Chronology of Data Breaches
Security Breaches 2005 - Present

Posted Date: April 20, 2005
Updated Date: December 31, 2013

Is this your first visit to our Chronology of Data Breaches?

  • Read our FAQ about what we define as a breached record, how we calculate the "total" records breached, our data sources, state breach notice laws, studies and other resources

  • Learn how to use our Chronology and take advantage of its sophisticated search and sort features

  • Get our RSS Feed to see when we add new breaches to the list

What would you like to do?

Chronology of Data Breaches

Custom Sort
Select your desired results. Then click "Go!"

Click or unclick the boxes then select go.


Select features, then click GO.



Help Guide

Can't find the sort feature you're looking for? Click here to download a CSV file of the data breach list as it exisits today.
Breach Total
868,045,823 RECORDS BREACHED
(Please see explanation about this total.)
from 4,347 DATA BREACHES made public since 2005

Save or Print PDF of Entire Breach List including introduction.Save or Print a PDF of Entire Breach List (including introductory FAQ)

Filter breach list before saving or printing PDF. Conduct a search of the Chronology using its sorting features, and Save or Print a PDF of your search results (Select filters)

If you do not have access to PDF, you can print the Chronology in landscape view.

Date Made Publicsort icon Name Entity Type
January 24, 2006 University of Washington Medical Center
Seattle, Washington
MED PORT

1,600

Laptops containing names, Social Security numbers, maiden names, birth dates, diagnoses and other personal data were stolen from a UW office.  The information was password protected and the affected patients were notified.

 
Information Source:
Dataloss DB
records from this breach used in our total: 1,600

January 23, 2006 University of Notre Dame
Notre Dame, Indiana
EDU HACK

Unknown

Hackers may have accessed Social Security numbers, credit card information and check images of people who donated to the University between November 22 of 2005 and January 12 of 2006.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

January 21, 2006 California Army National Guard
Sacramento, California
GOV PHYS

Hundreds (at least 200)

A briefcase with personal information of National Guardsmen including a seniority roster, Social Security numbers and dates of birth was stolen from the car of an employee.  A memo was sent to National Guard soldiers.

 
Information Source:
Dataloss DB
records from this breach used in our total: 200

January 20, 2006 Indiana University, University Place Conference Center & Hotel
Indianapolis, Indiana
BSO HACK

Unknown

The computer housing the reservations data base was compromised. Data included credit card account numbers and names.

 
Information Source:
Security Breach Letter
records from this breach used in our total: 0

January 20, 2006 University of Kansas (Kansas University)
Lawrence, Kansas
EDU DISC

9,200

A computer file with sensitive personal information was accessible to the public.  Students who applied and paid an application fee online between April 29, 2001 and December 16, 2005 had their names, Social Security numbers, birth dates, addresses, phone numbers and credit card numbers exposed.

 
Information Source:
Dataloss DB
records from this breach used in our total: 9,200

January 17, 2006 City of San Diego, Water & Sewer Department
San Diego, California
GOV INSD

Unknown

A dishonest employee accessed customer account files, including Social Security numbers, and stole the identities of two individuals.

 
Information Source:
Media
records from this breach used in our total: 0

January 16, 2006 New York City Teachers Retirement System
New York, New York
GOV INSD

5,800

A dishonest employee and two others were arrested for their part in writing and cashing fraudulent checks. Police found fraudulent checks with the names of 19 pension members and beneficiaries in the apartment of the former employee. The employee was originally hired as a temp and had worked for the company for three years. He had access to the information of 5,800 pension members.

 
Information Source:
Dataloss DB
records from this breach used in our total: 5,800

January 15, 2006 Illinois Education Association
Springfield, Illinois
NGO STAT

Unknown

Two laptops, six desktops and a digital camera were stolen from the Illinois Education Association office sometime prior to the week of January 3. Some of the computers contained Social Security numbers of members. Many member organizations were affected. Over 2,400 members from the Elgin Area School District were affected.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

January 12, 2006 People's Bank
Bridgeport, Connecticut
BSF PORT

90,000

A computer tape containing names, addresses, Social Security numbers, and checking account numbers was lost while being transported by UPS.  The bank alerted the affected customers and provided them with a credit monitoring service for one year.

