We're Moving!

Beginning Thursday January 29th, Privacy Rights Clearinghouse will be moving offices and our phone systems will be down on Thursday the 29th and Friday the 30th. Our phone system will be up starting Monday February 2nd.

If you have a privacy complaint please use our online complaint center https://www.privacyrights.org/new-complaint. If you need to reach a staff member on those days, please send an email and the appropriate staff member will respond as soon as possible or go to our Contact Us page. 


 

Chronology of Data Breaches
Security Breaches 2005 - Present

Posted Date: April 20, 2005
Updated Date: December 31, 2013

Is this your first visit to our Chronology of Data Breaches?

  • Read our FAQ about what we define as a breached record, how we calculate the "total" records breached, our data sources, state breach notice laws, studies and other resources

  • Learn how to use our Chronology and take advantage of its sophisticated search and sort features

  • Get our RSS Feed to see when we add new breaches to the list

What would you like to do?

Chronology of Data Breaches

Custom Sort
Select your desired results. Then click "Go!"

Click or unclick the boxes then select go.


Select features, then click GO.



Help Guide

Can't find the sort feature you're looking for? Click here to download a CSV file of the data breach list as it exisits today.
Breach Total
932,729,111 RECORDS BREACHED
(Please see explanation about this total.)
from 4,478 DATA BREACHES made public since 2005

Save or Print PDF of Entire Breach List including introduction.Save or Print a PDF of Entire Breach List (including introductory FAQ)

Filter breach list before saving or printing PDF. Conduct a search of the Chronology using its sorting features, and Save or Print a PDF of your search results (Select filters)

If you do not have access to PDF, you can print the Chronology in landscape view.

Date Made Publicsort icon Name Entity Type
October 31, 2006 Yates County Public Health
Penn Yan, New York
MED PORT

68

A laptop computer used for Child Health Plus, Medicaid and Family Health Plus plans was stolen from a vehicle on October 20. It contained application information which included name, Social Security number, date of birth, driver's license number, bank account and personal checking information and employer information. At least 68 New York residents were affected, but the total number of affected individuals nationwide was not revealed.

 
Information Source:
Dataloss DB
records from this breach used in our total: 68

October 30, 2006 National Financial Partners (NFP)
New York, New York
BSF INSD

4,327

A former payroll department employee may have had access to former and current employee information.  The information included Social Security numbers, addresses and birth dates.  The employee was not authorized to view the information.  It is unclear if the employee still had access to the electronic files after termination.

 
Information Source:
Dataloss DB
records from this breach used in our total: 4,327

October 29, 2006 New York University
New York, New York
EDU PORT

30,000

Backup CDs from the Continuing Medical Education program at NYU Medical Center were lost or stolen.  Names, Social Security numbers, addresses, telephone and fax numbers, student ID numbers, debit or credit card information and degree information for students participating in the program between 1999 and the discovery of the loss may have been exposed.

 
Information Source:
Dataloss DB
records from this breach used in our total: 30,000

October 27, 2006 Gymboree
San Francisco, California
BSR PORT

up to 20,000 employees

A thief stole 3 laptop computers from Gymboree's corporate headquarters. They contained unencrypted human resources data (names and Social Security numbers) of thousands of workers.

 
Information Source:
Dataloss DB
records from this breach used in our total: 20,000

October 27, 2006 Hancock Askew & Co.
Savannah, Georgia
BSO PORT

Unknown

On October 5, 2006, a laptop computer containing 401(k) information for employees of at least one company (Atlantic Plastics, Inc.) was stolen from accounting firm Hancock Askew.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

October 27, 2006 LexisNexis
Boca Raton, Florida
BSO PORT

449

A package containing an employee's laptop computer was lost by an overnight courier service during shipping.  The laptop may have included the names, Social Security numbers, driver's license numbers, dates of birth and addresses of certain individuals.  At least 53 residents of Maine and 396 residents of New York were affected, but the total number of affected individuals nationwide was not reported.

 
Information Source:
Dataloss DB
records from this breach used in our total: 449

October 27, 2006 Link Staffing Services
Houston, Texas
BSO STAT

332,000

On September 26 it was discovered that a computer server was stolen during an office burglary. The server had employee names and Social Security numbers. Current and former employees were notified at the end of October after an investigation of the breach.

