Chronology of Data Breaches
Security Breaches 2005 - Present

Posted Date: April 20, 2005
Updated Date: December 31, 2013

Is this your first visit to our Chronology of Data Breaches?

  • Read our FAQ about what we define as a breached record, how we calculate the "total" records breached, our data sources, state breach notice laws, studies and other resources

  • Learn how to use our Chronology and take advantage of its sophisticated search and sort features

  • Get our RSS Feed to see when we add new breaches to the list

What would you like to do?

Chronology of Data Breaches

Custom Sort
Select your desired results. Then click "Go!"

Click or unclick the boxes then select go.


Select features, then click GO.



Help Guide

Can't find the sort feature you're looking for? Click here to download a CSV file of the data breach list as it exisits today.
Breach Total
815,842,526 RECORDS BREACHED
(Please see explanation about this total.)
from 4,495 DATA BREACHES made public since 2005

Save or Print PDF of Entire Breach List including introduction.Save or Print a PDF of Entire Breach List (including introductory FAQ)

Filter breach list before saving or printing PDF. Conduct a search of the Chronology using its sorting features, and Save or Print a PDF of your search results (Select filters)

If you do not have access to PDF, you can print the Chronology in landscape view.

Date Made Public Name Entity Type
June 14, 2007 Lynchburg City
Lynchburg, Virginia
GOV DISC

1,200 Not included in total because it's not clear SSNs or account numbers were exposed.

Personal information of Lynchburg city employees and retirees was accidentally posted on the city's website among that information employee's prescription medications.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

March 2, 2010 Family Health Center
Reston, Virginia
MED DISC

Unknown

Boxes containing patient information ended up in a dump.  The easily accessible information included health history, surgeries performed, test results, pictures, insurance cards, bank account information and addresses.  The boxes were traced back to Family Health Center on Town Center Parkway.

 
Information Source:
PHIPrivacy.net
records from this breach used in our total: 0

March 29, 2010 Proxima Alfa Investments LLC
New York, New York
BSF PORT

Unknown

In November the firm discovered that several backup tapes were missing from its office. The tapes contained customer information such as names, e-mail addresses, addresses, phone numbers, Social Security numbers, bank account information, passport numbers and sometimes scans of passports. The firm ceased operations in mid-2009.

 
Information Source:
Databreaches.net
records from this breach used in our total: 0

June 18, 2007 Shamokin Area School District
Coal Township, Pennsylvania
EDU DISC

Unknown

A local newspaper employee gained unauthorized access to the Shamokin Area School District's computer database. It is the same system that stores students' personal information, including Social Security numbers. That newspaper employee brought the security flaw to the attention of school officials.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

April 3, 2010 Middletown City Government Building: Public Works, Utilities, Police, and Finance Departments
Middletown, Ohio
GOV PHYS

Unknown

Personal documents that originated from the city building were left in a dumpster. Most of the documents were from the public works and utilities departments.  An unknown number of Middletown residents had their Social Security numbers, phone numbers, and carbon copies of checks exposed.

 
Information Source:
Databreaches.net
records from this breach used in our total: 0

June 20, 2007 University Community Hospital
Tampa, Florida
MED DISC

Unknown

A parent says his son should never have received bills in the mail for a pre-employment drug screening visit.  Additionally, he received information about 17 others who were also tested, including Social Security numbers.

 
Information Source:
Media
records from this breach used in our total: 0

June 23, 2007 Winn-Dixie
Pascagoula, Mississippi
MED PHYS

Unknown

Pharmacy documents were found behind a closed Winn-Dixie grocery store, containing telephone numbers, Social Security numbers and addresses of thousands of individuals. Apparently when the grocery store/pharmacy closed, employees put bundles of documents outside to be picked up. However, they were never retrieved.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

March 27, 2010 Laboratory Corporation of America LabCorp
Burlington, North Carolina
MED PHYS

Unknown

Thousands of medical documents fell out of a truck bed while in transit.  The scattered documents contained billing information and possibly medical records from 1993 or later.

 
Information Source:
Media
records from this breach used in our total: 0

March 29, 2010 University MRI Diagnostic Center, Holy Cross Hospital, North Ridge Medical Center, and Oncology and Hematology Associates of West Broward
, Florida
MED INSD

40,000

People in Fort Lauderdale, Aventura and Tamarac, Florida were affected.  The hospital's information hotline is (800) 388-4301.

The Holy Cross Hospital breach has its own post for November 10, 2010.

