Chronology of Data Breaches
Security Breaches 2005 - Present

Posted Date: April 20, 2005
Updated Date: December 31, 2013

Is this your first visit to our Chronology of Data Breaches?

  • Read our FAQ about what we define as a breached record, how we calculate the "total" records breached, our data sources, state breach notice laws, studies and other resources

  • Learn how to use our Chronology and take advantage of its sophisticated search and sort features

  • Get our RSS Feed to see when we add new breaches to the list

What would you like to do?

Chronology of Data Breaches

Custom Sort
Select your desired results. Then click "Go!"

Click or unclick the boxes then select go.


Select features, then click GO.



Help Guide

Can't find the sort feature you're looking for? Click here to download a CSV file of the data breach list as it exisits today.
Breach Total
930,526,448 RECORDS BREACHED
(Please see explanation about this total.)
from 4,427 DATA BREACHES made public since 2005

Save or Print PDF of Entire Breach List including introduction.Save or Print a PDF of Entire Breach List (including introductory FAQ)

Filter breach list before saving or printing PDF. Conduct a search of the Chronology using its sorting features, and Save or Print a PDF of your search results (Select filters)

If you do not have access to PDF, you can print the Chronology in landscape view.

Date Made Publicsort icon Name Entity Type
October 2, 2006 Port of Seattle, Seattle-Tacoma Airport (Sea-Tac)
Seattle, Washington
GOV PORT

6,939 current and former Seattle-Tacoma International Airport employees

http://www.portseattle.org, (888) 902-PORT

Six CDs missing from the ID Badging office at Seattle-Tacoma International Airport hold the personal information of 6,939 airport workers. The data include names, addresses, birth dates, SSNs and driver's license numbers, telephone numbers, employer information, and height/weight. The data on the disks were scanned from paper applications for airport badges. The port learned of the missing disks on September 18 and sent letters to the affected employees on Oct. 2.

 
Information Source:
Dataloss DB
records from this breach used in our total: 6,939

October 2, 2006 Citigroup
Chicago, Illinois
BSF PORT

11

An employee from a Pennsylvania branch reported a missing laptop after a flight. It is believed that the laptop may have been stolen from the employee's luggage after the bags were checked-in for a flight from Chicago to Philadelphia sometime around August 26. At least 11 New York residents and an unknown number of clients nationwide may have had their names, Social Security numbers, addresses and other information exposed.

 
Information Source:
Dataloss DB
records from this breach used in our total: 11

September 29, 2006 University of Iowa Department of Psychology
Iowa City, Iowa
EDU HACK

14,500

A computer containing SSNs of 14,500 psychology department research study subjects was the object of an automated attack designed to store pirated video files for subsequent distribution.

 
Information Source:
Dataloss DB
records from this breach used in our total: 14,500

September 29, 2006 Kentucky Personnel Cabinet via Bluegrass Mailing
Frankfort, Kentucky
GOV DISC

146,000

State employees received letters from the Kentucky Personnel Cabinet with their SSNs visible through the envelope windows.

 
Information Source:
Dataloss DB
records from this breach used in our total: 146,000

September 29, 2006 Nationwide Agribusiness, Farmland Mutual Insurance Company
Columbus, Ohio
BSF PORT

306

A laptop computer was stolen from the home of an employee on or around May 23.  This laptop contained claimants' names, Social Security numbers and addresses.  Nationwide Agribusiness learned of the theft in early September and began the process of developing a privacy and security awareness package for all employees.

 
Information Source:
Dataloss DB
records from this breach used in our total: 306

September 28, 2006 North Carolina Department of Motor Vehicles
Louisville, North Carolina
GOV STAT

16,000

(888) 495-5568

A computer was stolen from a NC Dept. of Motor Vehicles office, reported Sept. 10. It contains names, addresses, driver's license numbers, SSNs, and in some cases immigration visa information of 16,000 people who have been issued licenses in the past 18 months. Most are residents of Franklin County.

 
Information Source:
Dataloss DB
records from this breach used in our total: 16,000

September 28, 2006 Illinois Department of Transportation (IDOT)
Springfield, Illinois
GOV PHYS

40

Documents found by state auditors in recycling bins in a hallway contained IDOT employee names and SSNs.

