Chronology of Data Breaches
Security Breaches 2005 - Present

Posted Date: April 20, 2005
Updated Date: December 31, 2013

Is this your first visit to our Chronology of Data Breaches?

  • Read our FAQ about what we define as a breached record, how we calculate the "total" records breached, our data sources, state breach notice laws, studies and other resources

  • Learn how to use our Chronology and take advantage of its sophisticated search and sort features

  • Get our RSS Feed to see when we add new breaches to the list

What would you like to do?

Chronology of Data Breaches

Custom Sort
Select your desired results. Then click "Go!"

Click or unclick the boxes then select go.


Select features, then click GO.



Help Guide

Can't find the sort feature you're looking for? Click here to download a CSV file of the data breach list as it exisits today.
Breach Total
872,602,323 RECORDS BREACHED
(Please see explanation about this total.)
from 4,375 DATA BREACHES made public since 2005

Save or Print PDF of Entire Breach List including introduction.Save or Print a PDF of Entire Breach List (including introductory FAQ)

Filter breach list before saving or printing PDF. Conduct a search of the Chronology using its sorting features, and Save or Print a PDF of your search results (Select filters)

If you do not have access to PDF, you can print the Chronology in landscape view.

Date Made Publicsort icon Name Entity Type
September 1, 2006 Wells Fargo via unnamed auditor
San Francisco, California
BSF PORT

Unknown

In a letter dated Aug. 28, the company notified its employees that a laptop and data disk were stolen from the locked trunk of an unnamed auditor, hired to audit the employees' health plan. Data included names, SSNs, and information about drug claim cost and dates from 2005, but no prescription information said the company.

 
Information Source:
Security Breach Letter
records from this breach used in our total: 0

September 1, 2006 Virginia Commonwealth University (VCU)
Richmond, Virginia
EDU DISC

2,100 current and former students

http://old.ts.vcu.edu/security/id_exposure.html

Personal information of freshmen and graduate engineering students from 1998 through 2005 was exposed on the Internet for 8 months (Jan. - Aug.) due to human error. It was discovered by a student who used a search engine to find her name. The data included SSNs and e-mail addresses.

 
Information Source:
Dataloss DB
records from this breach used in our total: 2,100

September 1, 2006 City of Chicago via contractor Nationwide Retirement Solutions, Inc.
Chicago, Illinois
GOV PORT

38,443

(800) 638-1485, http://www.chicagofop.org/Updates/links/nrs.pdf

A laptop was stolen from the home of one of the contractor's employees in April 2005. It was reported to the city July 2006. Data included names, addresses, phone numbers, birth dates and SSNs for those in the city's deferred compensation plan.

 
Information Source:
Dataloss DB
records from this breach used in our total: 38,443

September 1, 2006 LandAmerica Credit Services, Inc., Diversified Capital
San Jose, California
BSF HACK

124

A hacker may have accessed personal information.  A customer named Diversified Capital noticed unusual activity on its account.  An investigation revealed that the unauthorized access was most likely the result of a stolen password or unauthorized use of the password.  The breach was first noticed on July 17 and notification was sent on August 10.

 
Information Source:
Dataloss DB
records from this breach used in our total: 124

August 31, 2006 CoreLogic for ComUnity Lending
Sacramento, California
BSO STAT

Unknown

(877) 510-3700, identityprotection@corelogic.com. Exact date in August 2006 unknown.

In early August, CoreLogic notified customers of ComUnity Lending that a computer with customers' data was stolen from its office. Data included names, SSNs, and property addresses related to an existing or anticipated mortgage loan.

 
Information Source:
Security Breach Letter
records from this breach used in our total: 0

August 31, 2006 Labcorp
Monroe, New Jersey
MED STAT

Unknown

 (800) 788-9091 x3925

During a break-in June 4 or 5, a computer was stolen that contained names and SSNs, but according to the company did not have birth dates or lab test results.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

August 31, 2006 Diebold, Inc., GE Capital
Canton, Ohio
BSO PORT

Unknown

An employee's laptop was stolen containing employee information, including name, SSN, and if applicable, corporate credit card number.