Two former employees of these organizations were involved in an identity theft scheme with at least three other partners.  Thousands of victims have been confirmed.  The employees had access to emergency room patient records such as names, dates of birth, Social Security numbers, Medicare numbers, and addresses.  The stolen information was used by others to obtain Care Credit accounts and Chevron Visa credit cards.  Victims lost a total of approximately $162,000.

 
Information Source:
Databreaches.net
records from this breach used in our total: 0

June 29, 2007 Harrison County Schools
Charleston, West Virginia
EDU STAT

Unknown

Several computers that contained the personal information, including Social Security numbers, of several Harrison County school employees were stolen. Workers Comp claims between January of 2001 and February of 2007 are at risk.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

July 9, 2007 Girl Scouts Mile Hi
Denver, Colorado
NGO PORT

Unknown

Tapes stolen from a car held personal information from a membership database, including names, addresses, phone numbers. A very limited number of credit card numbers and Social Security numbers were included in the stolen data from the camp and event registration database.

 
Information Source:
Media
records from this breach used in our total: 0

March 19, 2010 MyPilotStore.com
Scottsdale, Arizona
BSO HACK

Unknown

In February, it was discovered that a database containing customer names, addresses, e-mails, telephone numbers, and credit card information had been hacked. Some customers received phony charges to their accounts as a result of this hack.

 
Information Source:
Databreaches.net
records from this breach used in our total: 0

July 11, 2007 Disney Movie Club, Alta Resources, McNeil-PPC Inc
Neenah, Wisconsin
BSO INSD

Unknown

A contract employee stole an unknown number of credit card numbers. Credit-card information was sold by an employee of a Disney contractor to a federal agent as part of an undercover sting operation.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

December 7, 2009 Gateway Community College
New Haven, Connecticut
EDU HACK

Unknown

The College attempted to notify potential victims of a breach caused by malware discovered on campus computers. College alumni who donated to the College, potential donors, and students receiving scholarships between 2004 and 2006 may have been affected.

 
Information Source:
Databreaches.net
records from this breach used in our total: 0

March 25, 2010 New York State DMV
, New York
GOV INSD

Over 200 (0 reports of SSNs or financial information)

Two employees from the New York City office

Seven people, including two former New York State DMV employees from New York City, were indicted in a theft ring. The identify fraud ring involved New York State driver's licenses, learner's permits, and identification cards. The information was then sold to felons.  Fifteen other people were charged with buying the stolen information.

 
Information Source:
Databreaches.net
records from this breach used in our total: 0

January 14, 2010 Defense Finance and Accounting Service/ Defense Department’s Document Automation and Production Service
Arlington, Virginia
GOV DISC

18,000 Not added to total No Social Security numbers or financial information was on the statements

An error at the U.S. Department of Defense Document Automation and Production Service caused pay statements containing names and sensitive information about the finances of about 18,000 recipients of a special pay for disabled retirees to be sent to wrong addressees. The statements, a page of which contained information about annual increases in Concurrent Retirement and Disability Pay, mistakenly listed data including at least a portion of another recipient’s name, their bank or insurance company name, the amount of their allotment and the allotment type. There is “no indication” that any Social Security numbers, bank account numbers or phone numbers were listed on the erroneously mailed pages.

 
Information Source:
Media
records from this breach used in our total: 0

March 25, 2010 Valencia High School
Valencia, California
EDU INSD

Unknown

A student gained access to the entire district of Hart's system, but only went into his high school's portion. The student claimed he changed some things and then returned them. The student most likely used a password, but it is not known whether he used a district computer or a personal one. The district is providing one year of free credit monitoring services.

 
Information Source:
Databreaches.net
records from this breach used in our total: 0

January 1, 2010 Netflix
Los Gatos, California
BSO UNKN

100 million not added to total

A class action suit was filed against Netflix, Inc., in United States District Court for the Northern District of California. Plaintiffs in the suit are claiming that Netflix has “perpetrated the largest voluntary privacy breach to date.” According to the Complaint, Netflix knowingly and voluntarily disclosed the sensitive and personal information of approximately 480,000 Netflix subscribers when Netflix provided participants in a contest initiated to improve Netflix’s movie recommendation systems with data sets containing over 100 million subscriber movie ratings and preferences. Netflix has claimed that the data sets provided to the contest participants were anonymized and that the subscribers’ movie ratings were accompanied only by “a numeric identifier unique to the subscriber” (as opposed to the subscriber’s name or other personal information). However, the complaint cites the results of several researchers who, in fact, were able to crack Netflix’s anonymization process and identify individual subscribers.

