Chronology of Data Breaches
Security Breaches 2005 - Present

Posted Date: April 20, 2005
Updated Date: December 31, 2013

Is this your first visit to our Chronology of Data Breaches?

  • Read our FAQ about what we define as a breached record, how we calculate the "total" records breached, our data sources, state breach notice laws, studies and other resources

  • Learn how to use our Chronology and take advantage of its sophisticated search and sort features

  • Get our RSS Feed to see when we add new breaches to the list

What would you like to do?

Chronology of Data Breaches

Custom Sort
Select your desired results. Then click "Go!"

Click or unclick the boxes then select go.


Select features, then click GO.



Help Guide

Can't find the sort feature you're looking for? Click here to download a CSV file of the data breach list as it exisits today.
Breach Total
929,676,448 RECORDS BREACHED
(Please see explanation about this total.)
from 4,426 DATA BREACHES made public since 2005
Date Made Public Name Entity Type
March 20, 2008 Rampage Marketing Services
Columbus, Ohio
BSO PHYS

Unknown

The company, a licensed insurance agency, threw 14 boxes of files containing sensitive financial and medical information into a trash bin. An insurance agent for another company noticed the boxes in the shared bin and sent them back to the Insurance Department

 
Information Source:
Media
records from this breach used in our total: 0

March 29, 2008 Department of Human Resources
Atlanta, Georgia
GOV PORT

Unknown

A thief has stolen computer records containing identifying information on current and former employees of the state Department of Human Resources, including names, Social Security numbers, birth dates and home contact information. An external hard drive that stored a database was removed by an unauthorized person.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

April 7, 2008 Redbox
Oakbrook Terrace, Illinois
BSR CARD

Unknown

Redbox rents DVD movies via vending machine in drugstores and supermarkets throughout the country. They announced that they'd found credit card skimmers attached to three of their kiosks.

 
Information Source:
Media
records from this breach used in our total: 0

April 9, 2008 People's United Bank
Bridgeport, Connecticut
BSF PHYS

Unknown

For four months, a dumpster diver searched through trash bins outside People's United Bank branches in Fairfield County. He pulled out bags of paperwork with private information, including customers' Social Security numbers and account information.

UPDATE (5/1/08): The man who discovered bank records in the garbage outside local branches of People's United Bank in Connecticut has been sued to prevent him from informing people about the discovery. The man, discovered financial documents, including customer names, Social Security numbers, and account information. He was a no-show at a scheduled appearance in court. The bank won a restraining order against the man, which ordered him not to talk to bank customers, or disclose what he had discovered. He disregarded the order and made a documentary about the discovery. The man has already been fined $800 USD for refusing to hold his tongue, and now he has also been ordered to pay the bank's legal costs. According to the Connecticut Post, those costs are already up to around $40,000 USD.

 
Information Source:
Media
records from this breach used in our total: 0

April 10, 2008 Joliet West High School
Joliet, Illinois
EDU HACK

Unknown

A student using a school computer last month was able to access personal information about every student enrolled. The student allegedly downloaded a list of names and Social Security numbers to his iPod.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

April 12, 2008 Allied Waste
Boston, Massachusetts
BSO PHYS

Unknown

A strap on a garage truck snapped and sent reams of intact financial reports over downtown Boston streets.

 
Information Source:
Media
records from this breach used in our total: 0

April 14, 2008 Utah Department of Workforce Services
Salt Lake City, Utah
GOV INSD

Unknown

A former state employee who took applications from people seeking food stamps and other welfare aid worked with three others to steal the identity of Utah residents and charge tens of thousands of dollars in purchases.

 
Information Source:
Media
records from this breach used in our total: 0

April 15, 2008 First Federal Bank of California
Los Angeles, California
BSF UNKN

Unknown

Additional locations: Brookfield, WI (headquarters of Fiserv, Inc)

This bank was not the only financial institute impacted by a security breach that occurred in a banking in a subsystem of a financial data processor, Fiserv, Inc. of Wisconsin last month.The bank said that it was company policy not to reveal any details about the breach including the number of banks involved, how many customers were impacted, the depth of information breached, how extensive the breach was geographically even which federal agencies were involved. However, non-public private account information might be at risk.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

April 16, 2008 Hexter Elementary School
Dallas, Texas
EDU PHYS

Unknown

Employee and volunteer records were found at a recycling bin near the school. It's unknow what type of documents were found.