 
Information Source:
Security Breach Letter
records from this breach used in our total: 0

August 29, 2006 Valley Baptist Medical Center
Harlingen, Texas
MED DISC

Unknown

 (877) 840-5999

A programming error on the hospital's web site exposed names, birth dates, and SSNs of healthcare workers in late August. The error was fixed but it is not known how long the personal information was compromised. The affected individuals are workers from outside the hospital who provide services and bill the hospital via an online form.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

August 29, 2006 AT&T via vendor that operates an order processing computer
San Francisco, California
BSO HACK

19,000

Computer hackers accessed credit card account data and other personal information of customers who purchased DSL equipment from AT&T's online store. The company is notifying fewer than 19,000 customers.

UPDATE (9/1/06). The breach was followed by a bogus phishing e-mail to those customers that attempted to trick them into revealing more info such as SSN and birthdate -- essential for crime of identity theft.

 
Information Source:
Dataloss DB
records from this breach used in our total: 19,000

August 29, 2006 Compass Health
Everett, Washington
MED PORT

Unknown

(800) 508-0059

Compass Health notified some of its clients that a laptop containing personal information, including SSNs, was stolen June 28. The agency serves people who suffer from mental illness.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

August 29, 2006 Wells Fargo, Paymap Inc., First Horizon Home Loans, Western Union
Memphis, Tennessee
BSF PORT

Unknown

Computer discs with sensitive customer information were stolen from a Paymap facility in September of 2005. People who were subscribers between 1999 and 2002 may have been affected. The theft was not discovered until an unrelated mail fraud investigation was in process. information included names, addresses, telephone numbers, Social Security numbers, loan account numbers, bank account information, copies of signatures and copies of voided or cleared personal checks.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

August 28, 2006 Copart, Inc.
Fairfield, California
BSR HACK

43,764 (No SSNs or financial information reported)

Hackers may have acquired the full names of customers, business and home addresses, telephone numbers, email addresses, driver's license numbers and possibly driver's license photographs. The website breach was discovered on July 17 and customers were notified on August 28. No Social Security numbers or financial information was accessed.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

August 27, 2006 New Mexico Administrative Office of the Courts
Santa Fe, New Mexico
GOV DISC

1,500 employees

For 8 days in late May, an unsecured document was exposed on the agency's FTP site on the state's computer server. It contained names, birth dates, SSNs, home addresses and other personal information of judicial branch employees. The FTP site was shut down June 2 and has since be redesigned.

 
Information Source:
Dataloss DB
records from this breach used in our total: 1,500

August 26, 2006 PortTix
Portland, Maine
BSO HACK

2,000

Credit card information for about 2,000 people who ordered tickets online through PortTix was accessed by someone who hacked into the Web site. PortTix is Merrill Auditorium's ticketing agency. The Web site was secured as of Aug. 24.

 
Information Source:
Dataloss DB
records from this breach used in our total: 2,000

August 26, 2006 University of South Carolina
Columbia, South Carolina
EDU HACK

6,000

TheState.com reported that the University of South Carolina warned 6,000 current and former students that their information, including Social Security numbers and birth dates, may have been breached when a server was accessed from outside the system.

 
Information Source:
Media
records from this breach used in our total: 6,000

August 25, 2006 Dominion Resources
Richmond, Virginia
BSO PORT

Unknown

Two laptops containing employee information were stolen earlier in August. It was not clear what type of data were included. No customer records were on the computers. Dominion operates a gas and electric energy distribution company.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

August 25, 2006 U.S. Department of Transportation, Federal Motor Carrier Safety Administration
Baltimore, Maryland
GOV PORT

193 (not added to total)

(800) 832-5660

A laptop that might contain personal information of people with commercial driver's licenses was stolen Aug. 22. FMCSA said the data might include names, dates of birth, and commercial driver's license numbers of 193 individuals from 40 trucking companies.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

August 25, 2006 Sovereign Bank
New Bedford, Massachusetts
BSF PORT

thousands of customers

Personal data may have been compromised when 3 managers' laptops were stolen from 2 separate locations in early August. Customers were notified Aug. 21. Sovereign serves New England and the Mid-Atlantic. The bank said the data included unspecified customer information, but not account data.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

August 25, 2006 Verizon Wireless
Basking Ridge, New Jersey
BSR DISC

5,210 (No SSNs or financial information reported)

A Microsoft Excel spreadsheet file with the information of 5,210 customers was accidentally distributed to 1,800 Verizon Wireless subscribers. The information included names, email addresses, cell phone numbers and cell phone models. The file was accidentally attached to an ad for a Bluetooth wireless headset.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

August 23, 2006 U.S. Department of Education, Direct Loan Servicing Online
Atlanta, Georgia
GOV DISC

21,000

http://www.dlssonline.com

A faulty Web site software upgrade resulted in personal information of 21,000 student loan holders being exposed on the U.S. Department of Education's loan Web site. Information included names, birthdates, SSNs, addresses, phone numbers, and in some cases, account information. Affiliated Computer Services Inc. is the contractor responsible for the breach. The breach did not include those whose loans are managed through private companies.

