Chronology of Data Breaches
Security Breaches 2005 - Present

Posted Date: April 20, 2005
Updated Date: December 31, 2013

Is this your first visit to our Chronology of Data Breaches?

  • Read our FAQ about what we define as a breached record, how we calculate the "total" records breached, our data sources, state breach notice laws, studies and other resources

  • Learn how to use our Chronology and take advantage of its sophisticated search and sort features

  • Get our RSS Feed to see when we add new breaches to the list

What would you like to do?

Chronology of Data Breaches

Custom Sort
Select your desired results. Then click "Go!"

Click or unclick the boxes then select go.


Select features, then click GO.



Help Guide

Can't find the sort feature you're looking for? Click here to download a CSV file of the data breach list as it exisits today.
Breach Total
929,676,448 RECORDS BREACHED
(Please see explanation about this total.)
from 4,422 DATA BREACHES made public since 2005

Save or Print PDF of Entire Breach List including introduction.Save or Print a PDF of Entire Breach List (including introductory FAQ)

Filter breach list before saving or printing PDF. Conduct a search of the Chronology using its sorting features, and Save or Print a PDF of your search results (Select filters)

If you do not have access to PDF, you can print the Chronology in landscape view.

Date Made Publicsort icon Name Entity Type
April 24, 2006 College of New Paltz
New Paltz, New York
EDU HACK

Unknown

A hacker accessed the Campus' primary web server and set up a file sharing system. The server involved also contained access databases that had names and Social Security numbers.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

April 23, 2006 University of Texas McCombs School of Business
Austin, Texas
EDU HACK

197,000

Foreign hackers accessed records containing names, biographical information and, in some cases, Social Security numbers and dates of birth of current and prospective students, alumni, faculty members, corporate recruiters and staff members.

 
Information Source:
Dataloss DB
records from this breach used in our total: 197,000

April 21, 2006 University of Alaska, Fairbanks
Fairbanks, Alaska
EDU HACK

38,941

A hacker had access to names, Social Security numbers, and partial e-mail addresses of current and former students, faculty, and staff.  The University reported that it would not contact those affected after a first and second notification.  Anyone claiming to be from the University after these notifications should be viewed with suspicion.

 
Information Source:
Dataloss DB
records from this breach used in our total: 38,941

April 21, 2006 Boeing
Seattle, Washington
BSO PORT

3,600 current and former employees

A laptop was taken from a Boeing human resources employee at Sea-Tac airport. It contained Social Security numbers and other personal information, including personnel information from the 2000 acquisition of Hughes Space and Communications.

 
Information Source:
Dataloss DB
records from this breach used in our total: 3,600

April 21, 2006 Impac Funding Corporation
Newport Beach, California
BSF PORT

4,600

Customers may call (949) 475-6255.

Several laptops were stolen.  Saved emails with the names and Social Security numbers of customers may have been on one of the stolen laptops.

 
Information Source:
Dataloss DB
records from this breach used in our total: 4,600

April 20, 2006 Bear Stearns & Company Inc.
New York, New York
BSF DISC

Unknown

Customers seeking further information may call (212) 272-4275.

Bear Stearn's realized that unauthorized users could access customer accounts. Former customers could still log into on-line accounts if their account numbers had been recycled and given to new users. Such information included account holdings and activities, account statements and IRS Forms 1099-DIV and 1099-INT (which included name, address, account number and Social Security number).

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

April 19, 2006 Aflac
Columbus, Georgia
BSF PORT

Unknown

A laptop used to submit insurance applications was stolen from a field associate's home during a burglary.  It may have contained the names and Social Security numbers of policyholders and certificate holders.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

April 17, 2006 Visiting Nurse Service of New York (VNSNY)
New York, New York
MED PORT

92

Three separate thefts resulted in the loss of three tablet computers.  The computers were used by therapists who were making therapy treatment visits to patients.  The personal information on the computers included Social Security numbers. VNSNY warned that unauthorized persons might use the stolen tablets to pose as therapists and enter patient homes.