 
Information Source:
Media
records from this breach used in our total: 0

July 23, 2007 Fox News
Los Angeles, California
BSO DISC

1.5 million Not added to total. It does not appear that SSNs or financial account numbers were exposed.

Sensitive information was exposed on the Fox News web server. The security hole allowed hackers to access login information, names, phone numbers, and email addresses.

 
Information Source:
Media
records from this breach used in our total: 0

March 25, 2010 Johns Hopkins University School of Education
Baltimore, Maryland
EDU DISC

Unknown

A file containing student enrollment information was accessible online.  Student names, races, genders, Social Security numbers, identification numbers and dates of birth were accessible for at least one month.

 
Information Source:
Databreaches.net
records from this breach used in our total: 0

August 1, 2007 Lifetime Fitness
Dallas, Texas
GOV PHYS

Unknown

Staff had discarded customer records in easily accessible trash cans behind Dallas businesses. Information that was discarded contained names, addresses, Social Security numbers, driver's license numbers and credit card information, as well as the date of birth of several children. Lifetime Fitness is based in Minnesota.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

August 2, 2007 E.On - U.S.(energy services)
Louisville, Kentucky
BSO PORT

Unknown

A laptop with names, Social Security numbers and birth dates of most E.On U.S. employees and some retirees was stolen last month.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

August 2, 2007 University of Toledo
Toledo, Ohio
EDU STAT

Unknown

(419) 530-4836, (419) 530-3661, (419) 530-1472

Two computers were stolen with hard drives containing student and staff Social Security numbers, names, and grade change information.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

March 24, 2010 Wachovia
Alexandria, Washington
BSF CARD

Unknown

A skimming device was spotted outside a Wachovia branch in Alexandria, Washington. It is estimated that over $60,000 in fraudulent charges was stolen from ATM customers of the Wachovia King Street branch.

 
Information Source:
Databreaches.net
records from this breach used in our total: 0

March 22, 2010 Arkansas Crime Information Center
Little Rock, Arkansas
BSO INSD

Unknown

It appears that the owner of a bail bonds business accessed criminal, family, and financial background information by misusing a police password. The Arkansas Crime Information Center database was fraudulently accessed 1,200 times in less than one year.

 
Information Source:
Databreaches.net
records from this breach used in our total: 0

August 3, 2007 WorkCare Orem
Pleasant Grove, Utah
MED PHYS

Unknown

A truck driver found medical documents containing personal information in his truck and on the ground while he picked up a load at a garbage transfer station. The documents contained names, addresses, telephone numbers, Social Security numbers and birth dates.

 
Information Source:
Media
records from this breach used in our total: 0

March 16, 2010 Albany Police Department (ADP Georgia)
Albany, Georgia
GOV DISC

Unknown

Sensitive city documents were found near a garbage can in an alley. The documents may have contained Social Security numbers. It is believed that officers failed to shred the documents and dispose of them properly.

 
Information Source:
Databreaches.net
records from this breach used in our total: 0

August 3, 2007 Wabash Valley Correctional Facility
Indianapolis, Indiana
GOV DISC

Unknown

A database containing Social Security numbers, dates of birth and names of people employed at the facility between 1997 and 2002 was unintentionally moved from a secure private drive that was accessible only by the human resources department to a shared directory that could be accessed by other employees here.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

August 4, 2007 Kellogg Community Federal Credit Union
Battle Creek, Michigan
BSF STAT

Unknown

A computer containing personal information on an undisclosed number members was stolen. A file containing some members' names, addresses, telephone numbers, birth dates, Social Security numbers and account numbers was on the computer's hard drive.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

August 6, 2007 Verisign
Mountain View, California
BSO PORT

Unknown

A laptop containing extensive personal information on an undisclosed number of VeriSign employees was stolen from an employee's car. The information included names, addresses, Social Security numbers, dates of birth, telephone numbers, and salary records.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

March 13, 2010 Beer and Wine Hobby
Woburn, Massachusetts
BSR HACK

35,000 (0 complete credit card numbers reported)

Personal information may have been accessed during a breach of Beer and Wine Hobby's computer system. The personal information included partial credit card numbers.