 
Information Source:
Dataloss DB
records from this breach used in our total: 21,000

August 22, 2006 AFLAC American Family Life Assurance Co.
Greenville, South Carolina
BSF PORT

612 policyholders

(888) 794-2352

A laptop containing customers' personal information was stolen from an agent's car. It contained names, addresses, SSNs, and birth dates of 612 policyholders. They were notified Aug. 11.

 
Information Source:
Dataloss DB
records from this breach used in our total: 612

August 22, 2006 Beaverton School District
Beaverton, Oregon
EDU PHYS

1,600 employees

Time slips revealing personal information were missing and presumed stolen following a July 24 break-in at a storage shed on the administration office's property. The time slips included names and SSNs but not addresses.

 
Information Source:
Dataloss DB
records from this breach used in our total: 1,600

August 22, 2006 Beaumont Hospital
Troy, Michigan
MED PORT

28,473

A vehicle of a home health care nurse was stolen from outside a senior center Aug. 5. Although it was recovered nearby, a laptop left in the rear of the car was not recovered. It contained names, addresses, SSNs, and insurance information of home health care patients.

UPDATE (8/23/06). The laptop was returned Aug. 23 by a woman who said she found it in her yard.

 
Information Source:
Dataloss DB
records from this breach used in our total: 28,473

August 21, 2006 U.S. Department of Education via contractor, DTI Associates
Washington, District Of Columbia
GOV PORT

43

Two laptops were stolen from DTI's office in downtown DC containing personal information on 43 grant reviewers for the Teacher Incentive Fund. DTI could not rule out that the data included SSNs.

 
Information Source:
Dataloss DB
records from this breach used in our total: 43

August 18, 2006 California Department of Mental Health
Sacramento, California
GOV PORT

9,468

The location listed is the headquarters. It is unknown where the tape was lost.

 (916) 654-2309

A computer tape with employees' names, addresses, and SSNs has been reported missing. Employees were notified Aug. 17 by e-mail.

 
Information Source:
Dataloss DB
records from this breach used in our total: 9,468

August 18, 2006 Experian, LA Walker Company
Roseville, California
BSF HACK

30

Thirty New York residents and an unknown number of customers nationwide had their information accessed.  The unauthorized access by an Experian client resulted in the exposure of names, dates of birth, account numbers, Social Security numbers and addresses.

 
Information Source:
Dataloss DB
records from this breach used in our total: 30

August 17, 2006 Williams-Sonoma, Deloitte & Touche
San Francisco, California
BSR PORT

1,200 current and former employees

On July 10, a laptop was stolen from the Los Angeles home of a Deloitte & Touche employee who was conducting an audit for W-S. Computer contained employees' payroll information and SSNs.

 
Information Source:
Dataloss DB
records from this breach used in our total: 1,200

August 17, 2006 HCA, Inc. Hospital Corporation of America
Nashville, Tennessee
MED STAT

thousands of files

(800) 354-1036, http://www.hcahealthcare.com

10 computers containing Medicare and Medicaid billing information and records of employees and physicians from 1996-2006 were stolen from one of the company's regional offices. Some patient names and SSNs were exposed, but details are vague. Records for patients in hospitals in the following states were affected: CO, KS, LA, MS, OK, OR, TS, WA.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

August 17, 2006 Q Dental Group PC
Irondequoit, New York
MED PORT

106 (5 cases of financial information)

An employee's car was stolen from the parking lot of a lab. A schedule of patients that included name, reason for visit, date of visit, doctor name and possibly phone number was in the car. The financial information of five patients and more detailed medical information of eight patients was also in the car.

