Chronology of Data Breaches
Security Breaches 2005 - Present

Posted Date: April 20, 2005
Updated Date: December 31, 2013

Is this your first visit to our Chronology of Data Breaches?

  • Read our FAQ about what we define as a breached record, how we calculate the "total" records breached, our data sources, state breach notice laws, studies and other resources

  • Learn how to use our Chronology and take advantage of its sophisticated search and sort features

  • Get our RSS Feed to see when we add new breaches to the list

What would you like to do?

Chronology of Data Breaches

Custom Sort
Select your desired results. Then click "Go!"

Click or unclick the boxes then select go.


Select features, then click GO.



Help Guide

Can't find the sort feature you're looking for? Click here to download a CSV file of the data breach list as it exisits today.
Breach Total
929,676,448 RECORDS BREACHED
(Please see explanation about this total.)
from 4,421 DATA BREACHES made public since 2005

Save or Print PDF of Entire Breach List including introduction.Save or Print a PDF of Entire Breach List (including introductory FAQ)

Filter breach list before saving or printing PDF. Conduct a search of the Chronology using its sorting features, and Save or Print a PDF of your search results (Select filters)

If you do not have access to PDF, you can print the Chronology in landscape view.

Date Made Public Name Entity Type
March 6, 2010 Westin Bonaventure Hotel & Suites
Los Angeles, California
BSO HACK

Unknown

Westin Bonaventure Hotel & Suites four restaurants in Lake View Bistro, Lobby Court Bar, Bonavista Lounge and L.A. Prime., along with its valet parking operation, may have been hacked at some time between April and December, disclosing names, credit card numbers and expiration dates printed on customers' debit and credit cards.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

March 10, 2010 Atlanta Veterans Affairs Medical Center
Atlanta, Georgia
MED INSD

Unknown

An assistant allegedly recorded two sets of patient data on to a personal laptop for research purposes. One set included three years' worth of patient data and another held 18 years of medical information. The physician assistant's laptop was never connected to the VA network and any data she recorded on her laptop was hand entered. The department has not disclosed the number of patients involved in the incident, what kind of personal data was copied, or whether it plans to notify the veterans whose records were downloaded.

 
Information Source:
Media
records from this breach used in our total: 0

March 11, 2010 monoprice.com
Rancho Cucamonga, California
BSR HACK

Unknown

The company took their web site offline, after it received e-mails and phone calls from several customers complaining about fraudulent charges on their debit and credit cards that they had used on monoprice.com.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

March 19, 2010 PNC Financial Services Group Inc.
Dayton, Ohio
BSF CARD

Unknown

PNC Financial Services Group is investigating a possible security breach involving some debit cards issued by the former National City Corp., which it acquired in December 2008. The problem surfaced when former National City customers began reporting unauthorized charges on their accounts. The breach involves a small number of cards in the Cincinnati area, and it appears to have been committed by someone outside PNC or National City prior to the merger. It doesn’t involve any PNC-branded cards or longtime PNC customers. PNC has shut down National City debit cards in the Cincinnati area and asks that customers who have not yet done so activate their PNC debit cards. PNC is working one-on-one with customers to refund accounts, and has been returning funds within 24 hours.

UPDATE (10/19/10): Three men were charged with using skimming devices at PNCs in Pittsburgh in April and May.

 
Information Source:
Media
records from this breach used in our total: 0

February 13, 2008 Los Angeles Department of Water and Power
Los Angeles, California
GOV PHYS

Unknown

A computer was stolen from a contractor on February 11, 2008. Compromised information included name, Social Security number, date of birth, employee identification number, salary, work location, deferred compensation balances, insurance plan coverage and health care benefits selection for all active employees who were members of the DWP Retirement Plan during 2006 and 2007.

UPDATE (2/15/08): The contractor has been identified as Systematic Automation Inc.  Nineteen organizations were affected by the breach.

 
Information Source:
Security Breach Letter
records from this breach used in our total: 0

November 10, 2005 State of California - Department of Corrections and Rehabilitations (CDCR) Parole Outpatient Clinic
Sacramento, California
MED PORT

Unknown

On or around June 18, 2005 a laptop computer was stolen with information on parolees. It was unclear from the letter we recieved whether Social Security numbers were involved. 

