Chronology of Data Breaches
Security Breaches 2005 - Present

Posted Date: April 20, 2005
Updated Date: December 31, 2013

Is this your first visit to our Chronology of Data Breaches?

  • Read our FAQ about what we define as a breached record, how we calculate the "total" records breached, our data sources, state breach notice laws, studies and other resources

  • Learn how to use our Chronology and take advantage of its sophisticated search and sort features

  • Get our RSS Feed to see when we add new breaches to the list

What would you like to do?

Chronology of Data Breaches

Custom Sort
Select your desired results. Then click "Go!"

Click or unclick the boxes then select go.


Select features, then click GO.



Help Guide

Can't find the sort feature you're looking for? Click here to download a CSV file of the data breach list as it exisits today.
Breach Total
872,715,019 RECORDS BREACHED
(Please see explanation about this total.)
from 4,391 DATA BREACHES made public since 2005

Save or Print PDF of Entire Breach List including introduction.Save or Print a PDF of Entire Breach List (including introductory FAQ)

Filter breach list before saving or printing PDF. Conduct a search of the Chronology using its sorting features, and Save or Print a PDF of your search results (Select filters)

If you do not have access to PDF, you can print the Chronology in landscape view.

Date Made Publicsort icon Name Entity Type
September 13, 2006 American Family Insurance Group
Madison, Wisconsin
BSF PORT

2,089 customers

The office of an insurance agent was broken into and robbed last July. Among the items stolen was a laptop with customers' names, SSNs, and driver's license numbers.

 
Information Source:
Dataloss DB
records from this breach used in our total: 2,089

September 12, 2006 City of Paris Kentucky
Paris, Kentucky
GOV PORT

130

A portable drive that contained the personal information of current and former city employees was lost or stolen in August. Employee names, Social Security numbers and dates of birth were lost.

 
Information Source:
Dataloss DB
records from this breach used in our total: 130

September 11, 2006 Telesource via Veksta
Indianapolis, Indiana
BSO PHYS

Unknown

Employees discovered their personnel files in a Dumpster after the company had been bought out by another company Vekstar. The files were discarded when the office was being cleaned out and shut down. Files contained SSNs, dates of birth and photocopies of SSN cards and driver's licenses.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

September 9, 2006 Cleveland Clinic
Naples, Florida
MED INSD

1,100 patients

(866) 907-0675

A clinic employee stole personal information from electronic files and sold it to her cousin, owner of Advanced Medical Claims, who used it to file fraudulent Medicare claims totaling more than $2.8 million. Information included names, SSNs, birthdates, addresses and other details. Both individuals were indicted.

 
Information Source:
Dataloss DB
records from this breach used in our total: 1,100

September 9, 2006 Discover Bank
Greenwood, Delaware
BSF PORT

11

At least 11 residents of New York were affected, but the total number of affected clients was not released.

A laptop was stolen from a bank employee's home.  The laptop contained bank account information and Social Security numbers.

 
Information Source:
Dataloss DB
records from this breach used in our total: 11

September 9, 2006 Action Capital Mortgage Services, Inc.
Poughkeepsie, New York
BSF STAT

923

An encrypted server was stolen during an August 23 office burglary. Customer information was lost.

 
Information Source:
Dataloss DB
records from this breach used in our total: 923

September 8, 2006 Linden Lab, Second Life
San Francisco, California
BSO HACK

Unknown

http://blog.secondlife.com/2006/09/08/urgent-security-announcement/

On Sept. 6, Linden Lab discovered that a hacker accessed its Second Life database through web servers. The affected data included unencrypted account names, real life names, and contact information, plus encrypted account passwords and payment information. Second Life is a 3-D virtual world.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

September 8, 2006 University of Minnesota
Minneapolis, Minnesota
EDU STAT

13,084 students including SSNs of 603 students

On August 14-15 eve, two computers were stolen from the desk of an Institute of Technology employee, containing information on students who were freshmen from 1992-2006 -- including names, birthdates, addresses, phone numbers, high schools attended, student ID numbers, grades, test scores, and, academic probation. SSNs of 603 students were also exposed.