 
Information Source:
Dataloss DB
records from this breach used in our total: 5

August 16, 2006 Chevron
San Ramon, California
BSO PORT

Unknown

Total employees affected is unclear. Nearly half of Chevron's 59,000 workers are from North America, but it is not known if that number includes employees from Canada.

Chevron informed its U.S. workers on Aug. 14 that a laptop was stolen from an employee of an independent public accounting firm who was auditing its benefits plans. The theft apparently occurred Aug. 5. Files contained SSNs and sensitive information related to health and disability plans.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

August 15, 2006 University of Kentucky
Lexington, Kentucky
EDU DISC

630

The names and SSNs of 630 students were posted on the University's financial aid web site between Friday and Monday, Aug. 11-14.

 
Information Source:
Dataloss DB
records from this breach used in our total: 630

August 15, 2006 University of Kentucky Department of Georgraphy
Lexington, Kentucky
EDU DISC

80

About 80 geography students were notified Aug. 14 that their SSNs were inadvertently listed on an e-mail communication they all received telling them who their academic advisor would be for the coming year.

 
Information Source:
Dataloss DB
records from this breach used in our total: 80

August 15, 2006 U.S. Department of Transportation
Orlando, Florida
GOV PORT

Unknown

On April 24, a DOT employee's laptop computer was stolen from an Orlando hotel conference room. It contained several unencrypted case files. Investigators are determining if it contained sensitive personal information.

 
Information Source:
Media
records from this breach used in our total: 0

August 15, 2006 New Century Mortgage Corporation
Irvine, California
BSF INSD

Unknown

On August 10, a former employee was found to have copied and disseminated customer information to unknown third parties. The information included names, addresses and Social Security numbers.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

August 11, 2006 Madrona Medical Group
Bellingham, Washington
MED INSD

At least 6,000 patients

On Dec. 17, 2005, a former employee accessed and downloaded patient files onto his laptop computer. Files included name, address, SSN, and date of birth. The former employee has since been arrested.

 
Information Source:
Dataloss DB
records from this breach used in our total: 6,000

August 10, 2006 Bay View Acceptance Corporation
Covina, California
BSF PORT

68

Two disks were missing from a ripped package sent through UPS. The names, Social Security numbers, addresses and phone numbers of account holders were lost. The disks fell out of the package sometime before it arrived on July 12. Sixty-eight New York residents were affected; the total number of affected customers was not released.

 
Information Source:
Dataloss DB
records from this breach used in our total: 68

August 10, 2006 Weyerhaeuser Company
Washington, District Of Columbia
BSR PHYS 1,597
A book containing payroll data was stolen.  
Information Source:
Dataloss DB
records from this breach used in our total: 1,597

August 10, 2006 Manhasset-Lakeville Fire District
Great Neck, New York
GOV STAT

300

A computer was lost or stolen during office renovations.  The computer contained member names, dates of birth, Social Security numbers, addresses and names of beneficiaries. The computer is believed to have been destroyed.

 
Information Source:
Dataloss DB
records from this breach used in our total: 300

August 10, 2006 American Heart Association AHA, KGMG
Dallas, Texas
MED PORT

97

KPMG International was conducting an audit of AHA's retirement accounts when an auditor's laptop was stolen from her car.  KPMG notified AHA of the breach and informed them of which employees had their names and Social Security numbers on the laptop.  The laptop was stolen from the vehicle at the auditor's home on July 21, but the information did not reach AHA employees until August 17.

 
Information Source:
Dataloss DB
records from this breach used in our total: 97

August 9, 2006 U.S. Department of Transportation
Washington, District Of Columbia
GOV PORT

132,470

(800) 424-9071,  hotline@oig.dot.gov

The DOT's Office of the Inspector General reported a special agent's laptop was stolen on July 27 from a government-owned vehicle in Miami, FL, parked in a restaurant parking lot. It contained names, addresses, SSNs, and dates of birth for 80,670 persons issued commercial drivers licenses in Miami-Dade County, 42,800 persons in FL with FAA pilot certificates and 9,000 persons with FL driver's licenses.

UPDATE (11/21/06):A suspect was arrested in the same parking lot where the theft occurred, but the laptop has not been recovered. Investigators found a theft ring operating in the vicinity of the restaurant parking lot.