 
Information Source:
Databreaches.net
records from this breach used in our total: 0

August 15, 2007 Greater Detroit Hospital
Detroit, Michigan
MED PHYS

Unknown

It's a repeat of a problem that emerged late last year at the Greater Detroit Hospital where metal thieves stripped everything from copper piping to windows, exposing rows of abandoned patient files. Neighbors said there are hundreds of boxes of patient files and payroll records inside, full of credit card and Social Security numbers.

 
Information Source:
Media
records from this breach used in our total: 0

August 16, 2007 Utica Title and Escrow
Bixby, Oklahoma
BSF PHYS

Unknown

Boxes belonging to Utica Title and Escrow had been stored at a storage unit in Bixby. When Utica quit paying rent the storage company went through the legal process to be able to sell everything left behind. No one wanted to buy the boxes of paper so the boxes were thrown out. The boxes contained private information, including Social Security numbers, bank accounts and pay stubs.

 
Information Source:
Media
records from this breach used in our total: 0

August 20, 2007 University of Toledo
Toledo, Ohio
EDU PORT

Unknown

A laptop computer has been stolen from an office in the Student Recreation Center that contained some student and employee names and Social Security numbers.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

August 24, 2010 Mahaska County Hospital
Oskaloosa, Iowa
MED INSD

Unknown

Two patient-orders coordinators were fired for separate incidents of snooping. One inappropriately accessed at least two patients' data. The other employee inappropriately accessed the data of multiple family members.

 
Information Source:
PHIPrivacy.net
records from this breach used in our total: 0

March 13, 2010 TD Bank
Mount Laurel, New Jersey
BSF INSD

Unknown

A former TD Bank employee provided information to outside accomplices who stole over $200,000 from customer accounts. The insider passed along driver's license numbers and bank account numbers.

UPDATE (8/7/2011): A fraud ring involving insiders at multiple TD Banks in South Jersey was uncovered.  A federal trial will begin in October.  The members of the fraud group are accused of stealing more than $400,000 from customers and banks between November 2005 and May 2010.  Six members are part of the 148-count indictment.  The scheme involved obtaining customer ID data, creating false ID photos with customer data and using the phony IDs to access customer accounts. Investigators were able to raid the ring leader's home on June 7 after catching a few of the ring members posing as customers.

 
Information Source:
Databreaches.net
records from this breach used in our total: 0

March 13, 2010 California Pizza Kitchen
Plymouth Meeting, Pennsylvania
BSR CARD

Unknown

A credit card thief and his partner used skimming devices to obtain credit card account information. The thief provided his partner with a skimming device while she worked at a California Pizza Kitchen in Plymouth Meeting, Pa. from 2008 to 2009. Around 26 customer credit cards were fraudulently charged.

 
Information Source:
Databreaches.net
records from this breach used in our total: 0

August 21, 2007 Walter Reed Army Institute of Research
Silver Spring, Maryland
GOV PHYS

Unknown

Boxes of documents containing personal information were supposed to be shredded but instead turned up last week in an off-base trash bin. Police do not believe anyone had access to the information other than the person who found the records. An investigation is under way to determine precisely what information they held and why they appeared off base.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

August 21, 2007 West Virginia Board of Barbers and Cosmetologists
Charleston, West Virginia
BSO UNKN

Unknown

Every barber and cosmetologist licensed in the state of West Virginia since 1986 could now potentially be a victim of identity theft. Someone broke into the second floor office of the Board of Barbers and Cosmetologists and stole a safe. The director of the agency says the safe contains the personal information of thousands of hair dressers.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

August 23, 2007 New York City Financial nformation Services Agency
New York, New York
GOV PORT

280,000 Not added to total. It is not clear that SSNs or financial account numbers were exposed.

A laptop loaded with financial information on as many as 280,000 city retirees was stolen from a consultant who took the computer to a restaurant.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

May 7, 2010 Fast Cash
Knoxville, Tennessee
BSF PHYS

Unknown

Hundreds, maybe thousands, of documents with personal information were dumped behind a shopping center. The documents scattered around a dumpster behind the business listing Social Security numbers, names, addresses, bank account numbers and signatures.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

August 23, 2007 Loomis Chaffee School
Windsor, Connecticut
EDU UNKN

Unknown

Valuable computer equipment, including two large storage devices were stolen during a night time burglary from the locked IT facility on campus. The stolen storage devices contained information about some recent graduates of the school, including their names, Social Security numbers, and contact information from their days as students at the school.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

August 23, 2007 Monster.com
Maynard, Massachusetts
BSO HACK

Unknown

http://help.monster.com/besafe/

Monster announced that the details of some 1.6 million job seekers had been stolen. Fewer than 5,000 of those 1.6 million users affected are based outside the United States. The information stolen was limited to names, addresses, phone numbers and email addresses, and no other details including bank account numbers were uploaded.