 
Information Source:
Dataloss DB
records from this breach used in our total: 603

September 8, 2006 Berks County Sheriff's Office via contractor Canon Technology Solutions
Reading, Pennsylvania
GOV DISC

25,000

A confidential list of some of the County's 25,000 gun permit holders was exposed on the Web by the contractor that is developing a Web-based computer records program for the Sheriff's Office. Personal information included names, addresses and SSNs.

UPDATE (10/6/06): The Berks County solicitor's office says the entire list of more than 25,000 gun permit holders was exposed.

 
Information Source:
Dataloss DB
records from this breach used in our total: 25,000

September 7, 2006 Florida National Guard
Bradenton, Florida
GOV PORT

100

A laptop computer was stolen from a soldier's vehicle contained training and administrative records, including Social Security numbers of up to 100 Florida National Guard soldiers.

 
Information Source:
Dataloss DB
records from this breach used in our total: 100

September 7, 2006 Circuit City and Chase Card Services, a division of JP Morgan Chase & Co.
Wilmington, Delaware
BSF PORT

2.6 million past and current Circuit City credit cardholders

Chase Card Services mistakenly discarded 5 computer data tapes in July containing Circuit City cardholders' personal information.

 
Information Source:
Security Breach Letter
records from this breach used in our total: 2,600,000

September 7, 2006 Liberty Mutual Insurance Company
Rancho Cordova, California
BSF PORT

672

A laptop was stolen from an employee's car on July 14. Names and Social Security numbers of employees of Liberty's insureds were exposed. Analysis of the breach was completed on August 22 and notifications were sent in early September.

 
Information Source:
Dataloss DB
records from this breach used in our total: 672

September 7, 2006 Mystic Stamp Company
Camden, New York
BSR HACK

13

The website fell victim to an SQL injection attack. Hackers accessed the website database and obtained customer names, addresses, credit card numbers and expiration dates. The breach was discovered on August 29 and the website's charge card function was disabled.

 
Information Source:
Dataloss DB
records from this breach used in our total: 13

September 5, 2006 Transportation Security Administration (TSA) via Accenture
Washington, District Of Columbia
GOV DISC

1,195 former TSA employees

In late August 2006, Accenture, a contractor for TSA mailed documents containing former employees' SSN,, date of birth, and salary information to the wrong addresses due to an administrative error.

 
Information Source:
Dataloss DB
records from this breach used in our total: 1,195

September 5, 2006 TLM Partners LP
Palm Beach, Florida
BSF PORT

Unknown

Two backup computer tapes were stolen from a vehicle during a June 8 theft. The tapes contained names, addresses and Social Security numbers. The tapes were discovered missing on July 6 and an unknown number of affected clients were notified on July 11. At least two New York residents were affected.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

September 5, 2006 Disney Worldwide Services, Inc.
Burbank, California
BSR PORT

23

A laptop with former employee information was stolen.  The information included names, Social Security numbers, phone numbers, dates of birth, gender, marital status, workplace email and compensation information. At least 23 New York residents were affected, but the number of affected former employees nationwide was not reported.

 
Information Source:
Dataloss DB
records from this breach used in our total: 23

September 1, 2006 Wells Fargo via unnamed auditor
San Francisco, California
BSF PORT

Unknown

In a letter dated Aug. 28, the company notified its employees that a laptop and data disk were stolen from the locked trunk of an unnamed auditor, hired to audit the employees' health plan. Data included names, SSNs, and information about drug claim cost and dates from 2005, but no prescription information said the company.

 
Information Source:
Security Breach Letter
records from this breach used in our total: 0

September 1, 2006 Virginia Commonwealth University (VCU)
Richmond, Virginia
EDU DISC

2,100 current and former students

http://old.ts.vcu.edu/security/id_exposure.html

Personal information of freshmen and graduate engineering students from 1998 through 2005 was exposed on the Internet for 8 months (Jan. - Aug.) due to human error. It was discovered by a student who used a search engine to find her name. The data included SSNs and e-mail addresses.