 
Information Source:
Media
records from this breach used in our total: 40

September 28, 2006 Stevens Hospital Emergency Room via dishonest employee of billing company Med Data
Edmonds, Washington
MED INSD

30

A manager for the hospital's billing company, Med Data, stole patients' credit card numbers. She gave them to her brother who bought $30,000 worth of clothes and gift cards over the Internet. The woman is scheduled for sentencing in Nov. and her brother's trial is expected Jan. 2007.

 
Information Source:
Dataloss DB
records from this breach used in our total: 30

September 28, 2006 New York State Banking Department
New York, New York
BSF DISC

19,640

During the routine process of indexing the search engine of the Department's website, data files from the 2005 Volume of Operations Reports were inadvertently made accessible to members of the public between July 27 and August 29. Personal information included the Social Security numbers of all independent contractors employed by both licensed mortgage bankers and registered mortgage brokers. Social Security numbers of all felons employed by those registrants who also opted to electronically failed their 2005 VOO reports were also available through the Department's website search engine.

 
Information Source:
Dataloss DB
records from this breach used in our total: 19,640

September 27, 2006 New York Life Insurance Company
Boston, Massachusetts
BSF STAT

Unknown

A life insurance agent reported that two desktops were stolen from his office.  Customer names, Social Security numbers, addresses, dates of birth and policy numbers may have been exposed. An unspecified number of customers nationwide were affected.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

September 25, 2006 Movie Gallery US
Gastonia, North Carolina
BSR PHYS

3,800

A large number of Movie Gallery's files and videos were found in a dumpster. The files contained personal information of people employed by Movie Gallery and people applying for jobs at the video store as well as people applying for movie rental membership. Movie Gallery has agreed to pay $50,000 to the State of NC for the breach.

 
Information Source:
Dataloss DB
records from this breach used in our total: 3,800

September 25, 2006 General Electric (GE)
Fairfield, Connecticut
BSO PORT

50,000 employees

An employee's laptop computer holding the names and Social Security numbers of approximately 50,000 current and former GE employees was stolen from a locked hotel room while he was traveling for business.

 
Information Source:
Dataloss DB
records from this breach used in our total: 50,000

September 23, 2006 Erlanger Health System
Chattanooga, Tennessee
MED PORT

4,150 current and former employees

Records of hospital employees disappeared from a locked office on Sept. 15. They were stored on a USB jump drive. Information was limited to names and SSNs. Those affected included anyone who went through job status changes from Nov. 2003 to Sept. 2006.

 
Information Source:
Dataloss DB
records from this breach used in our total: 4,150

September 23, 2006 North Fork Bank
Melville, New York
BSF HACK

3,570

On the morning of July 31, criminals altered a link on the Personal Banking page of NorthForkBank.com that was designed to take visitors to the My NFB Online sign-on page and redirected them to a counterfeit website. The counterfeit website requested sensitive customer information, although it appears that the counterfeit website may not have functioned as intended. The altered link was identified and repaired within three hours and the hacker's access was terminated.

 
Information Source:
Dataloss DB
records from this breach used in our total: 3,570

September 22, 2006 Purdue University College of Science
West Lafayette, Indiana
EDU STAT

2,482

 (866) 307-8520

A file in a desktop computer in the Chemistry Department may have been accessed illegitimately. The file contained names, SSNs, school, major, and e-mail addresses of people who were students in 2000.

 
Information Source:
Dataloss DB
records from this breach used in our total: 2,482

September 22, 2006 University of Colorado, Boulder, Leeds School of Business
Boulder, Colorado
EDU STAT

1,372 students and former students

(303) 492-8741

Two computers had been placed in storage during the school's move to temporary quarters in May. When they were to be retrieved Aug. 28, they were found missing. They had been used by 2 faculty members and included students' names, SSNs, and grades.

UPDATE (9/25/06): One of the computers was found.

 
Information Source:
Dataloss DB
records from this breach used in our total: 1,372

September 22, 2006 Several Indianapolis pharmacies
Indianapolis, Indiana
MED PHYS

Unknown

Earlier this year a local TV reporter from WTHR found that dozens of pharmacies disposed of customer records in unsecured garbage bins. Now the Indiana Board of Pharmacy has launched an investigation of 30 pharmacies. Both the Board and the Attorney General say that the pharmacies violated state law.