 
Information Source:
Dataloss DB
records from this breach used in our total: 92

April 14, 2006 NewTech Imaging
Honolulu, Hawaii
BSO INSD

40,000

Records containing the names, Social Security numbers and birth dates of more than 40,000 members of Voluntary Employees Benefit Association of Hawaii were illegally reproduced at a copying business before they were to be put onto a compact disc for the State. Police later found the data on a computer that had been confiscated as part of a drug investigation.  Those who were on the list and Hawaii Government Employees Association and United Public Workers members who were enrolled in union-sponsored health and group life insurance plans between July and December 1999 were warned.  Investigators were only able to speculate that the theft may have occurred in February of 2005.

 
Information Source:
Dataloss DB
records from this breach used in our total: 40,000

April 14, 2006 University of South Carolina
Columbia, South Carolina
EDU DISC

1,400

A department chair distributing information about summer courses sent an email containing sensitive information.  A database containing Social Security numbers of students was mistakenly added as an attachment and e-mailed to classmates.

 
Information Source:
Dataloss DB
records from this breach used in our total: 1,400

April 13, 2006 Fifth Third Bank
Evansville, Indiana
BSF INSD

1,000

An employee was able to gain access to around 1,000 customer accounts.  He used this information to stalk and harass female news celebrities.  He now faces two felony counts of attempting to defraud using personal information and two misdemeanor counts of stalking and repeated harassment.

 
Information Source:
Dataloss DB
records from this breach used in our total: 1,000

April 12, 2006 Ross-Simons
Providence, Rhode Island
BSR HACK

32,000

A security breach exposed account and personal information of those who applied for Ross-Simons' private label credit card. Information exposed includes private label credit card numbers and other personal information of applicants.

 
Information Source:
Dataloss DB
records from this breach used in our total: 32,000

April 12, 2006 Greenpoint Mortgage Funding Inc., KPMG International
Novato, California
BSF PORT

Unknown

Laptop computers were stolen from two employees of KPMG who were working with data from Greenpoint. The laptops are believed to have contained customer names, Social Security numbers and FICO scores. At least 32 people from New York alone were affected by the early March theft. Customers were notified during the middle of April.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

April 10, 2006 Broward County Records Division
Fort Lauderdale, Florida
GOV DISC

Unknown

Broward County public records with Social Security numbers, driver's license information and bank account details were made available online.  The information has been available online for several years.  A new statute that will require county recorders to remove Social Security numbers and financial information from public documents before posting documents online will take effect in 2007.  The sensitive information that has already been posted will eventually be removed. Individuals can speed up the process of having their specific information removed by submitting a written request.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

April 9, 2006 University of Medicine and Dentistry of New Jersey
Newark, New Jersey
EDU HACK

1,850

Hackers accessed Social Security numbers, loan information, and other confidential financial information of students and alumni.

 
Information Source:
Dataloss DB
records from this breach used in our total: 1,850

April 7, 2006 DiscountDomainRegistry.com
Brooklyn, New York
BSO DISC

thousands of domain name registrations

Domain name registrants' personal information including user names, passwords and credit card numbers was accessible online.  The information may have been exposed online for four months.

 
Information Source:
Dataloss DB
records from this breach used in our total: 1,000

April 6, 2006 Progressive Casualty Insurance
Mayfield Village, Ohio
BSF INSD

13

A dishonest insider accessed confidential information, including names, Social Security numbers, birth dates and property addresses on foreclosure properties she was interested in buying.

 
Information Source:
Dataloss DB
records from this breach used in our total: 13

April 1, 2006 Con Edison
New York, New York
BSO PORT

15,000 Con Edison employees

Con Edison shipped two cartridge tapes to JPMorgan Chase in upstate Binghamton so it could input data on behalf of the NY Dept. of Taxation and Finance. One tape was apparently lost and contained employees' W-2 data, including names, addresses, Social Security numbers, taxes paid and salaries.

 
Information Source:
Dataloss DB
records from this breach used in our total: 15,000

April 1, 2006 Shorter College
Rome, Georgia
EDU HACK

Unknown

A student was arrested for computer theft and hacking the College's computer network.  The student may have accessed student, staff and faculty information.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

March 31, 2006 Security Mutual Life Insurance Company of New York
New York, New York
BSF PORT

167

The March 9 theft of a laptop resulted in the exposure of the personal information of disability insurance clients.  Client names, Social Security numbers and dates of birth may have been exposed.

