Chronology of Data Breaches
Security Breaches 2005 - Present

Posted Date: April 20, 2005
Updated Date: December 31, 2013

Is this your first visit to our Chronology of Data Breaches?

  • Read our FAQ about what we define as a breached record, how we calculate the "total" records breached, our data sources, state breach notice laws, studies and other resources

  • Learn how to use our Chronology and take advantage of its sophisticated search and sort features

  • Get our RSS Feed to see when we add new breaches to the list

What would you like to do?

Chronology of Data Breaches

Custom Sort
Select your desired results. Then click "Go!"

Click or unclick the boxes then select go.


Select features, then click GO.



Help Guide

Can't find the sort feature you're looking for? Click here to download a CSV file of the data breach list as it exisits today.
Breach Total
932,729,111 RECORDS BREACHED
(Please see explanation about this total.)
from 4,478 DATA BREACHES made public since 2005

Save or Print PDF of Entire Breach List including introduction.Save or Print a PDF of Entire Breach List (including introductory FAQ)

Filter breach list before saving or printing PDF. Conduct a search of the Chronology using its sorting features, and Save or Print a PDF of your search results (Select filters)

If you do not have access to PDF, you can print the Chronology in landscape view.

Date Made Publicsort icon Name Entity Type
June 6, 2006 U.S. Department of Energy
Washington, District Of Columbia
GOV HACK

1,502

Names, Social Security numbers, security clearance levels and place of employment for mostly contract employees who worked for National Nuclear Security Administration may have been compromised when a hacker gained entry to a computer system at a service center in Albuquerque, NM eight months prior to press releases.

 
Information Source:
Dataloss DB
records from this breach used in our total: 1,502

June 6, 2006 ARAMARK Corporation
Atlanta, Georgia
BSO PORT

6,028

The May 5 theft of a laptop resulted in the exposure of personal information of current and former employees.  Social Security numbers and other personal information were lost.

 
Information Source:
Dataloss DB
records from this breach used in our total: 6,028

June 6, 2006 Empire State College
Saratoga Springs, New York
EDU INSD

16

On December 15 of 2005, an intruder installed key-logger was discovered on a computer that had been used to access Social Security numbers. The keystroke capture program was installed by a relative of an employee in order to capture and read email messages that the staff member was sending. The program was in operation from March 2004 to January 2005 and again from October 2005 to December 15. The affected PC was removed from the office and had its hard drive scanned and cleaned.

 
Information Source:
Dataloss DB
records from this breach used in our total: 16

June 6, 2006 Thomson West
Eagan, Minnesota
BSO PORT

Unknown

A laptop was discovered stolen on or around April 28. The information on the laptop included employee names, Social Security numbers, addresses and phone numbers. Notifications were sent in early June.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

June 5, 2006 U.S. Internal Revenue Service (IRS)
Washington, District Of Columbia
GOV PORT

291

A laptop computer containing personal information of employees and job applicants, including fingerprints, names, Social Security numbers, and dates of birth, was lost during transit on an airline flight

 
Information Source:
Security Breach Letter
records from this breach used in our total: 291

June 5, 2006 Kingsbrook Jewish Medical Center
Brooklyn, New York
MED PORT

34,863

A personal computer was stolen from the Hospital's outpatient billing office on December 26, 2005. It is likely that the computer contained spreadsheets with patient names and Social Security numbers embedded in insurance numbers. Those affected were notified May 26, 2006.

 
Information Source:
Dataloss DB
records from this breach used in our total: 34,863

June 3, 2006 Buckeye Community Health Plan
Columbus, Ohio
MED PORT

72,000

Four laptop computers containing customer names, Social Security numbers, and addresses were stolen from the Medicaid insurance provider.

 
Information Source:
Dataloss DB
records from this breach used in our total: 72,000

June 3, 2006 Humana
Louisville, Kentucky
MED DISC

17,000 current and former Medicare enrollees

Personal information of Humana customers enrolled in the company's Medicare prescription drug plans could have been compromised when an insurance company employee called up the data through a hotel computer and then failed to delete the file.

 
Information Source:
Dataloss DB
records from this breach used in our total: 17,000

June 2, 2006 Ahold USA, parent company of Stop & Shop, Giant stores and Tops stores via subcontractor Electronic Data Systems (EDS)
Landover, Maryland
BSR PORT

92,000

Additional location: Plano, TX

An EDS employee lost a laptop computer during a commercial flight that contained pension data of former employees of Ahold's supermarket chains including Social Security numbers, birth dates and benefit amounts.  The laptop was lost form the checked baggage of a domestic commercial airline flight on May 2, 2006.  The laptop was not recovered even though the incident was reported immediately.