 
Information Source:
Dataloss DB
records from this breach used in our total: 132,470

August 9, 2006 Hunter College of the City University of New York
New York, New York
EDU STAT

Unknown

A computer was stolen from the Writing Center in Thomas Hunter Hall on or around July 5.  Its hard drive had a file that contained a list of student names and Social Security numbers. Students who participated in the Spring 2006 CPE intervention session were affected.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

August 9, 2006 Hoffman-La Roche Inc, McCladrey and Pullen LLP
Washington, District Of Columbia
BSR PORT

26,000

A laptop computer belonging to an employee of McCladrey and Pullen LLP was stolen on July 18. McCladrey conducts audits of Roche Savings and Pay Deferral Plan. The laptop included names, Social Security numbers, affiliation with the plan, plan account balance and 2005 plan withdrawal amounts.

 
Information Source:
Dataloss DB
records from this breach used in our total: 26,000

August 8, 2006 Virginia Bureau of Insurance
Richmond, Virginia
GOV DISC

Unknown

(804) 726-2630

The Bureau has advised insurance agents in the state that their SSN may have been exposed on its web site from June 13 through July 31, 2006, due to a programming error. The SSNs were not shown on any web page, but could have been found by savvy computer users using the source code tool of a web browser.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

August 8, 2006 Linens 'n Things
Sterling, Virginia
BSR PHYS

90

A folder holding about 90 receipts was missing from the store. Receipts included full credit or debit account number and name of the card holder.

 
Information Source:
Dataloss DB
records from this breach used in our total: 90

August 8, 2006 Chautauqua County Department of Social Services
Jamestown, New York
GOV PHYS

12

Paperwork being used in Medicaid fraud investigations was stolen from an employee's car.  The theft occurred sometime between July 31 and August 1.  People who were being investigated may have had their private information exposed.

 
Information Source:
Dataloss DB
records from this breach used in our total: 12

August 7, 2006 U.S. Department of Veterans Affairs via contractor Unisys Corporation
Reston, Virginia
GOV INSD

5,000

Five thousand Philadelphia patients, 11,000 Pittsburgh patients and 2,000 deceased patients were affected.  There is a possibility that 20,000 others were also affected.

A computer at contractor's office was reported missing Aug. 3.  It contained billing records with names, addresses, SSNs, and dates of birth of veterans at two Pennsylvania locations.

UPDATE (9/15/06): Law enforcement recovered the computer and arrested an individual who had worked for a company that provides temporary labor to Unisys.

 
Information Source:
Dataloss DB
records from this breach used in our total: 18,000

August 6, 2006 American Online (AOL)
New York, New York
BSO DISC

650,000 (Unknown number of high-risk personal records)

Other locations: nationwide

In late July AOL posted on a public web site data on 20 million web queries from 650,000 users. Some search records exposed SSNs, credit card numbers, or other pieces of sensitive information.

UPDATE (9/26/06): Three individuals whose data were exposed have filed a lawsuit against AOL.

UPDATE (9/27/06): Six men were charged with creating and executing the phishing scheme.  The men collected AOL email addresses and infected the computers of users with a program that asked for their credit card and bank account numbers during the AOL login process. AOL users were also spammed with phony email messages that asked for payment on AOL charges. 

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

August 4, 2006 Toyota
San Antonio, Texas
BSO PORT

1,500

Laptop belonging to contractor and containing personal information of job applicants and employees of a Toyota plant was stolen. Data included names and SSNs.

 
Information Source:
Dataloss DB
records from this breach used in our total: 1,500

August 4, 2006 PSA HealthCare
Norcross, Georgia
MED PHYS

51,000 current and former patients

(866) 752-5259

A company laptop was stolen from an employee's vehicle in a public parking lot July 15. It contained names, addresses, SSNs, and medical diagnostic and treatment information used in reimbursement claims.

 
Information Source:
Dataloss DB
records from this breach used in our total: 51,000

August 3, 2006 Fiduciary Trust Company International
New York, New York
BSF PORT

53

A laptop that contained the information of current and former clients was stolen from an employee sometime around July 24. The names, account numbers and tax identification or Social Security numbers of clients with claims may have been exposed.

 
Information Source:
Dataloss DB
records from this breach used in our total: 53

Breach Total
872,602,323 RECORDS BREACHED
(Please see explanation about this total.)
from 4,375 DATA BREACHES made public since 2005
Showing 3951-4000 of 4375 results


X

Sign In!

Loading