 
Information Source:
Dataloss DB
records from this breach used in our total: 167

March 30, 2006 U.S. Marine Corp
Monterey, California
GOV PORT

207,750

A portable drive containing the personal information of Marines was lost in a campus computer lab.  The lost drive was being used for research on Marine re-enlistment bonuses and contained names, Social Security numbers, marital status, and enlistment contract details.  Enlisted marines on active duty between January 2001 and December of 2005 were affected.  The University notified those whose information may have been compromised.

 
Information Source:
Dataloss DB
records from this breach used in our total: 207,750

March 30, 2006 Georgia Technology Authority (GTA)
Atlanta, Georgia
GOV HACK

573,000

Hackers exploited a security flaw to gain access to confidential information including Social Security numbers and bank-account details of state pensioners.  The State only had contact information for 180,000 of those affected and relied on media coverage to get the word out to others.

 
Information Source:
Dataloss DB
records from this breach used in our total: 573,000

March 30, 2006 Connecticut Technical High School System
Middletown, Connecticut
EDU DISC

1,250

Social Security numbers of faculty and administrators were mistakenly distributed via email to staff.  The email went to 17 principals; at least one forwarded the email to her staff of 77.  Those affected were contacted.

 
Information Source:
Dataloss DB
records from this breach used in our total: 1,250

March 30, 2006 Snyder, Cohn, Collyer, Hamilton and Associates, P.C., Murry's Inc.
Bethesda, Maryland
BSF PORT

Unknown

US Protect Corporation was also involved.

A laptop was stolen from Snyder on February 9. Snyder provided the accounting services for Murry's pension plan and others. The laptop may have contained Social Security numbers, dates of birth and pay information.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

March 29, 2006 University of Nebraska Lincoln (UNL)
Lincoln, Nebraska
EDU DISC

342

Students from the College of Engineering had Social Security numbers, email addresses, grade point averages and other personal information posted online. The information may have been posted since November of 2004 and was first noticed in summer of 2005. The problem was finally fixed during the week of March 29 when the file was removed from the Google server.

 
Information Source:
Dataloss DB
records from this breach used in our total: 342

March 24, 2006 California State Employment Development Division
Sacramento, California
GOV DISC

64,000

A computer glitch sent state Employment Development Division 1099 tax forms containing Social Security numbers and income information to the wrong addresses, potentially exposing those taxpayers to identity theft.

 
Information Source:
Dataloss DB
records from this breach used in our total: 64,000

March 24, 2006 Vermont State Colleges
Waterbury, Vermont
EDU PORT

14,000

Note: there are several locations in Vermont.  We list the Office of the Chancellor as the primary location.

A laptop containing Social Security numbers and payroll data of students, faculty and staff associated with the five-college system was stolen.  It contained information from as long ago as 2000.

 
Information Source:
Dataloss DB
records from this breach used in our total: 14,000

March 24, 2006 California State University, Dominquez Hills
Carson, California
EDU PORT

2,486

Students can leave a message at (310) 243-2305 for more information.

The theft of a laptop resulted in the exposure of student and potential student personal information.  The University tightened access to campus servers and the campus network. 

 
Information Source:
Dataloss DB
records from this breach used in our total: 2,486

March 23, 2006 Fidelity Investments
Boston, Massachusetts
BSF PORT

196,000

A laptop containing names, addresses, birth dates, Social Security numbers and other information of 196,000 Hewlett Packard, Compaq and DEC retirement account customers was stolen. Fidelity contacted the customers and paid for one year of credit monitoring services.  Fidelity also pledged to pay for unauthorized transactions in pensions or retirement accounts that occurred due to the theft.