 
Information Source:
Dataloss DB
records from this breach used in our total: 332,000

October 26, 2006 Akron Children's Hospital
Akron, Ohio
MED HACK

235,903

Overseas hackers broke into two computers at Children's Hospital. One contains private patient data (including Social Security numbers) and the other holds billing and banking information.

 
Information Source:
Dataloss DB
records from this breach used in our total: 235,903

October 26, 2006 Empire Equity Group
Charlotte, North Carolina
BSF PHYS

Unknown

Mortgage files that included personal financial details about loan applicants were found in a dumpster. Empire Equity will pay $12,500 to the State of NC.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

October 26, 2006 LimeWire
Denver, Colorado
BSO HACK

75

http://www.denverda.org/News_Release/Releases/2006%20Release/Computer%20security%20alert.pdf

The Denver Police Dept. reports that LimeWire's file-sharing program was exploited to access personal and financial information from approximately 75 different individual and business account names from all over the country. The information, which included tax records, bank account information, online bill paying records and other material, appears to have been stolen directly from computers that were using LimeWire's filesharing software program.

 
Information Source:
Dataloss DB
records from this breach used in our total: 75

October 25, 2006 Transportation Security Administration (TSA)
Portland, Oregon
GOV PORT

900 current and former Oregon TSA employees

A thumb drive is missing from the TSA command center at Portland International Airport and believed to contain the names, addresses, phone numbers and Social Security numbers of approximately 900 current and former employees.

 
Information Source:
Media
records from this breach used in our total: 900

October 25, 2006 Swedish Medical Center, Ballard Campus
Seattle, Washington
MED INSD

Up to 1,100 patients

(800) 840-6452

An employee stole the names, birthdates, and Social Security numbers from patients who were hospitalized or had day-surgeries from June 22 to Sept 21. She used 3 patients' information to open multiple credit accounts.

 
Information Source:
Dataloss DB
records from this breach used in our total: 1,100

October 25, 2006 Tuscarawas County and Warren County
Tuscarawas County, Ohio
GOV DISC

Unknown

Additional location: Warren County, OH

The Social Security numbers of some Tuscarawas and Warren County voters were available on the LexisNexis Internet database service. Local boards of elections may be the source of the information. 

UPDATE (11/1/06): LexisNexis says it has now removed the SSNs.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

October 25, 2006 Department of Homeland Security
Portland, Oregon
GOV PORT

900

A computer storage device that may have held the personal information of current and former employees was lost or stolen. The device had names, Social Security numbers, addresses and telephone numbers. The device was discovered missing on October 16 at the Transportation Security Administration's command center at Portland International Airport.

 
Information Source:
Dataloss DB
records from this breach used in our total: 900

October 24, 2006 Jacobs Neurological Institute
Buffalo, New York
MED PORT

Unknown

The laptop of a research doctor was stolen from her locked office at the Institute. It included records of patients and her research data.

 
Information Source:
Media
records from this breach used in our total: 0

October 24, 2006 Bethpage Federal Credit Union
Bethpage, New York
BSF PHYS

106

A courier's envelope was delivered to the Credit Union ripped and missing the twenty reports it was supposed to contain.  Some of the reports contained confidential information such as name, address, telephone number, credit card number, and financial institution checking account number.

 
Information Source:
Dataloss DB
records from this breach used in our total: 106

October 23, 2006 Sisters of St. Francis Health Services via Advanced Receivables Strategy (ARS), a Perot Systems Company
Indianapolis, Indiana
MED PORT

266,200

(866) 714-7606

On July 28, 2006, a contractor working for Advanced Receivables Strategy, a medical billing records company, misplaced CDs containing the names and SSNs of 266,200 patients, employees, physicians, and board members of St. Francis hospitals in Indiana and Illinois. About 260,000 patients and about 6,200 employees, board members and physicians were affected for a total of 266,200.  Also affected were records of Greater Lafayette Health Services. The disks were inadvertently left in a laptop case that was returned to a store. The purchaser returned the disks. The records were not encrypted even though St. Francis and ARS policies require encryption.

 
Information Source:
Dataloss DB
records from this breach used in our total: 266,200

October 23, 2006 Chicago Voter Database
Chicago, Illinois
GOV DISC

1.35 million Chicago residents

An official from the not-for-profit Illinois Ballot Integrity Project says his organization hacked into Chicago's voter database, compromising the names, SSNs and dates of birth of 1.35 million residents. The Chicago Election Board is reportedly looking into removing SSNs from the database. Election officials have patched the flaw that allowed the intrusion.

