida International University is in the process of sending notification letters to 19,407 students and 88 faculty members after the university’s IT Security Office discovered personal data may have been exposed over the internet via a database’s external search function. An announcement posted on the FIU website lists the personal data as GPAs, test scores, and Social Security numbers that were stored on the College of Education’s E-Folio software app. This database kept track of student data related to state mastery standards, grade tracking, assignments, and Social Security numbers for both students and faculty.

 
Information Source:
Dataloss DB
records from this breach used in our total: 19,495

October 11, 2010 University of Oklahoma-Tulsa Neurology Clinic, Neurology Services of Oklahoma, LLC
Oklahoma City, Oklahoma
MED HACK

19,264

Neurology Services of Oklahoma, LLC is located in Tulsa, OK.

Malware was discovered on a clinic computer on or around July 28. Patients who saw Dr. John Cattaneo at the clinic and at his former employer Neurology, LLC were notified of the breach. Patient names, Social Security numbers, phone numbers, addresses, dates of birth, medical record numbers, lab reports and dates of service were in documents that may have been accessed by the virus.

 
Information Source:
PHIPrivacy.net
records from this breach used in our total: 19,264

September 21, 2010 Pediatric and Adult Allergy, PC
Des Moines, Iowa
MED PORT

19,222

Patients of Dr. George Caudill (retired), Dr. Veljko Zivkovich (retired) Dr. Robert Colman and Dr. Whitney Molis were notified that a backup tape with their personal information was lost on or around July 11. The patient information included name, address, phone number, date of birth, Social Security number, dates of service, services and diagnoses. Medical records and financial information were not on the backup tape. It appears that all patients with accounts created before July 10, 2010 were affected.

 
Information Source:
HHS via PHIPrivacy.net
records from this breach used in our total: 19,222

May 18, 2012 UnitedHealthcare (United Health Group Plan)
Minneapolis, Minnesota
MED INSD

19,100

A dishonest employee used the names, Social Security numbers, addresses, phone numbers, dates of birth, and Medicare Health Insurance Claim Numbers to steal the identities of at least 24 Idaho customers enrolled in UnitedHealthcare Medicare plans. On January 30, 2012, it was discovered that the former employee may have accessed the information in the United Health Care database in a way that was inconsistent with his job duties and possibly for fraud purposes.  The information was taken between June 28 and December 12 of 2011. Affected patients were notified on March 30.

 
Information Source:
PHIPrivacy.net
records from this breach used in our total: 19,100

April 21, 2005 Carnegie Mellon University
Pittsburgh, Pennsylvania
EDU HACK

19,000

The compromised information included Social Security numbers and grades from master's alumni classes 1997 through 2004, job offer information from master's alumni classes 1985 through 2004, contact information for all alumni, and Social Security numbers and grades from doctoral students enrolled between 1998 and 2004.  Between 5,000 and 6,000 of those affected had their credit card information and Social Security numbers compromised. Emails and letters were sent to those who were affected.

 
Information Source:
Dataloss DB
records from this breach used in our total: 19,000

January 31, 2006 Honeywell International
Morristown, New Jersey
BSO UNKN

19,000

Personal information of current and former employees including Social Security numbers and bank account information was posted on an Internet Web site. It was not known whether this was the result of a malicious insider or an administrative error.  Current and former employees whose information was compromised were informed immediately and offered free credit monitoring and identity theft insurance.

 
Information Source:
Dataloss DB
records from this breach used in our total: 19,000

August 29, 2006 AT&T via vendor that operates an order processing computer
San Francisco, California
BSO HACK

19,000

Computer hackers accessed credit card account data and other personal information of customers who purchased DSL equipment from AT&T's online store. The company is notifying fewer than 19,000 customers.

UPDATE (9/1/06). The breach was followed by a bogus phishing e-mail to those customers that attempted to trick them into revealing more info such as SSN and birthdate -- essential for crime of identity theft.