 
Information Source:
Dataloss DB
records from this breach used in our total: 2,100

September 1, 2006 City of Chicago via contractor Nationwide Retirement Solutions, Inc.
Chicago, Illinois
GOV PORT

38,443

(800) 638-1485, http://www.chicagofop.org/Updates/links/nrs.pdf

A laptop was stolen from the home of one of the contractor's employees in April 2005. It was reported to the city July 2006. Data included names, addresses, phone numbers, birth dates and SSNs for those in the city's deferred compensation plan.

 
Information Source:
Dataloss DB
records from this breach used in our total: 38,443

September 1, 2006 LandAmerica Credit Services, Inc., Diversified Capital
San Jose, California
BSF HACK

124

A hacker may have accessed personal information.  A customer named Diversified Capital noticed unusual activity on its account.  An investigation revealed that the unauthorized access was most likely the result of a stolen password or unauthorized use of the password.  The breach was first noticed on July 17 and notification was sent on August 10.

 
Information Source:
Dataloss DB
records from this breach used in our total: 124

August 31, 2006 CoreLogic for ComUnity Lending
Sacramento, California
BSO STAT

Unknown

(877) 510-3700, identityprotection@corelogic.com. Exact date in August 2006 unknown.

In early August, CoreLogic notified customers of ComUnity Lending that a computer with customers' data was stolen from its office. Data included names, SSNs, and property addresses related to an existing or anticipated mortgage loan.

 
Information Source:
Security Breach Letter
records from this breach used in our total: 0

August 31, 2006 Labcorp
Monroe, New Jersey
MED STAT

Unknown

 (800) 788-9091 x3925

During a break-in June 4 or 5, a computer was stolen that contained names and SSNs, but according to the company did not have birth dates or lab test results.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

August 31, 2006 Diebold, Inc., GE Capital
Canton, Ohio
BSO PORT

Unknown

An employee's laptop was stolen containing employee information, including name, SSN, and if applicable, corporate credit card number.

 
Information Source:
Security Breach Letter
records from this breach used in our total: 0

August 29, 2006 Valley Baptist Medical Center
Harlingen, Texas
MED DISC

Unknown

 (877) 840-5999

A programming error on the hospital's web site exposed names, birth dates, and SSNs of healthcare workers in late August. The error was fixed but it is not known how long the personal information was compromised. The affected individuals are workers from outside the hospital who provide services and bill the hospital via an online form.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

August 29, 2006 AT&T via vendor that operates an order processing computer
San Francisco, California
BSO HACK

19,000

Computer hackers accessed credit card account data and other personal information of customers who purchased DSL equipment from AT&T's online store. The company is notifying fewer than 19,000 customers.

UPDATE (9/1/06). The breach was followed by a bogus phishing e-mail to those customers that attempted to trick them into revealing more info such as SSN and birthdate -- essential for crime of identity theft.

 
Information Source:
Dataloss DB
records from this breach used in our total: 19,000

August 29, 2006 Compass Health
Everett, Washington
MED PORT

Unknown

(800) 508-0059

Compass Health notified some of its clients that a laptop containing personal information, including SSNs, was stolen June 28. The agency serves people who suffer from mental illness.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

August 29, 2006 Wells Fargo, Paymap Inc., First Horizon Home Loans, Western Union
Memphis, Tennessee
BSF PORT

Unknown

Computer discs with sensitive customer information were stolen from a Paymap facility in September of 2005. People who were subscribers between 1999 and 2002 may have been affected. The theft was not discovered until an unrelated mail fraud investigation was in process. information included names, addresses, telephone numbers, Social Security numbers, loan account numbers, bank account information, copies of signatures and copies of voided or cleared personal checks.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

August 28, 2006 Copart, Inc.
Fairfield, California
BSR HACK

43,764 (No SSNs or financial information reported)

Hackers may have acquired the full names of customers, business and home addresses, telephone numbers, email addresses, driver's license numbers and possibly driver's license photographs. The website breach was discovered on July 17 and customers were notified on August 28. No Social Security numbers or financial information was accessed.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

August 27, 2006 New Mexico Administrative Office of the Courts
Santa Fe, New Mexico
GOV DISC

1,500 employees

For 8 days in late May, an unsecured document was exposed on the agency's FTP site on the state's computer server. It contained names, birth dates, SSNs, home addresses and other personal information of judicial branch employees. The FTP site was shut down June 2 and has since be redesigned.