 
Information Source:
Dataloss DB
records from this breach used in our total: 90,000

January 2, 2006 H&R Block
Kansas City, Missouri
BSO DISC

Unknown

H&R Block included Social Security numbers in a 40-digit number string on mailing labels.  Affected individuals were contacted.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

January 1, 2006 University of Pittsburgh Medical Center, Squirrel Hill Family Medicine
Pittsburgh, Pennsylvania
MED STAT

700

Six computers containing names, Social Security numbers, and birth dates of patients were stolen from doctors' offices. A letter was sent notifying the affected patients.

 
Information Source:
Dataloss DB
records from this breach used in our total: 700

December 28, 2005 Marriott International Inc.
Orlando, Florida
BSR PORT

206,000

It is unclear whether backup computer tapes with credit card account information and Social Security numbers were lost or stolen from headquarters during November. Employees and time-share owners and customers were affected.

 
Information Source:
Dataloss DB
records from this breach used in our total: 206,000

December 25, 2005 Ameriprise Financial Inc.
Minneapolis, Minnesota
BSF PORT

226,000

(877) 267-7408

A laptop was stolen from an employee's car on Christmas eve. It contained customers' names and Social Security numbers and in some cases, Ameriprise account information. Around 68,000 customers had their names and Social Security numbers exposed.  Around 158,000 customers had their names and internal account numbers exposed.

UPDATE (08/01/06): The laptop was recovered by local law enforcement in the community where it was stolen.

UPDATE (12/11/06): The company settled with the Massachusetts securities regulator in the office of the Secretary of State. Ameriprise agreed to hire an independent consultant to review its policies and procedures for employees' and contractors' use of laptops containing personal information. Ameriprise will pay the state regulator $25,000 for the cost of the investigation.

 
Information Source:
Dataloss DB
records from this breach used in our total: 262,000

December 22, 2005 Ford Motor Co.
Dearborn, Michigan
BSO STAT

70,000

A computer containing names and Social Security numbers of current and former employees was stolen.  Ford alerted those who were affected and offered to pay for their credit monitoring services.

 
Information Source:
Dataloss DB
records from this breach used in our total: 70,000

December 22, 2005 H&R Block
Kansas City, Missouri
BSO DISC

Unknown

Many past and present customers received unsolicited copies of the program TaxCut that displayed their Social Security numbers on the outside, embedded in a lengthy string of code.

 
Information Source:
Security Breach Letter
records from this breach used in our total: 0

December 21, 2005 Sunrise Volkswagen
Lynbrook, New York
BSR PHYS

Unknown

Bank credit applications with names, Social Security numbers, addresses, telephone numbers, employment information and signatures were obtained by unauthorized access between December 15 and 16.  

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

December 20, 2005 Guidance Software, Inc.
Pasadena, California
BSO HACK

3,800

A hacked database exposed credit card numbers of law enforcement officials and network security professionals.  The company is a leading provider of software used to diagnose hacked attacks.

UPDATE (4/3/07): The FTC came to a settlement agreement and final consent order against Guidance Software.

 
Information Source:
Dataloss DB
records from this breach used in our total: 3,800

December 16, 2005 La Salle Bank, ABN AMRO Mortgage Group, DHL
Ann Arbor, Michigan
BSF PORT

[2,000,000] Not included in total below.

A backup tape with residential mortgage customers' information was lost in shipment by DHL.  It contained Social Security numbers and account information.

UPDATE (12/20/05): DHL found the lost tape.

 
Information Source:
Security Breach Letter
records from this breach used in our total: 0

December 16, 2005 Colorado Technical University (CTU)
Colorado Springs, Colorado
EDU DISC

300

An email was erroneously sent which contained names, phone numbers, email addresses, Social Security numbers and class schedules.

 
Information Source:
Security Breach Letter
records from this breach used in our total: 300

December 12, 2005 Sam's Club, a division of Wal-Mart Stores, Inc
Bentonville, Arkansas
BSR UNKN

Unknown

Note: location is corporate headquarters, not necessarily the location of the breach.