 
Information Source:
Security Breach Letter
records from this breach used in our total: 196,000

March 22, 2006 District of Columbia Board of Elections and Ethics
Washington, District Of Columbia
GOV DISC

Unknown

The Social Security numbers of registered voters in the District of Columbia were accessible. D.C. residents' voting histories were mailed with Social Security numbers that were poorly hidden or not hidden at all. The problem occurred because residents were asked to use their Social Security numbers as voter IDs. The policy was changed to include only the last four digits of Social Security numbers.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

March 16, 2006 Bananas.com
San Rafael, California
BSR HACK

274

A hacker accessed names, addresses, phone numbers and credit card numbers of customers.  The breach occurred in February and someone on the Internet began selling personal information shortly after.  Affected customers were notified in March.

 
Information Source:
Dataloss DB
records from this breach used in our total: 274

March 16, 2006 Mortgage Institute of Michigan
Southfield, Michigan
BSF UNKN

67

The Mortgage Institute of Michigan has multiple locations throughout Michigan.

Someone used the Mortgage Institute of Michigan's account to make credit report requests. Most of the requests were for Experian credit reports. Equifax suspended the organization's access codes and an FBI investigation began. The unauthorized user would have had access to customer names, Social Security numbers, home addresses, account numbers, creditor names and payment histories.

 
Information Source:
Dataloss DB
records from this breach used in our total: 67

March 15, 2006 Ernst & Young, IBM
New York, New York
BSF PORT

84,000

A laptop with sensitive information was stolen from an employee's car in January. IBM employees who may have been stationed overseas during their careers were affected. Names, Social Security numbers, dates of birth, genders, family sizes and tax identifiers for employees were exposed. Those affected were notified in March.

 
Information Source:
Dataloss DB
records from this breach used in our total: 84,000

March 14, 2006 General Motors (GM)
Detroit, Michigan
BSO INSD

100

A former security guard kept Social Security numbers of co-workers to perpetrate identity theft. The disgruntled former employee sent harassing emails to employees after gaining access to personal information including the types of cars they drove.

 
Information Source:
Dataloss DB
records from this breach used in our total: 100

March 14, 2006 Buffalo Bisons and Choice One Online
Buffalo, New York
BSO HACK

Unknown

A hacker accessed sensitive financial information including the credit card numbers names, and passwords of customers who ordered items online. The Bisons mailed letters to affected customers and notified American Express, MasterCard, Discover, and Visa.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

March 11, 2006 California Department of Consumer Affairs (DCA)
Sacramento, California
GOV PHYS

Unknown

Mailed applications of DCA licensees or prospective licensees for CA state boards and commissions were stolen. The forms include full or partial Social Security numbers, driver's license numbers, and potentially payment checks.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

March 10, 2006 Long Island University, Alpha Chi National Honors Society
Brooklyn, New York
EDU DISC

51

Students who applied to join Alpha Chi had their Social Security numbers and other personal information sent to an Honors student email list. The email was recalled immediately, but anyone who opened it right away would have been able to access the applicant information. The advisor responsible for the mistake asked the National Office to consider abandoning the use of Social Security numbers.

 
Information Source:
Dataloss DB
records from this breach used in our total: 51

March 8, 2006 Verizon Communications
New York, New York
BSO PORT

Unknown

Two laptops containing employees' personal information including Social Security numbers were stolen.  Verizon is offering affected employees free use of a credit monitoring service.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

March 8, 2006 iBill [disputed]
Deerfield Beach, Florida
BSF UNKN

17,781,462 (SSNs and financial information not involved)

A dishonest insider or possibly malicious software linked to iBill was used to post names, phone numbers, addresses, e-mail addresses, Internet IP addresses, login names and passwords, credit card types and purchase amount online. Credit card account numbers, expiration dates, security codes, and Social Security numbers were NOT included, but in our opinion the affected individuals could be vulnerable to social engineering to obtain such information. Whether iBill is the source of the breach has been disputed

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

March 7, 2006 Audiolink LLC (Audio Link)
Orlando, Florida
BSR HACK

25

A hacker may have accessed customer names, addresses, telephone numbers, email addresses and credit card information from the company's website.  Audiolink disabled the credit card functions on their website and updated web security.

 
Information Source:
Dataloss DB
records from this breach used in our total: 25

March 6, 2006 First Horizon Home Loans
Lake Oswego, Oregon
BSF STAT

8

A desktop computer was stolen from one of First Horizon's financial centers. The desktop contained customer and client files with names, addresses, phone numbers, Social Security numbers and mortgage account numbers.