 
Information Source:
Dataloss DB
records from this breach used in our total: 19,000

May 23, 2008 R.E. Moulton
Irving, Texas
BSF PORT

19,000

Thieves broke into the Irving, Texas, regional office and stole a laptop computer containing personally information of numerous individuals, including names and Social Security numbers. The company is in the medical stop-loss insurance industry. 

 
Information Source:
Dataloss DB
records from this breach used in our total: 19,000

May 13, 2009 United Food and Commercial Workers Union 555
Tigard, Oregon
NGO PORT

19,000

A union employee's laptop was stolen on the East Coast. The laptop may have contained personal information of Local 555 members, including birth dates and Social Security numbers.

 
Information Source:
Dataloss DB
records from this breach used in our total: 19,000

October 10, 2011 University of Georgia (UGA)
Athens, Georgia
EDU DISC

18,931

A data file that contained employment information such as names, Social Security numbers, dates of birth, dates of employment, gender, race, home phone numbers, and addresses was accidentally placed on a publicly available web server. The information was available from 2008 until 2011. Faculty and staff who worked at UGA in 2002 were affected.

 
Information Source:
Media
records from this breach used in our total: 18,931

December 17, 2013 Colorado Governor's Office of Information Technology
Denver, Colorado
GOV PORT

18,800

A Colorado state employee lost a flash drive that contained the information of current and former Colorado state employees.  It contained names, Social Security numbers, and a limited number of home addresses.  The flash drive was discovered missing in late November and is believed to have been lost while the employee traveled between work sites.  Approximately 8,000 of those who were affected were current employees while 10,800 were former employees.

 
Information Source:
Media
records from this breach used in our total: 18,800

February 16, 2012 Central Connecticut State University (CCSU)
New Britain, Connecticut
EDU HACK

18,763

A computer breach in a CCSU Business Office exposed the information of current and former faculty, staff, and student workers.  A Z-Bot virus designed to relay information was discovered on the computer on December 6, 2011.  The computer had been exposed for eight days and only exposed the Social Security numbers of those who were affected. People associated with CCSU as far back as 1998 were affected.

 
Information Source:
Databreaches.net
records from this breach used in our total: 18,763

July 19, 2013 University of Virginia, Aetna Health Care
Charlottesville, Virginia
EDU DISC

18,700

A mailing error by a third-party mailing vendor used by Aetna Health Care resulted in the Social Security numbers of students being exposed in open-enrollment brochures.

 
Information Source:
Media
records from this breach used in our total: 18,700

September 29, 2010 Morgan Keegan & Company
Memphis, Tennessee
BSF PORT

18,500

An attorney was able to collect a disk with client names and detailed financial information during an investigation. Clients were notified and their accounts are being monitored for unauthorized use. The breach was discovered on September 15 and the disk was later returned by the attorney.

 
Information Source:
Media
records from this breach used in our total: 18,500

January 28, 2008 Kiwanis International, On-Net Services
Indianapolis, Indiana
NGO HACK

18,432

On January 4, Kiwanis learned of an unauthorized intrusion into its Kiwanis Family Store Website and database that occurred sometime between December 1 of 2007 and January 4 of 2008. The unauthorized person or persons illegally accessed information by running a SQL injection program that gathered names, credit card numbers, expiration dates and billing/shipping addresses of individuals who had purchased items from the Kiwanis Family Store.

 
Information Source:
Dataloss DB
records from this breach used in our total: 18,432

May 30, 2013 California Department of Developmental Services
Santa Monica, California
MED PORT

18,100

An employee at North Los Angeles County Regional Center left a work laptop, a personal laptop, and an iPhone in their car overnight. The items were stolen during the night.  The employee worked for a program that served disabled infants and toddlers.  Names, Social Security numbers, and other personal information were on the unencrypted work laptop.  The theft occurred in November and patients were notified in January of 2013. 

 
Information Source:
Media
records from this breach used in our total: 18,100

Breach Total
929,676,448 RECORDS BREACHED
(Please see explanation about this total.)
from 4,420 DATA BREACHES made public since 2005
Showing 501-550 of 4420 results


X

Sign In!

Loading