Customers who used credit cards at the wholesaler's gas stations discovered fraudulent activity on their credit accounts.  Sam's Club is unaware of how the information was stolen.  Visa alerted the affected financial institutions and asked them to provide fraud monitoring services for the affected customers.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

December 12, 2005 Iowa State University
Ames, Iowa
EDU HACK

5,500

At least one ISU computer was hacked. Social Security numbers and encrypted credit card numbers may have been obtained. Between 2,000 and 2,500 Social Security numbers are at risk and between 2,300 and 3,000 credit card numbers are at risk. Student, alumni, employee and volunteer information was put at risk. 

 
Information Source:
Dataloss DB
records from this breach used in our total: 5,500

December 9, 2005 Oregon Community Credit Union
Springfield, Oregon
BSF PHYS

200

A packet of insurance forms with names, Social Security numbers and addresses of around 200 Oregon Community Credit Union employees was inside of a stolen car. Someone tried to use the identity of an employee after the theft.  The company is on alert and purchased extended identity theft insurance for those who were affected by the theft.

 
Information Source:
Dataloss DB
records from this breach used in our total: 200

December 8, 2005 San Antonio Independent School District
San Antonio, Texas
EDU PORT

1,000

A laptop with personal information of more than a thousand teachers was stolen from an employee's unlocked car.  The information included names, Social Security numbers and dates of birth. 

 
Information Source:
Dataloss DB
records from this breach used in our total: 1,000

December 8, 2005 J-Sargeant Reynolds Community College
Richmond, Virginia
EDU DISC

26,000

The names, Social Security numbers and addresses of students taking non-credit classes from 2000 to 2003 were posted online for months.  The information was compiled for a mailing list, but an employee posted it on the College's server.  A student informed officials of the mistake after accessing the information online.  The College began the process of removing the information from the web.

 
Information Source:
Dataloss DB
records from this breach used in our total: 26,000

December 8, 2005 Federal Reserve Bank of Dallas
Dallas, Texas
GOV PHYS

8,000

A courier truck dropped canceled personal and business checks on northbound Central Expressway near Woodall Rodgers Freeway around 4 a.m.  The incident closed the freeway exit until 7 a.m.  Employees from the Federal Reserve, the courier company and the Texas Department of Transportation removed many checks, though some disappeared.  Some unaffiliated people also returned checks to the authorities.  A very similar incident happened in August of 2005.

 
Information Source:
Dataloss DB
records from this breach used in our total: 8,000

December 7, 2005 Idaho State University, Office of Institutional Research
Pocatello, Idaho
EDU HACK

Unknown

Contact: Information Technology Services (208) 282-2872, http://www.isu.edu/announcement/

ISU discovered a security breach in a server containing archival information about students, faculty, and staff, including names, Social Security numbers, birth dates, and grades. Anyone who was a student or employee between 1995 and 2005 could be affected.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

December 6, 2005 Washington State Employment Security Department
Olympia, Washington
GOV PORT

530

A laptop was stolen from the trunk of an auditor's car. Names, Social Security numbers and earnings of former employees from 2002 to 2005 were exposed.  The Employment Security Department does not have all of the contact information for those affected and used the media to help notify those whose information was compromised.  The laptop contained unemployment insurance reports for 49 Seattle businesses that were undergoing routine audits by Employment Security between November 2004 and October 2005..

 
Information Source:
Dataloss DB
records from this breach used in our total: 530

December 2, 2005 Cornell University
Ithaca, New York
EDU HACK

900

The University discovered a security breach last summer that exposed names, addresses, Social Security numbers, bank names and account numbers.

 
Information Source:
Dataloss DB
records from this breach used in our total: 900

December 1, 2005 First Trust Bank
Memphis, Tennessee
BSF PORT

100,000

A man claiming to be a janitor bypassed security and stole a laptop from the bank.  The laptop contained Social Security numbers and other personal information of current and former customers.  Affected customers were contacted and the theft was caught on tape.

 
Information Source:
Dataloss DB
records from this breach used in our total: 100,000

December 1, 2005 University of San Diego
San Diego, California
EDU HACK

7,800

Hackers gained access to computers containing personal income tax data, including Social Security numbers, names, and addresses.  Faculty members, students and vendors had their information compromised and were notified by the University.