 
Information Source:
Dataloss DB
records from this breach used in our total: 92,000

June 1, 2006 Miami University
Oxford, Ohio
EDU PORT

851

An employee lost a hand-held personal computer containing personal information of students who were enrolled between July 2001 and May 2006.

 
Information Source:
Dataloss DB
records from this breach used in our total: 851

June 1, 2006 Ernst & Young
New York, New York
BSO PORT

243,000

Additional locations: Throughout the US and UK. Breach occurred in Texas.

A laptop containing names, addresses and credit or debit card information of Hotels.com customers was stolen from an employee's car in Texas.

 
Information Source:
Media
records from this breach used in our total: 243,000

June 1, 2006 University of Kentucky
Lexington, Kentucky
EDU DISC

1,300

Personal information of current and former University of Kentucky employees including Social Security numbers was inadvertently accessible online for 19 days in May.

 
Information Source:
Dataloss DB
records from this breach used in our total: 1,300

June 1, 2006 YMCA of Greater Providence
Providence, Rhode Island
NGO PORT

65,000

A laptop computer containing personal information of members was stolen. The information included credit card and debit card numbers, checking account information, Social Security numbers, the names and addresses of children in daycare programs and medical information about the children, such as allergies and the medicine they take, though the type of stolen information about each person varies.  Those affected were notified.

 
Information Source:
Dataloss DB
records from this breach used in our total: 65,000

May 31, 2006 Texas Guaranteed Student Loan Corp. via subcontractor Hummingbird
Round Rock, Texas
BSF UNKN

1,300,000 plus 400,000 for total of 1,700,000

Additional location: Toronto, Canada

Texas Guaranteed (TG) was notified by subcontractor Hummingbird that on May 24, an employee had lost a piece of equipment containing names and Social Security numbers of TG borrowers.

UPDATE (6/16/06):TG now says a total of 1.7 million people's information was compromised, 400,000 more than original estimate of 1.3 million.

 
Information Source:
Dataloss DB
records from this breach used in our total: 1,700,000

May 30, 2006 Florida International University
Miami, Florida
EDU HACK

Unknown

Hacker accessed a database that contained personal information on thousands of individuals, such as student and applicant names and Social Security numbers.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

May 26, 2006 California State University Stanislaus
Turlock, California
EDU DISC

1,294

The University was informed that a file containing sensitive information remained in the Google cache and could be accessed by those with technological expertise. The file was first indexed in October of 2005. The file was deleted form the server, but it remained in the Google files cache. The file included names, addresses, Social Security numbers, and dates of birth of some current and former employees and their dependents.

 
Information Source:
Dataloss DB
records from this breach used in our total: 1,294

May 26, 2006 California Department of Financial Institutions
, California
GOV PORT

Unknown

The California Department of Financial Institutions has offices in Sacramento, San Francisco, Los Angeles and San Diego.

On May 26, an examiner's laptop was stolen from a car. The laptop contained the personal data of bank customers.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

May 25, 2006 VyStar Credit Union
Jacksonville, Florida
BSF HACK

34,400

Hacker gained access to member accounts a and stole personal information including names, addresses, birth dates, mother's maiden names, Social Security numbers and/or email addresses. Less than 10% of VyStar's 344,000 members were affected.

 
Information Source:
Dataloss DB
records from this breach used in our total: 34,400

May 25, 2006 Security Savings Bank
Southport, North Carolina
BSF HACK

13

Security Saving's website host Goldleaf Technologies informed the bank that their website was down. The website had been phished for two hours. Thirteen customers visited the fraudulent website during that time. Passwords, user IDs, account numbers and card numbers could have fallen into the wrong hands.

 
Information Source:
Dataloss DB
records from this breach used in our total: 13

May 24, 2006 Sacred Heart University
Fairfield, Connecticut
EDU HACK

Unknown

It was discovered on May 8th that a computer containing personal information including names, addresses and Social Security numbers was breached.  The University did not immediately release information on who the breach affected.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

May 24, 2006 New York State Insurance Fund (NYSIF)
New York, New York
GOV PORT

37

An agency laptop computer was stolen from an employee's car. Names and Social Security numbers were on the laptop.

 
Information Source:
Dataloss DB
records from this breach used in our total: 37

May 23, 2006 University of Delaware
Newark, Delaware
EDU HACK

1,076

A security breach of a Department of Public Safety computer server potentially exposed names, Social Security numbers and driver's license numbers. Individuals whose personal information was compromised were contacted.