 
Information Source:
Dataloss DB
records from this breach used in our total: 1,350,000

October 23, 2006 Mount Sinai Medical Center
New York, New York
MED PORT

311

A flash drive that contained visitor names, Social Security numbers, children's names, children's dates of birth and dates of visit was lost or stolen during an emergency evacuation. A researcher working with data from New York Children's Environmental Study conducted in Community Medicine reported that the flash drive she left in her computer was missing after she returned sometime around October 5. 

 
Information Source:
Dataloss DB
records from this breach used in our total: 311

October 20, 2006 Manhattan Veterans Affairs Medical Center, New York Harbor Health Care System
New York, New York
MED PORT

1,600

On Sept. 6, an unencrypted laptop computer containing veterans' names, Social Security numbers, and medical diagnosis, was stolen from the Hospital. Veterans who receive pulmonary care were affected.

 
Information Source:
Dataloss DB
records from this breach used in our total: 1,600

October 20, 2006 BlueCross BlueShield of Western New York, HealthNow New York Inc., Administrative Services of Kansas
Buffalo, New York
BSF PORT

96

The theft occurred in a Kansas hospital. Potential HealthNow New York Inc. members were affected.

The laptop of an employee of HealthNow's outside claims vendor Administrative Services of Kansas was stolen during the lunch break of a presentation.  The laptop had potential member names and Social Security numbers.  The theft occurred sometime around June 19 and notification letters were sent on October 16.

 
Information Source:
Dataloss DB
records from this breach used in our total: 96

October 19, 2006 Allina Hospitals and Clinics
Minneapolis, Minnesota
MED PORT

Individuals in 17,000 households

A laptop stolen from a nurse's car on October 8 contains the names and SSNs of individuals in approximately 17,000 households participating in the Allina Hospitals and Clinics obstetric home-care program since June 2005.

 
Information Source:
Dataloss DB
records from this breach used in our total: 17,000

October 19, 2006 University of Minnesota
Minneapolis-St.Paul, Minnesota
EDU PORT

200 students (not included in total)

In June, a University of Minnesota art department laptop computer stolen from a faculty member while traveling in Spain holds personally identifiable information of 200 students.

 
Information Source:
Media
records from this breach used in our total: 200

October 17, 2006 City of Visalia, Recreation Division
Visalia, California
GOV PHYS

200 current and former employees

Personally identifiable information of approximately 200 current and former Visalia Recreation Department employees was exposed when copies of city documents were found scattered on a city street.

 
Information Source:
Dataloss DB
records from this breach used in our total: 200

October 16, 2006 Germanton Elementary School
Germanton, North Carolina
EDU STAT

Unknown

A computer stolen from Germanton Elementary school holds students' SSNs. The data on the computer are encrypted.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

October 16, 2006 VISA, FirstBank (1st Bank)
Lakewood, Colorado
BSF UNKN

Unknown

FirstBank sent a letter to an unknown number of customers informing them their FirstTeller Visa Check Card numbers were compromised when someone accessed “a merchant card processor's transaction database.” The FirstBank letter said customers would receive new cards by October 27.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

October 16, 2006 Dr, Charles Kay of Orchard Family Practice
Englewood, Colorado
MED PHYS

"Hundreds"

Sheriff's deputies evicting Dr. Charles Kay put files from his office in a nearby parking lot. In a news report, Dr. Kay said he had removed the patient files but not the business files.

 
Information Source:
Media
records from this breach used in our total: 100

October 16, 2006 Twin Tier Mortgage
Elmira, New York
BSF STAT

34

An office burglary occurred sometime between October 13 and October 15. A computer with the information of some, but not all clients was stolen. partial list of client information was stolen. Social Security numbers of applicants, names, addresses, phone numbers, dates of birth, income, assets and other mortgage related financial information may have been exposed. At least 34 New York residents were affected, but the total number of affected clients nationwide was not revealed.

 
Information Source:
Dataloss DB
records from this breach used in our total: 34

October 15, 2006 Poulsbo Department of Licensing
Poulsbo, Washington
GOV PORT

2,200

An unspecified “storage device” containing personally identifiable data of approximately 2,200 North Kitsap (WA) residents has been lost from the Poulsbo Department of Licensing. The data include names, addresses, photographs and driver's license numbers of individuals who conducted transactions at the Poulsbo branch in late September.