 
Information Source:
Media
records from this breach used in our total: 0

September 21, 2006 Pima County Health Department
Tucson, Arizona
GOV PHYS

2,500 (no SSNs or financial information reported)

Vaccination records on 2,500 clients had been left in the trunk of a car that was stolen Sept. 12. The car and records have since been recovered. Records included names, dates of birth and ZIP codes, but no SSNs or addresses.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

September 21, 2006 U.S. Department of Commerce and Census Bureau
Washington, District Of Columbia
GOV PORT

Unknown

https://www.census.gov/Press-Release/www/releases/archives/miscellaneous/007497.html

The agency reported that 1,137 laptops have been lost or stolen since 2001. Of those, 672 were used by the Census Bureau, with 246 of those containing personal data. Secretary Gutierrez said the computers had protections to prevent a breach of personal information.

 
Information Source:
Media
records from this breach used in our total: 0

September 20, 2006 City of Savannah, Georgia
Savannah, Georgia
GOV DISC

8,800 individuals whose identities were captured by red-light cameras

(912) 651-6565, http://www.savannahga.gov/security

Because of a hole in the firewall, a City server exposed personal information online for 7 months. Individuals identified by the Red Light Camera Enforcement Program are affected -- name, address, driver's license number, vehicle identification number, and SSNs of those individuals whose driver's license number is still the SSN.

 
Information Source:
Dataloss DB
records from this breach used in our total: 8,800

September 20, 2006 Berry College via consultant Financial Aid Services Inc.
Mount Berry, Georgia
EDU PHYS

2,093 students and potential students (of those, 1,322 are currently enrolled)

(800) 961-4692, http://www.berry.edu/stulife/idprotect/

Student applications for need-based financial aid were misplaced by a consultant -- in both paper and digital form. Data included name, SSN, and reported family income for students and potential students for the 2005-06 academic year.

 
Information Source:
Dataloss DB
records from this breach used in our total: 2,093

September 19, 2006 Life Is Good
Hudson, New Hampshire
BSR HACK

9,250

Hackers accessed the retailer's database which contained customer's credit card numbers. The company said no other personal information was in the database.

 
Information Source:
Dataloss DB
records from this breach used in our total: 9,250

September 18, 2006 DePaul Medical Center, Radiation Therapy Department
Norfolk, Virginia
MED STAT

More than 100 patients

(757) 889-5945

Two computers were stolen, one on August 28 and the other Sept. 11. Personal data included names, date of birth, treatment information, and some SSNs.

 
Information Source:
Dataloss DB
records from this breach used in our total: 100

September 18, 2006 Olean Area Federal Credit Union
Olean, New York
BSF HACK

11

An unauthorized party managed to obtain financial information from a fraudulent credit union website link. The information included name, address, Credit Union account number, PIN and account password. More clients who live outside of New York may have been affected.

 
Information Source:
Dataloss DB
records from this breach used in our total: 11

September 18, 2006 Cochlear Americas
Englewood, Colorado
BSR HACK

480

A hacker accessed customer information from the online store. Customer names, credit card numbers, credit card expiration dates, shipping or billing addresses, email addresses and phone numbers may have been exposed.

 
Information Source:
Dataloss DB
records from this breach used in our total: 480

September 17, 2006 U.S. Dept. of Education, Direct Loan Servicing
Greenville, Texas
GOV DISC

21,000

A security breach exposed private information of student loan borrowers from Aug. 20-22 during a computer software upgrade. Users of the DOE's Direct Loan Web site were able to view information other than their own if they used certain options when accessing the program's web pages. SSNs were among the data elements exposed online.  Software company Affiliated Computer Services (ACS) created the technology for the Direct Loan Servicing feature on the DoE's site.

 
Information Source:
Dataloss DB
records from this breach used in our total: 21,000

September 16, 2006 Michigan Department of Community Health
Detroit, Michigan
GOV PORT

4,000

Residents who participated in a scientific study were notified that a flash drive was discovered missing as of Aug. 4, and likely stolen, from an MDCH office.The portable memory device contained names, addresses, phone numbers, dates of birth, and SSNs of participants. The study tracked the long-term exposure to flame retardents ingested by residents in beef and milk.