 
Information Source:
Dataloss DB
records from this breach used in our total: 1,076

May 23, 2006 Butler County Department of Mental Retardation & Developmental Disabilities
Cincinnati, Ohio
NGO PORT

100 clients

In April, three laptop computers were stolen from the agency's office. They contained personal information on mental health clients, including Social Security numbers.  Those affected were contacted in May.

 
Information Source:
Dataloss DB
records from this breach used in our total: 100

May 23, 2006 Mortgage Lenders Network USA
Middletown, Connecticut
BSF INSD

231,000

A former employee was arrested for extortion for attempting to blackmail his former employer for $6.9 million. He threatened to expose company files containing sensitive customer information - including customers' names, addressess, Social Security numbers, loan numbers, and loan types - if the company didn't pay him. He stole the files over the 16 months he worked there.

 
Information Source:
Dataloss DB
records from this breach used in our total: 231,000

May 23, 2006 Liberty Mutual Insurance Company
Boston, Massachusetts
BSF PORT

384

Two company laptops were stolen in California in March and one company laptop was stolen in Kentucky in April. One incident exposed some customer names and Social Security numbers that were listed along with their claims. The other incident exposed names and Social Security numbers for employees of some of Liberty's commercial insureds.

 
Information Source:
Dataloss DB
records from this breach used in our total: 384

May 22, 2006 U.S. Department of Veterans Affairs
Washington, District Of Columbia
GOV PORT

26,500,000

(800) 827-1000

On May 3, data of all American veterans who were discharged since 1975 including names, Social Security numbers, dates of birth and in many cases phone numbers and addresses, were stolen from a VA employee's home. Theft of the laptop and computer storage device included data of 26.5 million veterans. The data did not contain medical or financial information, but may have disability numerical rankings.

UPDATE (6/29/06): The stolen laptop computer and the external hard drive were recovered.

UPDATE (7/14/06): FBI claims no data had been taken from stolen computer.

UPDATE(8/5/06): Two teens were arrested in the theft of the laptop.

UPDATE (8/25/06): In an Aug. 25 letter, Secretary Nicholson told veterans of the decision to not offer them credit monitoring services. Rather the VA has contracted with a company to conduct breach analysis to monitor for patterns of misuse.

UPDATE (11/23/07): A federal judge questioned the Veterans Affairs Department's computer security and ruled Friday that lawsuits can go forward over the theft of computer equipment containing data on 26.5 million veterans. The lawsuits have been filed as potential class-action cases representing every veteran whose data was released.

UPDATE (1/23/09): The Department of Veterans Affairs has agreed to pay $20 million to current and former military personnel to settle a class action lawsuit.

UPDATE (6/16/09): No less than $75 will be paid for any valid claim, up to a cap of $1,500. If your expenses were higher than that, you might want to opt out of the class-action portion so you can file for your actual damages. In that case, you need to file a letter so it is received by June 29, 2009. You have until Nov. 27, 2009, to mail your claim form to VA Settlement Claims, P.O. Box 6727, Portland, OR 97228-9767. Be sure to keep a copy of the claim form, along with your proof of mailing. To download the claim form and to get more information, go to www.veteransclass.com. Read the FAQ and note the particulars on out-of-pocket expenses and actual damages. You also can call (888) 288-9625.

UDPATE (10/19/12): An investigation into the VA revealed that encryption software has only been installed on 16% of VA computers since the 2006 breach. Six million dollars has been spent on encryption software since the 2006 breach. The investigation began after a 2011 anonymous tip.

 
Information Source:
Dataloss DB
records from this breach used in our total: 26,500,000

May 21, 2006 Columbus Bank & Trust
Columbus, Georgia
BSF HACK

2,000

A security problem may have exposed customer credit and check card information.

 
Information Source:
Dataloss DB
records from this breach used in our total: 2,000

May 19, 2006 Frost Bank
San Antonio, Texas
BSF HACK

9,300

Hackers accessed the credit and debit card accounts of around 100 Frost Bank customers after they took Visa and MasterCard debit card information from the database of a national retailer.  Banks across the nation were affected by the breach. Only 100 Frost Bank customers reported fraudulent charges.