 
Information Source:
Security Breach Letter
records from this breach used in our total: 0

August 29, 2005 Iowa Student Loan
Des Moines, Iowa
BSF PORT

Unknown

A CD-Rom including Social Security numbers, last name and state of residence was lost while in transit from an outside business partner.

 
Information Source:
Security Breach Letter
records from this breach used in our total: 0

March 30, 2010 Three Rivers Community College
Norwich, Connecticut
EDU HACK

Unknown

Three Rivers Community College may have suffered a security breach due to unauthorized access to its computer network. Data made vulnerable in the breach included names and Social Security numbers. Those affected would have been involved in the following programs during these years:
1997-2009: Participants in the Real Estate programs
2004-2009: Participants in the Life Long Learners programs
2003-2006: Participants in the Patient Care Technicians programs
2004-2006: Participants in the Certified Nursing Assistant programs
2004-2005: Participants in the Electric Boat academic programs
2007-2008: Participants in the Bridges to Health Care Careers programs
2006-2008: Participants in the Photons for Educators programs
2004-2009: Faculty or staff members of the Three Rivers Continuing Education office.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

October 31, 2006 Avaya
Maitland, Florida
BSO PORT Unknown
Additional location: Basking Ridge, NJ A laptop stolen from an Avaya employee on October 16 in Florida contained personally identifiable information, including names, addresses, W-2 tax form information and SSNs.  
Information Source:
Dataloss DB
records from this breach used in our total: 0

April 13, 2009 Irving Independent School District
Irving, Texas
EDU PHYS

Unknown

Identity thieves using the names and Social Security numbers of Irving Independent School District employees have made thousands of dollars in credit card purchases. At least 64 of the 3,400 teachers and other employees names were on an old benefits report that somehow ended up in the trash.

UPDATE (2/4/10): At least one woman involved in the crime was caught in January of 2009 and sentenced on February 4, 2010.

 
Information Source:
Media
records from this breach used in our total: 0

March 15, 2008 Starling Insurance and Associates
Colorado Springs, Colorado
BSF PHYS

Unknown

A server stolen from the locked offices contained names, addresses and Social Security numbers, dates of birth, driver's license numbers and/or account information for an unspecified number of customers.

 
Information Source:
Media
records from this breach used in our total: 0

April 8, 2010 ManorCare Health Services
Wheaton, Maryland
MED INSD

Unknown

Montgomery County's Department of Health and Human Services is looking into how numerous Wheaton nursing home papers containing sensitive patient information have made their way into nearby neighbors' yards over the past few months. The county sent a nursing home inspector to investigate complaints from residents in the Wheaton Regional Park Civic Association who said they have found internal documents from the nearby ManorCare Health Services that contain patient conditions, names and Social Security numbers. The inspector cited ManorCare for inappropriate conduct.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

April 9, 2010 Hollywood Video
Sparks, Nevada
BSR PHYS

Unknown

This Hollywood Video like many others has closed. Hundreds, perhaps thousands of pieces of paper, receipts, records and worst of all membership forms, were exposed.  It appears they were not even placed in the dumpster, but left out in the open and scattered everywhere by the wind. On these forms were names, addresses, birth dates, I-D numbers, credit card numbers and signatures.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

April 9, 2010 Charles Schwab
Albany, New York
BSF HACK

Unknown

A Russian national was sentenced to 37 months in prison for hacking into victims' brokerage accounts at Charles Schwab, laundering more than $246,000 and sending a portion back to co-conspirators in Russia. The man also sold approximately 180 stolen credit card numbers to a cooperating witness and directed that they be fabricated into credit cards. According to the indictment, from approximately September 2006 through December 2007 two men participated in a scheme to steal funds from bank and brokerage accounts by hacking into those accounts through the Internet, using personal financial information obtained through a Trojan computer viruses and then laundering the stolen proceeds.  
Information Source:
Dataloss DB
records from this breach used in our total: 0

March 9, 2010 LPL Financial
Boston, Massachusetts
BSF PORT

Unknown

An unencrypted portable hard drive was stolen from a car of an LPL representative. As a result of the theft, private client information, including names, addresses, dates of birth and Social Security numbers may have been breached.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

April 13, 2010 Virginia Beach Dept. of Social Services
Virginia Beach, Virginia
GOV INSD