 
Information Source:
Media
records from this breach used in our total: 0

April 17, 2008 SunGard, Connecticut State University System, Buffalo State, Northwest Missouri State University
,
BSO PORT

Unknown

http://www.sungardhe.com/custom.aspx?id=1554&LangType=1033

At least 18 colleges are scrambling to inform tens of thousands of students they are at risk of having their identities stolen. A laptop computer that was stolen from a vendor contained the data of current and former students from the four state universities, including Western Connecticut State University. The computer was password-protected but contained unencrypted files with personally identifiable data, including names and Social Security numbers.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

April 20, 2008 Helping Homeless Veterans and Families Hoosier Veterans Foundation
Indianapolis, Indiana
NGO PHYS

Unknown

Hundreds of files containing medical histories and Social Security numbers were found in the trash on Indianapolis' east side. The records belong to homeless veterans. A lot of the things inside the folders are confidential information about the clients including Social Security numbers.

 
Information Source:
Media
records from this breach used in our total: 0

April 22, 2008 LendingTree
Charlotte, North Carolina
BSF INSD

Unknown

Outside loan companies may have accessed information, including Social Security numbers, between October 2006 and early 2008 and used it to market their own mortgages to LendingTree customers. Several former employees may have shared confidential passwords with a handful of lenders that were not approved by the company.

 
Information Source:
Media
records from this breach used in our total: 0

April 22, 2008 University of Massachusetts, Amherst
Amherst, Massachusetts
MED HACK

Unknown

Hackers breached the computer system used by UMass Amherst's Health Services, potentially gaining access to thousands of medical records. More than half of the student population at UMass Amherst are patients on record at the University Health Services.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

April 22, 2008 HealthNow New York
Buffalo, New York
MED PORT

Unknown

Clients may be at risk for identity theft, after a former employee's laptop computer went missing with confidential information several months ago. The potential information includes names, dates of birth, Social Security numbers, addresses, employer group names, and health insurance identifier numbers.

 
Information Source:
Media
records from this breach used in our total: 0

April 22, 2008 Fishback Financial Corp.
Brookings, South Dakota
BSF HACK

Unknown

There has been an unauthorized access to one of the database servers by a third party. The database includes names, addresses and Social Security numbers.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

April 22, 2008 Smithtown Post Office
Smithtown, New York
GOV INSD

Unknown

A Smithtown postal worker was arrested after he stole credit cards from the mail and went on a shopping spree.

 
Information Source:
Media
records from this breach used in our total: 0

April 24, 2008 Harmony Information Systems
Madison, Wisconsin
BSO DISC

Unknown

A computer program housing personal information about Wisconsin seniors and disabled people had a significant security hole. A senior center volunteer in McFarland said he could see hundreds of files of people's private information from across the country in the system run by Virginia-based Harmony Information Systems. The information is entered into an electronic record that includes the person's name and Social Security number.

 
Information Source:
Media
records from this breach used in our total: 0

April 25, 2008 University of Colorado, Boulder
Boulder, Colorado
EDU HACK

9,500 revised to 0

Three computers in the Division of Continuing Education and Professional Studies were compromised, leaving people open to potential identity theft. One of the three computers had personal data, including names, Social Security numbers, addresses and grades.

UPDATE (5/1/08): Upon further analysis, the University concluded that no personal data had been exposed. 9,500 records were initially thought to be comprised, but later this was revised to zero.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

April 25, 2008 Canton WiseBuys
Canton, New York
BSR HACK

Unknown

Someone apparently hacked into the Canton WiseBuys store computer system during a changeover between December 5, 2007 and December 20, 2007. The hacker obtained personal identification and banking numbers of hundreds of customers.

 
Information Source:
Media
records from this breach used in our total: 0

April 27, 2008 General Internal Medicine of Lancaster
East Hempfield Township, Pennsylvania
MED PORT

Unknown

A laptop was stolen from a doctors' office containing the Social Security numbers of patients.  The clinic is notifying 12,000 potential-affected patients.

 
Information Source:
Media
records from this breach used in our total: 0

May 1, 2008 Cove Creek Mortgage, Front Range Mortgage
Englewood, Colorado
BSF PHYS

Unknown

Sensitive mortgage files with people's personal information were recently found in a Dumpster. The files and computers contained sensitive information on many former customers of Front Range Mortgage, including names and addresses, Social Security numbers and bank, credit card and investment account information.

 
Information Source:
Media
records from this breach used in our total: 0

May 5, 2008 Target America Inc., University of California, San Francisco (UCSF)
San Francisco, California
MED DISC

6,313 Not added to total. It is not clear if SSNs or financial account numbers were exposed.