 
Information Source:
Dataloss DB
records from this breach used in our total: 8

March 5, 2006 Georgetown University
Washington, District Of Columbia
EDU HACK

41,000

A server was attacked that housed personal information including names, birthdates and Social Security numbers of District seniors served by the Office on Aging.  Georgetown managed the server as part of a grant to manage information services provided by the D. C. Office of Aging. 

 
Information Source:
Dataloss DB
records from this breach used in our total: 41,000

March 3, 2006 Metropolitan State College of Denver (MSCD)
Denver, Colorado
EDU PORT

93,000

http://www.mscd.edu/securityalert/

A laptop containing student information was stolen.  The information included names and Social Security numbers of students who registered for Metropolitan State courses between the 1996 fall semester and the 2005 summer semester.

 
Information Source:
Security Breach Letter
records from this breach used in our total: 93,000

March 3, 2006 PayDay OK LLC
Ruidoso, New Jersey
BSF HACK

88

The company's website was breached sometime around February 19 by a hacker in an attempt to gain access to certain customers' private information. Social Security numbers, names, addresses, bank account names and bank account numbers may have been compromised. At least 88 individuals were affected.

 
Information Source:
Dataloss DB
records from this breach used in our total: 88

March 2, 2006 Olympic Funding
Chicago, Illinois
BSF UNKN

Unknown

Three hard drives containing clients' names, Social Security numbers, addresses and phone numbers stolen during a break in.  Information on the drives was protected via password and security software.  The business owner sent letters to his clients alerting them of the theft.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

March 2, 2006 Los Angeles County Department of Social Services
Los Angeles, California
GOV PHYS

Potentially 2,000,000

It is unclear if this is the same incident that involved the information of 94,000 people being left next to a recycling bin outside of the Department of Public Social Services in January of 2006.

File boxes containing names, dependents, Social Security numbers, telephone numbers, medical information, employer, W-2, and date of birth were left unattended for at least one month.  This affects employees and clients.

 
Information Source:
Dataloss DB
records from this breach used in our total: 2,000,000

March 2, 2006 Hamilton County Clerk of Courts
Cincinnati, Ohio
GOV DISC

[1,300,000] Not included in number below.

Social Security numbers, and other personal data of residents was posted on the County's website.  Some information was stolen and used to commit identity theft.

UPDATE (9/28/06):An identity thief was sentenced to 13 years in prison for the crimes. She stole 100 identities and nearly $500,000. The Web site now blocks access to court documents containing personal information.

 
Information Source:
Dataloss DB
records from this breach used in our total: 100

March 1, 2006 Medco Health Solutions
Columbus, Ohio
MED PORT

4,600

A laptop containing Social Security numbers for State of Ohio employees and their dependents, as well as their birth dates and, in some cases, prescription drug histories was stolen from an employee. The theft occurred in December and Medco contacted Ohio officials in February.  The company agreed to provide free credit monitoring and fraud alert services for the affected families for one year.

 
Information Source:
Dataloss DB
records from this breach used in our total: 4,600

February 23, 2006 Deloitte & Touche, McAfee
,
BSO PORT

9,290

Deloitte & Touche is an international organization with multiple locations throughout the United States.

An external auditor lost a CD with names, Social Security numbers and stock holdings in McAfee of current and former McAfee employees.  Three thousand current employees and 6,000 former employees were affected.  Current and former employees received two years of free credit monitoring services from Equifax.

 
Information Source:
Dataloss DB
records from this breach used in our total: 9,290

February 22, 2006 New Hampshire Department of Motor Vehicles
, New Hampshire
GOV HACK

Unknown

Malware was discovered on the DMV server during a routine security check. Though there is no evidence of misuse, credit card information could have been accessed. It is unknown how the malware application got onto the computer. The FBI confiscated the computer.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

Breach Total
929,676,448 RECORDS BREACHED
(Please see explanation about this total.)
from 4,422 DATA BREACHES made public since 2005
Showing 4201-4250 of 4422 results


X

Sign In!

Loading