 
Information Source:
Dataloss DB
records from this breach used in our total: 4,000

September 16, 2006 Howard Rice, Morris Davis Chan
Oakland, California
BSF PORT

500

A Morris auditor's laptop was stolen from the auditor's car. The laptop had three spreadsheets with the names and Social Security numbers of Howard employees. Pension plan, 401(k) and profit-sharing account information was also exposed.

 
Information Source:
Dataloss DB
records from this breach used in our total: 500

September 15, 2006 Mercy Medical Center
Merced, California
MED PORT

295

A memory stick containing patient information was found July 18 by a local citizen on the ground at the County Fairgrounds near the hospital's information booth. It was returned to the hospital four weeks later. Data included names, SSNs, dates of birth, and medical records.

 
Information Source:
Dataloss DB
records from this breach used in our total: 295

September 15, 2006 Whistle Junction restaurant
Orlando, Florida
BSO PHYS

Unknown

Personnel files of employees of the now-closed restaurant were found in a nearby Dumpster. Papers included names and SSNs of former employees,

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

September 15, 2006 University of Texas San Antonio
San Antonio, Texas
EDU HACK

64,000

A hacker may have gained access to student and staff names, addresses and Social Security numbers.  Students who received financial aid or worked at the University were affected.  The breach was discovered during a routine risk assessment of the University's computer servers.

 
Information Source:
Dataloss DB
records from this breach used in our total: 64,000

September 15, 2006 Columbia University
New York, New York
EDU INSD

1,132

A temporary employee accessed the personal information of some University employees and used it to establish at least one fraudulent account. The former temp had access to the names, Social Security numbers, addresses, telephone numbers and direct deposit bank account information of a group of employees. The University discovered the breach on August 15 and began notifying affected individuals on August 18.

 
Information Source:
Dataloss DB
records from this breach used in our total: 1,132

September 15, 2006 Harlem Hospital Center, New York City Health and Hospitals Corporation
New York, New York
MED PORT

4,000

A computer hard drive was lost or stolen sometime around September 8. The hard drive contained the names and Social Security numbers of current and former Harlem Hospital employees.

 
Information Source:
Dataloss DB
records from this breach used in our total: 4,000

September 14, 2006 Nikon Inc. and Nikon World Magazine
Melville, New York
BSR DISC

3,235 magazine subscribers

Workers at a Montgomery, AL, camera store discovered that subscription information for the magazine Nikon World was exposed on the Web for at least 9 hours. Data included subscribers' names, addresses and credit card numbers.

 
Information Source:
Dataloss DB
records from this breach used in our total: 3,235

September 14, 2006 Illinois Department of Corrections (IDOC)
Springfield, Illinois
GOV PHYS

16,500

A document containing employees' personal information was found outside the agency's premises where it should not have been. It has since been retrieved. Information included employees' names, SSNs, and salaries.

 
Information Source:
Dataloss DB
records from this breach used in our total: 16,500

September 14, 2006 GreenPoint Mortgage Funding Inc.
Novato, California
BSF PORT

44

A GreenPoint payment processing vendor's storage facility was robbed of several computer disks. The disks contained customer names, addresses, telephone numbers, Social Security numbers, signatures, loan account numbers, bank account information and copies of voided and cleared personal checks.

 
Information Source:
Dataloss DB
records from this breach used in our total: 44

September 13, 2006 American Family Insurance Group
Madison, Wisconsin
BSF PORT

2,089 customers

The office of an insurance agent was broken into and robbed last July. Among the items stolen was a laptop with customers' names, SSNs, and driver's license numbers.

 
Information Source:
Dataloss DB
records from this breach used in our total: 2,089

September 12, 2006 City of Paris Kentucky
Paris, Kentucky
GOV PORT

130

A portable drive that contained the personal information of current and former city employees was lost or stolen in August. Employee names, Social Security numbers and dates of birth were lost.

 
Information Source:
Dataloss DB
records from this breach used in our total: 130

September 11, 2006 Telesource via Veksta
Indianapolis, Indiana
BSO PHYS

Unknown

Employees discovered their personnel files in a Dumpster after the company had been bought out by another company Vekstar. The files were discarded when the office was being cleaned out and shut down. Files contained SSNs, dates of birth and photocopies of SSN cards and driver's licenses.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

September 9, 2006 Cleveland Clinic
Naples, Florida
MED INSD

1,100 patients

(866) 907-0675

A clinic employee stole personal information from electronic files and sold it to her cousin, owner of Advanced Medical Claims, who used it to file fraudulent Medicare claims totaling more than $2.8 million. Information included names, SSNs, birthdates, addresses and other details. Both individuals were indicted.