Information on UCSF patients was accessible on the Internet. The information accessible online included names and addresses of patients along with names of the departments where medical care was provided. Some patient medical record numbers and the names of the patients' physicians also were available online.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

May 6, 2008 Northeast Security
West Haven, Massachusetts
BSO PHYS

Unknown

News Channel 8 found Social Security numbers, bank account numbers and even canceled checks inside a dumpster. The files appear to belong to Northeast Security, a subcontractor for Safe Home Security, based out of Rocky Hill. Northeast Security recently moved out of a West Haven storefront, and it seems they left their clients personal information behind.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

May 12, 2008 Pfizer
New York, New York
BSO PORT

13,000 (No SSNs or financial information reported)

(866) 274-3891

About 13,000 employees at Pfizer Inc., including about 5,000 from Connecticut, had their personal information compromised when a company laptop and flash drive were stolen. No Social Security numbers were on the laptop, but names, home addresses, home telephone numbers, employee ID numbers, positions and salaries were possibly compromised. Other information possibly lost included the department employees worked in, the Pfizer site where the employees worked, the name of employees' managers and descriptions of their jobs.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

May 15, 2008 BB&T Insurance
Harrisonburg, Virginia
BSF PORT

Unknown

A BB&T Insurance laptop containing the personnel information of some Harrisonburg City Schools employees was stolen. The laptop, used by an outside sales representative to develop an insurance proposal for the school system, was stolen from a car. The information contained names, dates of birth, Social Security numbers, and, in some cases, medical history.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

May 16, 2008 Greil Memorial Psychiatric Hospital
Montgomery, Alabama
EDU PHYS

Unknown

Index cards containing patients personal information, names, dates of birth, even Social Security numbers are gone. Hundreds of records have simply disappeared.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

May 16, 2008 Amateur Athletic Union
Lake Buena Vista, Florida
NGO PHYS

Unknown

Boxes filled with personal information were found in a dumpster. Information on athletes and their guardians included Social Security numbers and copies of birth certificates.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

May 22, 2008 AT&T
San Antonio, Texas
BSO PORT

Unknown

A laptop was stolen from the car of an employee. The data on the computer was not encrypted -- a violation of company policy -- and included names, Social Security numbers and in some cases, salary and bonus information.

 
Information Source:
Security Breach Letter
records from this breach used in our total: 0

June 10, 2008 1st Source Bank
South Bend, Indiana
BSF HACK

Unknown

1st Source Bank is replacing ATM cards this month for all its account holders after cyber-thieves accessed an unknown amount of debit-related data.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

June 10, 2008 Wheeler's Moving Company
Boca Raton, Florida
BSO PHYS

Unknown

Personal files with tax information, Social Security numbers and license numbers, were found in a Boca Raton dumpster.

 
Information Source:
Media
records from this breach used in our total: 0

June 13, 2008 Texas Insurance Claims Services
Dallas, Texas
BSF PHYS

Unknown

Hundreds of files with people's names, Social Security numbers and policy numbers were found in a Richardson dumpster, apparently discarded by Texas Insurance Claims Services.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

June 15, 2008 Conneticut Department of Administrative Services
Hartford, Connecticut
GOV DISC

Unknown

Department of Administrative Services posted the Social Security numbers of individual contractors on a state Web site. An audit also uncovered the Social Security numbers of prospective nursing employees accessible on an agency Web site for 19 months until a complaint was lodged.

 
Information Source:
Media
records from this breach used in our total: 0

June 18, 2008 Domino's Pizza
Tucson, Arizona
BSR PHYS

Unknown

Investigators found credit card numbers blowing in the wind. These piles and papers contained hundreds of old receipts from Domino's Pizza stores. The former owner had been discarding boxes of old records and somehow all those receipts got loose.

 
Information Source:
Media
records from this breach used in our total: 0

June 19, 2008 Citibank
New York, New York
BSF HACK

Unknown

A Citibank server that processes ATM withdrawals at 7-Eleven convenience stores has been breached. The breach of the Citibank server allowed two Brooklyn men to make hundreds of fraudulent withdrawals from New York City cash machines and pocket at least $750,000 in cash.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

June 19, 2008 Petroleum Wholesale
Houston, Texas
BSO PHYS

Unknown

The company dumped hundreds of records in a publicly accessible trash container outside its former headquarters. The records included receipts with customers' names and full credit or debit card numbers, including expiration dates. The records also included returned checks and forms containing customers' names and bank routing, driver's license and Social Security numbers.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

June 23, 2008 Bank Atlantic
Tampa, Florida
BSF CARD

Unknown

Bank Atlantic confirms they had a data loss, involving their MasterCard debit cards. It happened through a local merchant, but at this time, isn't saying which one.

 
Information Source:
Media
records from this breach used in our total: 0

July 9, 2008 Wichita Radiological Group
Wichita, Kansas
MED INSD

Unknown

A former employee stole patient records before being fired from the Wichita Radiological Group. Tens of thousands of patient records were in the database could have been compromised.