 
Information Source:
Media
records from this breach used in our total: 2,200

October 14, 2006 T-Mobile USA Inc.
Bellvue, Washington
BSO PORT

43,000 current and former employees

A laptop computer holding personally identifiable information of approximately 43,000 current and former T-Mobile employees disappeared from a T-Mobile employee's checked luggage. T-Mobile has reportedly sent letters to all those affected. The data are believed to include names, addresses, SSNs, dates of birth and compensation information.

 
Information Source:
Dataloss DB
records from this breach used in our total: 43,000

October 14, 2006 CBA Information Solutions, Washington Savings Bank
Bowle, Maryland
BSF UNKN

Unknown

An unauthorized user gained access to the log in information of Washington Savings Bank. The unauthorized user could have accessed customer and non-customer names, Social Security numbers, addresses and credit histories. The breach occurred between September 15 and September 21. At least 20 New York residents were affected, but the nationwide total was not reported.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

October 13, 2006 Ohio Ethics Commission
Columbus, Ohio
GOV PHYS

Unknown

Papers belonging to the Ohio Ethics Commission were found floating on the wind in an alley. The documents are related to state employees' finances and contained SSNs and financial statements. They were supposed to be in the possession of the state archives.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

October 12, 2006 U.S. Census Bureau
Washington, District Of Columbia
GOV PORT

Unknown

Additional location: Travis Co., TX

This spring, residents of Travis County, TX helped the Census Bureau test new equipment. When the test period ended, 15 devices were unaccounted for. The Census Bureau and the Commerce Department issued a press release saying the devices held names, addresses and birthdates, but not income or SSNs.

 
Information Source:
Media
records from this breach used in our total: 0

October 12, 2006 Congressional Budget Office
Washington, District Of Columbia
GOV HACK

Unknown

Hackers broke into the Congressional Budget Office's mailing list and sent a phishing e-mail that appeared to come from the CBO.

 
Information Source:
Media
records from this breach used in our total: 0

October 12, 2006 University of Texas, Arlington
Arlington, Texas
EDU STAT

2,500 students

http://www.uta.edu/oit/iso/Datatheft.php

Two computers stolen from a University of Texas faculty member's home hold the names, SSNs, grades, e-mail addresses and other information belonging to approximately 2,500 students enrolled in computer science and engineering classes between fall 2000 and fall 2006. The theft occurred on September 29 and was reported on October 2.

 
Information Source:
Dataloss DB
records from this breach used in our total: 2,500

October 12, 2006 Sears Holding Corporation
Winter Park, Florida
BSF PORT

Unknown

A laptop was stolen from the office on September 28. Certain customers had their information on an access database file that was on the laptop. Names, telephone numbers, addresses, account number, account types and account expiration dates were exposed.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

October 11, 2006 Republican National Committee (RNC)
Washington, District Of Columbia
NGO DISC

76 RNC donors

http://www.nysun.com/national/gop-donors-personal-data-disclosed-in-rnc-privacy/41341/

The Republican National Committee (RNC) inadvertently emailed a list of donors' names, SSNs and races to a New York Sun reporter.

 
Information Source:
Dataloss DB
records from this breach used in our total: 76

October 11, 2006 DirecTV, Deloitte and Touche LLC
El Segundo, California
BSR PORT

55

A laptop containing the names and Social Security numbers of some current and former DirecTV employees was stolen during a home burglary of a Deloitte and Touche LLP employee. The theft occurred sometime in August. Deloitte and Touche performs audits of The DirecTV Group's pension plans.

 
Information Source:
Dataloss DB
records from this breach used in our total: 55

October 10, 2006 Florida Labor Department
Tallahassee, Florida
GOV DISC

4,624

The names and SSNs of 4,624 Floridians were accessible on the Internet for approximately 18 days in September. The data were not accessible through websites, but an individual came across the information when Googling his own name. The agency has asked Google to remove the pages from its cache, and has notified all affected individuals by mail.  Individuals who had registered with Florida 's Agency for Workforce Innovation were affected.

 
Information Source:
Dataloss DB
records from this breach used in our total: 4,624

October 9, 2006 Troy Athens High School
Troy, Michigan
EDU PORT

4,400

For questions or comments, call (248) 823-4035

A hard drive stolen from Troy Athens High School in August contained transcripts, test scores, addresses and SSNs of students from the graduating classes of 1994 to 2004. The school district and the superintendent have notified all affected alumni by regular mail.