 
Information Source:
Dataloss DB
records from this breach used in our total: 7,800

November 23, 2005 University of Delaware
Newark, Delaware
EDU HACK

952

Two separate departments were breached by hacking within a short period of time.  A School of Education computer with the names and Social Security numbers of 772 students registered in online education courses was attacked in late August.  A Department of English computer that had the Social Security numbers of 180 faculty, graduate assistant and other teaching staff from the department was also hacked in August.  The larger breach appears to be the result of someone attempting to establish an illegal movie sharing system.  The smaller breach was a possible attempt to log onto and control one server in order to gain control over servers of other campuses.  Those affected received notification and Social Security numbers have been removed from both servers.

 
Information Source:
Dataloss DB
records from this breach used in our total: 952

November 19, 2005 Boeing
Chicago, Illinois
BSO PORT

161,000

A laptop containing names, Social Security numbers, bank account information and other human resources data was stolen.  Affected current and former employees were notified.

 
Information Source:
Dataloss DB
records from this breach used in our total: 161,000

November 18, 2005 Indiana University Kelley School of Business
Indianapolis, Indiana
EDU HACK

5,278 (4,778 SSNs reported)

Students at the Indianapolis and Bloomington campuses may have been affected.

A hacker may have accessed the names, Social Security numbers and grades of students who enrolled in Introduction to Business courses between 2001 and 2005. The computer may have been hacked and installed with malware as early as August. A representative believes the breach occurred because the files were stored on a computer that did not have current anti-virus and system-protection software.

 
Information Source:
Dataloss DB
records from this breach used in our total: 4,778

November 11, 2005 Georgia Tech University Office of Enrollment Services
Atlanta, Georgia
EDU STAT

13,000

On October 16 of 2005 computers were stolen from campus which contained the names, Social Security numbers, addresses and birth dates of current and prospective students. Notifications were sent to those who were affected.

 
Information Source:
Dataloss DB
records from this breach used in our total: 13,000

November 11, 2005 Scottrade Troy Group
Santa Ana, California
BSF HACK

Unknown

A hacker compromised a server containing names, Social Security numbers, driver's licenses, state ID numbers, dates of birth, phone numbers, bank names, bank codes, bank account numbers and Scottrade account numbers.  Scottrade alerted all affected customers.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

November 10, 2005 State of California - Department of Corrections and Rehabilitations (CDCR) Parole Outpatient Clinic
Sacramento, California
MED PORT

Unknown

On or around June 18, 2005 a laptop computer was stolen with information on parolees. It was unclear from the letter we recieved whether Social Security numbers were involved. 

 
Information Source:
Security Breach Letter
records from this breach used in our total: 0

November 9, 2005 TransUnion Credit Bureau
Chester, Pennsylvania
BSF STAT

3,623

A desktop containing Social Security numbers and other information was stolen from a regional sales office in California.  Affected consumers were notified and offered one year of free credit monitoring services.

 
Information Source:
Dataloss DB
records from this breach used in our total: 3,623

November 7, 2005 Papa John's
Louisville, Kentucky
BSR DISC

Unknown

An error made thousands of customer comments and internal corporate emails available to anyone searching the Internet.  Customer comments submitted between September 29 and November 7 were viewable and had customer names, addresses, phone numbers and email addresses attached.  The company stated that "customer feedback over the last five weeks...could be viewed by a user who would have to enter a very specific, unpublished URL."  The system now requires a password.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

November 5, 2005 Safeway, Hawaii
Pleasanton, California
BSR PORT

1,400 in Hawaii, perhaps more elsewhere

Additional locations: Hawaii (where affected employees work). Laptop was stolen from a private home in California.

A division director's laptop was stolen.  Names and Social Security numbers of some Hawaii workers were compromised by the theft.  The theft occurred in August and letters were sent to affected employees in October.

 
Information Source:
Dataloss DB
records from this breach used in our total: 1,400

November 4, 2005 Keck School of Medicine, University of Southern California (USC)
Los Angeles, California
EDU STAT

50,000

A computer server containing names and Social Security numbers of patients, donors and employees was stolen from a campus computer room.