 
Information Source:
Dataloss DB
records from this breach used in our total: 1,100

September 9, 2006 Discover Bank
Greenwood, Delaware
BSF PORT

11

At least 11 residents of New York were affected, but the total number of affected clients was not released.

A laptop was stolen from a bank employee's home.  The laptop contained bank account information and Social Security numbers.

 
Information Source:
Dataloss DB
records from this breach used in our total: 11

September 9, 2006 Action Capital Mortgage Services, Inc.
Poughkeepsie, New York
BSF STAT

923

An encrypted server was stolen during an August 23 office burglary. Customer information was lost.

 
Information Source:
Dataloss DB
records from this breach used in our total: 923

September 8, 2006 Linden Lab, Second Life
San Francisco, California
BSO HACK

Unknown

http://blog.secondlife.com/2006/09/08/urgent-security-announcement/

On Sept. 6, Linden Lab discovered that a hacker accessed its Second Life database through web servers. The affected data included unencrypted account names, real life names, and contact information, plus encrypted account passwords and payment information. Second Life is a 3-D virtual world.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

September 8, 2006 University of Minnesota
Minneapolis, Minnesota
EDU STAT

13,084 students including SSNs of 603 students

On August 14-15 eve, two computers were stolen from the desk of an Institute of Technology employee, containing information on students who were freshmen from 1992-2006 -- including names, birthdates, addresses, phone numbers, high schools attended, student ID numbers, grades, test scores, and, academic probation. SSNs of 603 students were also exposed.

 
Information Source:
Dataloss DB
records from this breach used in our total: 603

September 8, 2006 Berks County Sheriff's Office via contractor Canon Technology Solutions
Reading, Pennsylvania
GOV DISC

25,000

A confidential list of some of the County's 25,000 gun permit holders was exposed on the Web by the contractor that is developing a Web-based computer records program for the Sheriff's Office. Personal information included names, addresses and SSNs.

UPDATE (10/6/06): The Berks County solicitor's office says the entire list of more than 25,000 gun permit holders was exposed.

 
Information Source:
Dataloss DB
records from this breach used in our total: 25,000

September 7, 2006 Florida National Guard
Bradenton, Florida
GOV PORT

100

A laptop computer was stolen from a soldier's vehicle contained training and administrative records, including Social Security numbers of up to 100 Florida National Guard soldiers.

 
Information Source:
Dataloss DB
records from this breach used in our total: 100

September 7, 2006 Circuit City and Chase Card Services, a division of JP Morgan Chase & Co.
Wilmington, Delaware
BSF PORT

2.6 million past and current Circuit City credit cardholders

Chase Card Services mistakenly discarded 5 computer data tapes in July containing Circuit City cardholders' personal information.

 
Information Source:
Security Breach Letter
records from this breach used in our total: 2,600,000

September 7, 2006 Liberty Mutual Insurance Company
Rancho Cordova, California
BSF PORT

672

A laptop was stolen from an employee's car on July 14. Names and Social Security numbers of employees of Liberty's insureds were exposed. Analysis of the breach was completed on August 22 and notifications were sent in early September.

 
Information Source:
Dataloss DB
records from this breach used in our total: 672

September 7, 2006 Mystic Stamp Company
Camden, New York
BSR HACK

13

The website fell victim to an SQL injection attack. Hackers accessed the website database and obtained customer names, addresses, credit card numbers and expiration dates. The breach was discovered on August 29 and the website's charge card function was disabled.

 
Information Source:
Dataloss DB
records from this breach used in our total: 13

September 5, 2006 Transportation Security Administration (TSA) via Accenture
Washington, District Of Columbia
GOV DISC

1,195 former TSA employees

In late August 2006, Accenture, a contractor for TSA mailed documents containing former employees' SSN,, date of birth, and salary information to the wrong addresses due to an administrative error.

 
Information Source:
Dataloss DB
records from this breach used in our total: 1,195

Breach Total
930,526,448 RECORDS BREACHED
(Please see explanation about this total.)
from 4,427 DATA BREACHES made public since 2005
Showing 3951-4000 of 4427 results


X

Sign In!

Loading