UPDATE (8/29/07) : Hackers have stolen the names, e-mail addresses and telephone numbers of about 146,000 subscribers to USAJOBS.gov. The hackers accessed the information from the resume database run by Monster.com, which provides the technology for USAJOBS.gov. Monster Worldwide told OPM that no Social Security numbers were compromised.

 
Information Source:
Media
records from this breach used in our total: 0

August 27, 2007 University of Illinois
Champaign-Urbana, Illinois
EDU DISC

5,247 Not added to total. It does not appear that SSNs or financial account numbers were exposed.

An e-mail sent Aug. 24 to about 700 University of Illinois engineering students contained a spreadsheet listing personal information, including addresses and grade point averages, of thousands of students. The spreadsheet attached to the mass mail did not contain Social Security numbers or the students' university identification numbers. But, the person who sent the mass e-mail attached a spreadsheet containing information on all 5,247 students in the College of Engineering. The spreadsheet included each student's name, e-mail address, major, gender, race and ethnicity, class, date admitted, spring 2007 grade point average, cumulative GPA, plus local address and phone number.

 
Information Source:
Media
records from this breach used in our total: 0

May 7, 2010 Bureau of Engraving and Printing
Washington, District Of Columbia
BSF HACK

Unknown

Hackers have caused the Bureau of Engraving and Printing (BEP), a part of the US Department of the Treasury, to shut down a number of websites. The BEP confirmed to IT PRO that the hosting company it uses experienced an intrusion and as a result of the breach numerous websites were affected, including non-BEP sites. Those URLs are: bep.gov; bep.treas.gov; moneyfactory.gov and moneyfactory.com. BEP has since suspended the website. The chief research officer at IT security company AVG, indicated that the BEP websites had a line of code injected into them. Upon accessing the US Treasury website (treas.gov, bep.gov, or moneyfactory.gov), the iframe silently redirects victims through statistic servers and exploit packs which will carry the victim onto the second stage of the attack. The exploit kit determined that Java was the “best method” for infecting his test machine. Once infected, users' web browsers will start directing them to ads and “other nasty things” like rogueware.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

August 30, 2007 Maryland Department of the Environment
Annapolis, Maryland
GOV PORT

Unknown

A laptop computer containing personal information on people with state licenses has been stolen from a vehicle. It contains four databases that include personal information related to licenses issued by four state boards.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

August 30, 2007 AT&T
San Antonio, Texas
BSO PORT

Unknown

A laptop containing unencrypted personal data on current and former employees of the former AT&T Corp. was stolen recently from the car of an employee of a professional services firm doing work for the company. That theft prompted the company to notify an unspecified number of individuals about the potential compromise of their Social Security numbers, names and other personal details.

 
Information Source:
Media
records from this breach used in our total: 0

March 5, 2010 Hancock Fabrics
Baldwyn, Mississippi
BSR DISC

Unknown

Employee documents were found near a dumpster behind the Huntsville, Alabama store. The documents were not shredded and contained payroll records dating back to 2005 with Social Security numbers, names, and pay rates.

 
Information Source:
Databreaches.net
records from this breach used in our total: 0

March 7, 2010 Randle Eastern Ambulance Service inc.
Miami, Florida
MED INSD

Unknown

A man and his wife who were previously charged with selling patient information in 2009, were charged with stealing personal information of individuals transported by Randle Eastern Ambulance Service Inc. (American Medical Response).  The information was then sold to South Florida personal injury attorneys and clinics.  The stolen information included names, telephone numbers, medical diagnoses, and addresses.  They used the help of a former AMR employee.

 
Information Source:
Databreaches.net
records from this breach used in our total: 0

September 19, 2007 Kansas University
Lawrence, Kansas
EDU PHYS

Unknown

A number of documents containing Kansas University student, faculty and staff personal information were recovered from the recycling and trash in the Mathematics Department at Kansas University. The information included student exams, student change of grade forms, class rosters, copies of health insurance cards, copies of immigration forms as well as a copy of a Social Security card.

 
Information Source:
Media
records from this breach used in our total: 0

Breach Total
815,842,526 RECORDS BREACHED
(Please see explanation about this total.)
from 4,495 DATA BREACHES made public since 2005
Showing 201-250 of 4495 results


X

Sign In!

Loading