Unknown

At least eight human services employees, including supervisors, have been fired or disciplined in the past year for wrongfully accessing confidential and personal information about former employees, family members and clients. The violations include a boss who forced her employees to gather information from a state database about her husband's child and a worker who checked on the status of a dead client's Medicaid benefits to help the client's family. Most of the cases stemmed from the agency's financial assistance department, which handles food stamps, Medicaid assistance, grants for the disabled and emergency relief for needy families. As part of their jobs, the 330 employees in the department who provide social services have varying degrees of access to secured databases. They need the information to determine whether a client qualifies for financial help.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

April 13, 2010 St. Peter's Hospital
Albany, New York
MED INSD

Unknown

An East Greenbush man who worked as a medical records clerk at St. Peter's Hospital is accused of stealing personal information from patient's files to open credit card accounts. The man allegedly stole Social Security numbers and other personal information from patient's records, then used the data to open credit card accounts for making personal purchases online. The man was charged April 12 with five counts of felony second-degree forgery, three counts of felony second-degree identity theft and three counts of misdemeanor second-degree criminal impersonation.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

January 5, 2010 Housing Authority of New Orleans (HANO)
Algiers, Louisiana
GOV PHYS

Unknown

Personal documents relating to section 8 were left in an unsecured and abandoned office.  The documents included copies of birth certificates, driver's license numbers, pay stubs, and Social Security cards.

 
Information Source:
NAID
records from this breach used in our total: 0

January 12, 2010 SouthTrust
Bossier, Louisiana
BSF PHYS

Unknown

The financial planning company left sensitive retirement information in a publicly accessible dumpster.  The information included account ID numbers, personal addresses, and Social Security numbers. Information about people living in Shreveport, Haughton, Minden, Monroe, Farmerville, Eros and Downsville, Louisiana was found.  Information from people living in Orange, Port Neches, Vidor and Deweyville, Texas was also found.

 
Information Source:
NAID
records from this breach used in our total: 0

April 22, 2010 JE Systems Inc.
Fort Smith, Arkansas
BSF HACK

Unknown

The company in Arkansas lost more than $110,000 this month when hackers stole the firm’s online banking credentials and drained its payroll account. On Wednesday, Apr. 7, Ft. Smith based JE Systems Inc. received a call from its bank stating that the company needed to move more money into its payroll account. Over the course of two days, someone had approved two batches of payroll payments — one for $45,000 and another for $67,000. A few days later, the First National Bank of Fort Smith sent JE Systems a letter saying the bank would not be responsible for the loss. It was their internet address that was used to process the payments, and their online banking user name and password.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

April 23, 2010 Blippy.com
Palo Alto, California
BSO DISC

Unknown

Blippy is a social Web service that lets users share with the world all their credit card transactions. One big problem though: Blippy appears to have inadvertently published some of its users' credit card numbers. Google search resulted in viewing of some of the credit card numbers.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

March 17, 2010 Private Medical Practice
Lake Mary, Florida
MED PHYS

Unknown

Police were looking for evidence of another crime when they found personal documents in the dumpster outside of a doctor's office. The doctor specializes in treating the ear, nose, and throat and claims there was nothing about patients in the documents. The doctor agreed to shred the documents while the police investigated whether or not patient information was compromised.

 
Information Source:
NAID
records from this breach used in our total: 0

January 28, 2010 University Medical Clinics
Port St. Lucie, Florida
MED PHYS

Unknown

Files containing Social Security numbers, phone numbers, patient names, and addresses were found in a trash bin outside of the clinic. A woman found the files and notified police after receiving an anonymous tip.

 
Information Source:
NAID
records from this breach used in our total: 0

April 23, 2010 DRC Physical Therapy Plus
Monticello, New York
MED PHYS

Unknown

Officials have seized hundreds, perhaps thousands, of files containing Social Security numbers and other private patient information found dumped outside the shuttered office of DRC Physical Therapy Plus. The manila folders, dating back to at least 1998, include information sheets showing the names, addresses and birth dates of patients and, in some cases, Social Security numbers. Deputies impounded a dump truck loaded with patient files and about a dozen or so boxes stacked inside the bucket of a front-loader.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

April 23, 2010 Hutcheson Medical Center
Chattanooga, Tennessee
MED PHYS

Unknown

Anyone who peered inside the mixed paper bin at the Dupont Recycling Center in May of 2009 got an eyeful. Files, in plain sight, which contained sensitive medical and identity information. Authorities don't know how those thousands of files got there. Some of the records came from Hutcheson and a plastic surgery office in the area. The information inside those files included graphic photos, and Social Security numbers.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

April 18, 2010 Rapid Return Tax
San Antonio, Texas
BSF PHYS

Unknown

Dozens of legible tax documents were found among ashes in a dumpster outside of a tax return business.  Social Security numbers may have been on the documents.  This appears to be the result of a failure to burn all of the documents.