 
Information Source:
Dataloss DB
records from this breach used in our total: 9,300

May 18, 2006 American Red Cross, St. Louis Chapter
St. Louis, Missouri
NGO INSD

1,000,000

A dishonest employee had access to Social Security numbers of donors.  The database was used to call previous donors and urge them to give blood again. The employee misused the personal information of at least three people to perpetrate identity theft and had access to the personal information of one million donors.

 
Information Source:
Dataloss DB
records from this breach used in our total: 1,000,000

May 17, 2006 M &T Bank via contractor PFPC
Buffalo, New York
BSF PORT

Unknown

A laptop computer, owned by PFPC, a third party company that provides record keeping services for M & T's Portfolio Architect accounts was stolen from a vehicle. The laptop contained clients' account numbers, Social Security numbers, last name and the first two letters of their first name.

 
Information Source:
Security Breach Letter
records from this breach used in our total: 0

May 16, 2006 American Institute of Certified Public Accountants (AICPA)
New York, New York
NGO PORT

330,000 [Updated 6/16/06]

An unencrypted hard drive containing names, addresses and Social Security numbers of AICPA members was lost when it was shipped back to the organization by a computer repair company. AICPA offered one year of free credit monitoring services to affected members.

 
Information Source:
Dataloss DB
records from this breach used in our total: 330,000

May 16, 2006 University of California Berkeley
Berkeley, California
EDU HACK

1,200

During an investigation of a computer virus, it was discovered that computers within an office may have been accessed without authorization from within the campus network.  Student, faculty and staff names and Social Security numbers were on archived spreadsheets.  The spreadsheets contained the personal information of people who requested campus cards between 1998 and 2004.

 
Information Source:
Dataloss DB
records from this breach used in our total: 1,200

May 16, 2006 GE Money Bank, Lowe's Companies Inc.
Philadelphia, Pennsylvania
BSF PORT

150

GE Money Bank issues private label credit cards for Lowe's Companies Inc.  A number of credit card applications were taken form a Lowe's store in Philadelphia by an unknown person.  The information on the applications included names, Social Security numbers, dates of birth, addresses and Lowe's credit card account numbers.  At least 11 consumers discovered fraudulent purchases at Lowe's stores.

 
Information Source:
Dataloss DB
records from this breach used in our total: 150

May 12, 2006 Mercantile Potomac Bank
Gaithersburg, Maryland
BSF PORT

48,000

A laptop containing confidential information about customers, including Social Security numbers and account numbers was stolen when a bank employee removed it from the premises, in violation of the bank's policies. The computer did not contain customer passwords, personal identification numbers (PIN numbers) or account expiration dates. The bank contacted affected customers and offered them one year of free credit monitoring services.

 
Information Source:
Dataloss DB
records from this breach used in our total: 48,000

May 12, 2006 Annibell Mortgage Inc.
Sayville, New York
BSF STAT

300

Four computers with the personal information of clients were stolen during an early April burglary. The information did not include credit files, but did have other forms of private customer data.

 
Information Source:
Dataloss DB
records from this breach used in our total: 300

May 11, 2006 Ohio University Hudson Health Center
Athens, Ohio
MED HACK

70,000

http://www.ohio.edu/datasecurity

Names, birth dates, Social Security numbers and medical information were accessed in records of students dating back to 2001, plus faculty, workers and regional campus students.

 
Information Source:
Dataloss DB
records from this breach used in our total: 70,000

May 11, 2006 Merrill Lynch
New York, New York
BSF PORT

10,500 (Number includes only New York residents)

An employee's laptop computer was stolen during a burglary.  The computer contained limited personal information of some current and former Merrill Lynch clients and prospects.  The information included names, addresses, account and loan numbers, account and loan balances and the name of clients' financial advisors.

 
Information Source:
Dataloss DB
records from this breach used in our total: 10,500

May 11, 2006 Healthcare Business Resources (HBR)
Durham, North Carolina
MED DISC

Unknown

Google accessed confidential information on the HBR website and made the information available on the internet. Socail Security numbers, names, phone numbers, dates of birth, addresses and diagnostic information were accessible through Google. Access to the information is now restricted to authorized users with secure identification and passwords. The information was available between August 2005 and January of 2006.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

May 5, 2006 Wells Fargo
San Francisco, California
BSF STAT

Unknown

A computer containing names, addresses, Social Security numbers and mortgage loan deposit numbers of existing and prospective customers may have been stolen while being delivered from one bank facility to another.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

May 5, 2006 New York State Department of Taxation and Finance
Albany, New York
GOV PORT

38

A sales tax field auditor reported a laptop missing. Contents of the laptop were unknown at the time of the report. The data exposed may have included sales tax audit reports and supporting documentation from closed sales tax audits on 38 businesses. Some of this information would include Social Security number, business and/or home address and bank account information.