 
Information Source:
Security Breach Letter
records from this breach used in our total: 50,000

November 1, 2005 University of Tennessee Medical Center
Knoxville, Tennessee
MED PORT

3,800

A laptop was stolen from the University's medical billing office.  Personal information lost included names, Social Security numbers and birth dates.  Affected patients were not informed of the theft for nearly two months.

 
Information Source:
Dataloss DB
records from this breach used in our total: 3,800

October 29, 2005 University of Tennessee
Knoxville, Tennessee
EDU DISC

1,900

People at any of the University of Tennessee campuses may have been affected.

Nineteen hundred students and employees had their names and Social Security numbers posted on the Internet from spring of 2004 until the discovery in October of 2005.  A student searched her name and found it listed with her Social Security number on a UT email discussion group site.  Information pertaining to individuals who had either paid or owed small amounts of money to the University was shared among 10 employees and the information technology office.  The information was mistakenly coded as public rather than private.

 
Information Source:
Dataloss DB
records from this breach used in our total: 1,900

October 21, 2005 Wilcox Memorial Hospital
Lihue, Hawaii
MED PORT

130,000

A backup computer data drive containing medical record numbers, addresses, names and Social Security numbers of current and former patients was lost.  Letters have been sent to affected patients.

 
Information Source:
Dataloss DB
records from this breach used in our total: 130,000

October 20, 2005 Monmouth University
West Long Branch, New Jersey
EDU DISC

677

The names and Social Security numbers of 677 students were posted online for over four months.  The University corrected the error and notified students after a student notified them of the problem.  A glitch seems to have caused the information to be found through a simple Internet search.

 
Information Source:
Dataloss DB
records from this breach used in our total: 677

October 20, 2005 Vermont Technical College
Randolph Center, Vermont
EDU DISC

Unknown

Names, Social Security numbers, addresses, SAT scores and ethnicity of all students enrolled during 2003 were posted online from January 2004 until the mistake was discovered in October of 2005.  Someone accidentally sent the data to a publicly accessible place.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

October 15, 2005 Montclair State University
Montclair, New Jersey
EDU DISC

9,100

Names and Social Security numbers of undergraduates were posted online for nearly four months.  An undergraduate alerted the University after running a Google.com search of his name.  The University warned all students of the problem.

 
Information Source:
Dataloss DB
records from this breach used in our total: 9,100

October 12, 2005 Ohio State University Medical Center
Columbus, Ohio
MED DISC

2,800

Appointment information including Social Security numbers, birth dates, addresses, phone numbers, medical record numbers, reasons for appointments, and physicians was exposed online.

 
Information Source:
Security Breach Letter
records from this breach used in our total: 2,800

October 8, 2005 Blockbuster
New York, New York
BSR PHYS

Unknown

Hundreds of files were dumped in clear garbage bags on the street. Recent membership applications revealed customer names, birth dates, addresses, phone numbers, driver's license numbers, credit card number, credit card expiration date and signatures. For some strange reason, the applications also included customer Social Security numbers. The files were dumped after the store went out of business.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

September 29, 2005 University of Georgia
Athens, Georgia
EDU HACK

1,600

A hacker may have accessed the names and Social Security numbers of at least 1,600 people working for the College of Agricultural and Environmental Sciences.  The University is attempting to contact individuals who may have been affected.

 
Information Source:
Dataloss DB
records from this breach used in our total: 1,600

September 28, 2005 RBC Dain Rauscher
Minneapolis, Minnesota
BSF INSD

300,000 households (100 targeted)

Someone claiming to be a former employee obtained customer names, addresses, tax ID number, birth date and Dain Rauscher account number.  The former employee sent letters to over 100 customers and claimed that their personal information had been sold in retaliation against the company.

 
Information Source:
Dataloss DB
records from this breach used in our total: 100

Breach Total
868,045,823 RECORDS BREACHED
(Please see explanation about this total.)
from 4,347 DATA BREACHES made public since 2005
Showing 4201-4250 of 4347 results


X

Sign In!

Loading