 
Information Source:
Dataloss DB
records from this breach used in our total: 1,500

August 26, 2006 PortTix
Portland, Maine
BSO HACK

2,000

Credit card information for about 2,000 people who ordered tickets online through PortTix was accessed by someone who hacked into the Web site. PortTix is Merrill Auditorium's ticketing agency. The Web site was secured as of Aug. 24.

 
Information Source:
Dataloss DB
records from this breach used in our total: 2,000

August 26, 2006 University of South Carolina
Columbia, South Carolina
EDU HACK

6,000

TheState.com reported that the University of South Carolina warned 6,000 current and former students that their information, including Social Security numbers and birth dates, may have been breached when a server was accessed from outside the system.

 
Information Source:
Media
records from this breach used in our total: 6,000

August 25, 2006 Dominion Resources
Richmond, Virginia
BSO PORT

Unknown

Two laptops containing employee information were stolen earlier in August. It was not clear what type of data were included. No customer records were on the computers. Dominion operates a gas and electric energy distribution company.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

August 25, 2006 U.S. Department of Transportation, Federal Motor Carrier Safety Administration
Baltimore, Maryland
GOV PORT

193 (not added to total)

(800) 832-5660

A laptop that might contain personal information of people with commercial driver's licenses was stolen Aug. 22. FMCSA said the data might include names, dates of birth, and commercial driver's license numbers of 193 individuals from 40 trucking companies.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

August 25, 2006 Sovereign Bank
New Bedford, Massachusetts
BSF PORT

thousands of customers

Personal data may have been compromised when 3 managers' laptops were stolen from 2 separate locations in early August. Customers were notified Aug. 21. Sovereign serves New England and the Mid-Atlantic. The bank said the data included unspecified customer information, but not account data.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

August 25, 2006 Verizon Wireless
Basking Ridge, New Jersey
BSR DISC

5,210 (No SSNs or financial information reported)

A Microsoft Excel spreadsheet file with the information of 5,210 customers was accidentally distributed to 1,800 Verizon Wireless subscribers. The information included names, email addresses, cell phone numbers and cell phone models. The file was accidentally attached to an ad for a Bluetooth wireless headset.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

August 23, 2006 U.S. Department of Education, Direct Loan Servicing Online
Atlanta, Georgia
GOV DISC

21,000

http://www.dlssonline.com

A faulty Web site software upgrade resulted in personal information of 21,000 student loan holders being exposed on the U.S. Department of Education's loan Web site. Information included names, birthdates, SSNs, addresses, phone numbers, and in some cases, account information. Affiliated Computer Services Inc. is the contractor responsible for the breach. The breach did not include those whose loans are managed through private companies.

 
Information Source:
Dataloss DB
records from this breach used in our total: 21,000

August 22, 2006 AFLAC American Family Life Assurance Co.
Greenville, South Carolina
BSF PORT

612 policyholders

(888) 794-2352

A laptop containing customers' personal information was stolen from an agent's car. It contained names, addresses, SSNs, and birth dates of 612 policyholders. They were notified Aug. 11.

 
Information Source:
Dataloss DB
records from this breach used in our total: 612

August 22, 2006 Beaverton School District
Beaverton, Oregon
EDU PHYS

1,600 employees

Time slips revealing personal information were missing and presumed stolen following a July 24 break-in at a storage shed on the administration office's property. The time slips included names and SSNs but not addresses.

 
Information Source:
Dataloss DB
records from this breach used in our total: 1,600

August 22, 2006 Beaumont Hospital
Troy, Michigan
MED PORT

28,473

A vehicle of a home health care nurse was stolen from outside a senior center Aug. 5. Although it was recovered nearby, a laptop left in the rear of the car was not recovered. It contained names, addresses, SSNs, and insurance information of home health care patients.

UPDATE (8/23/06). The laptop was returned Aug. 23 by a woman who said she found it in her yard.