 
Information Source:
Media
records from this breach used in our total: 0

July 15, 2008 Weber Law Firm
Houston, Texas
BSO PHYS

Unknown

Sheriff's deputies uncovered hundreds of people's personal financial files that had been discarded in a dumpster in northwest Houston. Box after box of records including personal financial records, documents with Social Security numbers, people's medical files and more were found in the dumpster.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

July 23, 2008 San Francisco Human Services Department
San Francisco, California
GOV PHYS

Unknown

Potentially thousands of files contaning personal information was exposed after a San Francisco agency left confidential files in unsecured curbside garbage and recycling bins. In some cases entire case files were discarded. Blown up copies of social security cards, driver's licenses, passports, bank statements and other sensitive personal information were all left in these unlocked bins.

 
Information Source:
Media
records from this breach used in our total: 0

July 25, 2008 Grady Memorial Hospital
Atlanta, Georgia
MED INSD

Unknown

Hospital records were stolen, although it remains unknown how many patient records were compromised, which patients were affected or how the records were stolen. The records pertained to recorded physician comments that Grady sent to a vendor to transcribe into medical notes. The records were stolen from a subcontractor employed by the vendor.

 
Information Source:
Media
records from this breach used in our total: 0

July 28, 2008 Facebook
Palo Alto, California
BSO DISC

Unknown 80 million Not added to total since the breach is not SSNs or financial account data.

Facebook accidentally publicly revealed personal information about its members, which could be useful to identity thieves. The full dates of birth of many of Facebook's 80 million active users were visible to others, even if the individual member had requested that the information remained confidential.

 
Information Source:
Media
records from this breach used in our total: 0

July 29, 2008 Anheuser-Busch
St. Louis, Missouri
BSR PORT

Unknown

 (800) 913-4502

A laptop containing personal information of current and former employees, including some from Hampton Roads, was stolen from a St. Louis-area Anheuser-Busch office. Information contained on the computer included employees' Social Security numbers, home addresses and marital status.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

August 1, 2008 Tennessee Valley Authority
Knoxville, Tennessee
GOV PORT

Unknown

A laptop stolen from TVA contained Social Security numbers and reflects generally inadequate policies and procedures for tracking computers at the agency. The laptop was one of approximately 26 computer and computer-related items stolen from TVA between May 26, 2006, and Nov. 30, 2007, according to the IG, although the report stated it was unclear whether sensitive information was present on any of the laptops or PCs stolen from TVA.

 
Information Source:
Media
records from this breach used in our total: 0

August 3, 2008 Oakland School District
Oakland, California
EDU STAT

Unknown

Thieves stole 10 desktop computers containing employees' personal information from the Oakland school district's main office. District officials are still determining what information was on each computer, but the machines may contain personal information provided to the district when employees were hired. It is unknown how many employees' records were on the computers.

 
Information Source:
Media
records from this breach used in our total: 0

August 12, 2008 Child Protective Services
San Antonio, Texas
GOV PHYS

Unknown

Hundreds of private, personal records were discarded with the trash, including records detailing medical histories of clients with diseases and drug addictions. Documents showing sexual abuse and information that could be used for identity theft, such as Social Security numbers, were also found in the trash.

 
Information Source:
Media
records from this breach used in our total: 0

August 18, 2008 The Princeton Review
New York, New York
EDU DISC

108,000 (No SSNs or financial information reported)

The test-preparatory firm accidentally published the personal data and standardized test scores of tens of thousands of Florida students on its Web site. One file on the site contained information on about 34,000 students in the public schools in Sarasota, Fl. Another folder contained dozens of files with names and birth dates for 74,000 students in the school system of Fairfax County, Va.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

August 19, 2008 Kingston Tax Service
Kingston, Washington
BSO PORT

Unknown

Office computers were stolen from the business. On each of the computers is information which can be used by identity thieves including credit card information and Social Security numbers.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

August 22, 2008 Liberty McDonald's Restaurant
Liberty, Kentucky
BSR INSD

Unknown

An employee at a Liberty McDonald's restaurant, took credit or debit cards from drive-through customers and used a device she had hidden near the window to swipe the cards to record their numbers. The information on the device then was downloaded and used to make new cards either in the names of the persons to which the original cards belonged or in the names of the perpetrators.

 
Information Source:
Media
records from this breach used in our total: 0

August 27, 2008 YMCA
Champaign, Illinois
NGO UNKN

Unknown

Customers who paid for items at a YMCA fund-raiser with checks or credit cards are being warned about a burglary at which credit and debit card numbers were taken.

 
Information Source:
Media
records from this breach used in our total: 0

August 29, 2008 Wachovia Bank
Cape Coral, Florida
BSF CARD

Unknown

It was confirmed that several customers of the Camelot branch, at Cape Coral Parkway and Chiquita Boulevard, who used their debit cards have had their accounts fraudulently charged because someone placed a skimming device on the ATM. The device collected each person's card information, including personal identification numbers, and allowed different debit cards to be created with that information.

 
Information Source:
Media
records from this breach used in our total: 0

Showing 201-250 of 4426 results


X

Sign In!

Loading