 
Information Source:
Dataloss DB
records from this breach used in our total: 38

May 4, 2006 Idaho Power Company
Boise, Idaho
BSO PORT

Unknown

Four company hard drives were sold on eBay containing hundreds of thousands of confidential company documents, employee names and Social Security numbers, and confidential memos to the company's CEO.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

May 2, 2006 Ohio University Innovation Center
Athens, Ohio
EDU HACK

35

http://www.ohio.edu/datasecurity

A server containing data including e-mails, patent and intellectual property files, and 35 Social Security numbers associated with parking passes was compromised.

 
Information Source:
Dataloss DB
records from this breach used in our total: 35

May 2, 2006 Ohio University
Athens, Ohio
EDU HACK

300,000 (137,000 SSNs)

http://www.ohio.edu/datasecurity/

Hackers accessed a computer system of the school's alumni relations department that included biographical information and 137,000 Social Security numbers of alum.

UPDATE (8/30/07) : An Ohio judge has granted a motion to dismiss a case against Ohio University (OU) regarding security breaches of the school's computer systems that compromised alumni data. The two alumni who filed the lawsuit wanted OU to pay for credit monitoring services for everyone whose data were compromised. The judge said the pair had not proven that they had suffered damages for which they could be compensated.

 
Information Source:
Dataloss DB
records from this breach used in our total: 137,000

May 2, 2006 Georgia State Government
Atlanta, Georgia
GOV STAT

Unknown

Government surplus computers that sold before their hard drives were erased contained credit card numbers, birth dates, and Social Security numbers of Georgia citizens.  The State stopped selling the computers after being notified by a buyer.  Thousands of patient records from a psychiatric hospital in Rome, Georgia were found on one computer's hard drive.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

May 2, 2006 Countrywide Home Loans
Plano, Texas
BSF INSD

90

A former employee is suspected of ordering customer credit reports and providing some of those reports to a third party.

 
Information Source:
Dataloss DB
records from this breach used in our total: 90

May 1, 2006 CBCInnovis Bank Inc., Great Florida Bank
Miami, Florida
BSF UNKN

518

CBCInnovis, Inc. learned that Great Florida Bank had consumer information accessed without proper authorization. The information may have included names, addresses, Social Security numbers, names of creditors, account numbers, payment histories and financial public records.

 
Information Source:
Dataloss DB
records from this breach used in our total: 518

April 28, 2006 Ohio Secretary of State
Cleveland, Ohio
GOV DISC

Potentially millions of registered voters

The names, addresses, and Social Security numbers of potentially millions of registered voters in Ohio were included on CD-ROMs distributed to 20 political campaign operations for spring primary election races. The records of about 7.7 million registered voters are listed on the CDs, but it's unknown how many records contained Social Security numbers, which were not supposed to have been included on the CDs.

UPDATE (9/15/06): A news report said that some Social Security numbers still remain on the agency's Web site.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

April 28, 2006 U.S. Department of Defense
Washington, District Of Columbia
GOV HACK

14,000

A hacker accessed a Tricare Management Activity (TMA) public server containing personal information about military employees. TMA is used to provide health care services to military personnel and their families.

 
Information Source:
Dataloss DB
records from this breach used in our total: 14,000

April 28, 2006 Sears, Roebuck, Company Contractor Compliance
Winter Park, Florida
BSF DISC

196

A spreadsheet with the business or individual names, identification or Social Security numbers, business addresses and business phone numbers of Sears contractors was accidentally included in an email sent to 373 contractors on April 13. The contractors were instructed to delete the email on April 24 and were also required to send written confirmation that they had done so.

 
Information Source:
Dataloss DB
records from this breach used in our total: 196

April 27, 2006 Long Island Railrad via contractor Iron Mountain
Jamaica, New York
GOV PORT

17,000

Data tapes containing personal information including names, addresses, Social Security numbers and salary figures of virtually everyone who worked for or currently works for the agency were lost.  The lost occurred during delivery by contractor Iron Mountain. Data tapes belonging to the U.S. Department of Veteran's Affairs may also have been affected.

 
Information Source:
Dataloss DB
records from this breach used in our total: 17,000

Breach Total
932,729,111 RECORDS BREACHED
(Please see explanation about this total.)
from 4,478 DATA BREACHES made public since 2005
Showing 4201-4250 of 4478 results


X

Sign In!

Loading