 
Information Source:
Dataloss DB
records from this breach used in our total: 28,473

August 21, 2006 U.S. Department of Education via contractor, DTI Associates
Washington, District Of Columbia
GOV PORT

43

Two laptops were stolen from DTI's office in downtown DC containing personal information on 43 grant reviewers for the Teacher Incentive Fund. DTI could not rule out that the data included SSNs.

 
Information Source:
Dataloss DB
records from this breach used in our total: 43

August 18, 2006 California Department of Mental Health
Sacramento, California
GOV PORT

9,468

The location listed is the headquarters. It is unknown where the tape was lost.

 (916) 654-2309

A computer tape with employees' names, addresses, and SSNs has been reported missing. Employees were notified Aug. 17 by e-mail.

 
Information Source:
Dataloss DB
records from this breach used in our total: 9,468

August 18, 2006 Experian, LA Walker Company
Roseville, California
BSF HACK

30

Thirty New York residents and an unknown number of customers nationwide had their information accessed.  The unauthorized access by an Experian client resulted in the exposure of names, dates of birth, account numbers, Social Security numbers and addresses.

 
Information Source:
Dataloss DB
records from this breach used in our total: 30

August 17, 2006 Williams-Sonoma, Deloitte & Touche
San Francisco, California
BSR PORT

1,200 current and former employees

On July 10, a laptop was stolen from the Los Angeles home of a Deloitte & Touche employee who was conducting an audit for W-S. Computer contained employees' payroll information and SSNs.

 
Information Source:
Dataloss DB
records from this breach used in our total: 1,200

August 17, 2006 HCA, Inc. Hospital Corporation of America
Nashville, Tennessee
MED STAT

thousands of files

(800) 354-1036, http://www.hcahealthcare.com

10 computers containing Medicare and Medicaid billing information and records of employees and physicians from 1996-2006 were stolen from one of the company's regional offices. Some patient names and SSNs were exposed, but details are vague. Records for patients in hospitals in the following states were affected: CO, KS, LA, MS, OK, OR, TS, WA.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

August 17, 2006 Q Dental Group PC
Irondequoit, New York
MED PORT

106 (5 cases of financial information)

An employee's car was stolen from the parking lot of a lab. A schedule of patients that included name, reason for visit, date of visit, doctor name and possibly phone number was in the car. The financial information of five patients and more detailed medical information of eight patients was also in the car.

 
Information Source:
Dataloss DB
records from this breach used in our total: 5

August 16, 2006 Chevron
San Ramon, California
BSO PORT

Unknown

Total employees affected is unclear. Nearly half of Chevron's 59,000 workers are from North America, but it is not known if that number includes employees from Canada.

Chevron informed its U.S. workers on Aug. 14 that a laptop was stolen from an employee of an independent public accounting firm who was auditing its benefits plans. The theft apparently occurred Aug. 5. Files contained SSNs and sensitive information related to health and disability plans.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

August 15, 2006 University of Kentucky
Lexington, Kentucky
EDU DISC

630

The names and SSNs of 630 students were posted on the University's financial aid web site between Friday and Monday, Aug. 11-14.

 
Information Source:
Dataloss DB
records from this breach used in our total: 630

August 15, 2006 University of Kentucky Department of Georgraphy
Lexington, Kentucky
EDU DISC

80

About 80 geography students were notified Aug. 14 that their SSNs were inadvertently listed on an e-mail communication they all received telling them who their academic advisor would be for the coming year.

 
Information Source:
Dataloss DB
records from this breach used in our total: 80

August 15, 2006 U.S. Department of Transportation
Orlando, Florida
GOV PORT

Unknown

On April 24, a DOT employee's laptop computer was stolen from an Orlando hotel conference room. It contained several unencrypted case files. Investigators are determining if it contained sensitive personal information.

 
Information Source:
Media
records from this breach used in our total: 0

August 15, 2006 New Century Mortgage Corporation
Irvine, California
BSF INSD

Unknown

On August 10, a former employee was found to have copied and disseminated customer information to unknown third parties. The information included names, addresses and Social Security numbers.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

Breach Total
872,715,019 RECORDS BREACHED
(Please see explanation about this total.)
from 4,391 DATA BREACHES made public since 2005
Showing 3951-4000 of 4391 results


X

Sign In!

Loading