 
Information Source:
Dataloss DB
records from this breach used in our total: 4,400

October 9, 2006 Atlantis Plastic Inc.
Atlanta, Georgia
BSR PORT

720

A laptop was stolen from Atlantis' accounting firm on October 5.  The laptop contained personal information for 720 participants in the Atlantis 401(k) plan.  Names, Social Security numbers, dates of birth, addresses and 401(k) account balance information may have been exposed.

 
Information Source:
Dataloss DB
records from this breach used in our total: 720

October 6, 2006 Cleveland Air Route Traffic Control Center
Oberlin, Ohio
GOV STAT

400

A computer hard drive missing from the Cleveland Air Route Traffic Control Center in Oberlin (OH) contains the names and SSNs of at least 400 air traffic controllers.

 
Information Source:
Dataloss DB
records from this breach used in our total: 400

October 6, 2006 Camp Pendleton Marine Corps base via Lincoln B.P. Management
Camp Pendleton, California
GOV PORT

2,400

A laptop missing from Lincoln B.P. Management Inc. holds personally identifiable data about 2,400 Camp Pendleton residents.

 
Information Source:
Dataloss DB
records from this breach used in our total: 2,400

October 6, 2006 StarCite Inc.
Philadelphia, Pennsylvania
BSO PORT

Unknown

A laptop containing personal information of employees was stolen from a hotel room on September 13. The information included name, Social Security number, date of birth, address, date of hire, occupation, salary, supplemental insurance information, and identified the type and tier of medical and/or dental coverage.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

October 5, 2006 San Juan Capistrano Unified School District (CA)
San Juan Capistrano, California
EDU STAT

Unknown

Five computers stolen from the HQ of San Juan Capistrano Unified School District likely contain the names, SSNs and dates of birth of district employees enrolled in an insurance program.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

October 5, 2006 Homecoming Financial Network Inc.
Minneapolis, Minnesota
BSF DISC

988

On September 9, a web-based tool for mortgage brokers was released that allowed brokers to view all loan applications submitted by all other brokers. The information included names, Social Security numbers and addresses.  The flaw was discovered and fixed the next day.

 
Information Source:
Dataloss DB
records from this breach used in our total: 988

October 4, 2006 Orange County Controller
Orlando, Florida
GOV DISC

Unknown

A Florida woman discovered her marriage license was visible on the Orange County (FL) controller's Web site with no information blacked out, not even SSNs. She discovered the breach because someone had applied for a loan in her name. The Orange County Comptroller is reportedly paying a vendor $500,000 to black out all SSNs by January 2008.

 
Information Source:
Media
records from this breach used in our total: 0

October 3, 2006 Cumberland County
Carlisle, Pennsylvania
GOV DISC

1,200 employees of the county

Cumberland County (PA) officials removed salary board meeting minutes from their Web site because they contained the SSNs of 1,200 county employees. The information was included in minutes from meetings prior to 2000. The county no longer uses SSNs as unique identifiers for employees. Employees will be informed of the data breach in a note included with their paychecks.

 
Information Source:
Dataloss DB
records from this breach used in our total: 1,200

October 3, 2006 Willamette Educational Service District (ESD)
Salem, Oregon
EDU STAT

4,500 Oregon high school students [not included in total because not thought to contain sensitive info. such as SSNs]

Seven computers stolen from a Willamette Educational Service District office were believed to contain personal information of 4,500 Oregon high school students. Backup tapes indicate the computers hold information about the students' school clubs but do not contain sensitive information.

 
Information Source:
Media
records from this breach used in our total: 0

October 3, 2006 Picatinny Arsenal
Rockaway, New Jersey
GOV UNKN

Unknown

 If you have tips, call (973) 989-0652

28 computers are missing from the Picatinny Arsenal, a Department of Defense Weapons Research Center. The computers were reported lost or stolen over the last two years. None of the computers was encrypted. Officials state the computers did not contain classified information.

 
Information Source:
Media
records from this breach used in our total: 0

Breach Total
932,729,111 RECORDS BREACHED
(Please see explanation about this total.)
from 4,478 DATA BREACHES made public since 2005
Showing 3951-4000 of 4478 results


X

Sign In!

Loading