 
Information Source:
Databreaches.net
records from this breach used in our total: 0

April 9, 2010 Woodbury Financial Services
Woodbury, Minnesota
BSF PORT

Unknown

A USB containing client names, Social Security numbers, addresses, and dates of birth went missing. The data was unencrypted.  Woodbury is a broker with The Hartford.

 
Information Source:
Databreaches.net
records from this breach used in our total: 0

April 14, 2010 Strategic Workforce Solutions, Tatum SFN division
New York, New York
BSO PORT

Unknown

The Tatum division of SFN (Strategic Workforce Solutions) notified employees that a portable electronic device was stolen from the trunk of a car.  The device contained unencrypted files with names, addresses and Social Security numbers.

 
Information Source:
Databreaches.net
records from this breach used in our total: 0

April 14, 2010 Lam Research Corp.
Fremont, California
BSO PORT

Unknown

A laptop containing the information of people regularly employed at Lam Research Corp. on or after January 1, 2009 was stolen from an employee's car.  Temporary employees and contractors from August 1, 2007 and beyond may have also been affected.  The information included names and Social Security number; however, it was protected by passwords and fingerprints checks.

 
Information Source:
Databreaches.net
records from this breach used in our total: 0

April 14, 2010 Bay Pines VA Medical Center
Bay Pines, Florida
GOV PHYS

Nearly 800 (unknown number of SSNs)

Up to 800 police files were left in an area where the general public could easily access them.  Some of the files contained Social Security numbers, patient addresses, and treatment information.

 
Information Source:
Databreaches.net
records from this breach used in our total: 0

April 13, 2010 Room Store
Annapolis, Maryland
BSR PHYS

Unknown

A Maryland man found his own credit application lying on the ground near a dumpster.  The dumpster contained thousands of old credit applications and some newer ones.  The information included Social Security numbers, driver's licence numbers, names, addresses, and phone numbers.  Room Store employees were doing a massive cleanup and unknowingly dumped the bag of documents without shredding them.

 
Information Source:
Databreaches.net
records from this breach used in our total: 0

April 8, 2010 HBDirect.com
Waterbury Center, Vermont
BSO HACK

Unknown

A security breach resulted in the possibility that hackers accessed customer names, addresses, credit card information, email addresses and phone numbers. Customers who used the site between December 1, 2009 and February 10th, 2010 may have been affected.

 
Information Source:
Databreaches.net
records from this breach used in our total: 0

April 7, 2010 Bank of America
Charlotte, North Carolina
BSF INSD

Unknown

An IT staff member of Bank of America pled guilty to installing illegal software on Bank of America ATMs. The software caused the ATMs to erroneously dispense money; some of it may have affected customer accounts.

 
Information Source:
Databreaches.net
records from this breach used in our total: 0

March 29, 2010 Proxima Alfa Investments LLC
New York, New York
BSF PORT

Unknown

In November the firm discovered that several backup tapes were missing from its office. The tapes contained customer information such as names, e-mail addresses, addresses, phone numbers, Social Security numbers, bank account information, passport numbers and sometimes scans of passports. The firm ceased operations in mid-2009.

 
Information Source:
Databreaches.net
records from this breach used in our total: 0

April 3, 2010 Middletown City Government Building: Public Works, Utilities, Police, and Finance Departments
Middletown, Ohio
GOV PHYS

Unknown

Personal documents that originated from the city building were left in a dumpster. Most of the documents were from the public works and utilities departments.  An unknown number of Middletown residents had their Social Security numbers, phone numbers, and carbon copies of checks exposed.

 
Information Source:
Databreaches.net
records from this breach used in our total: 0

March 27, 2010 Laboratory Corporation of America LabCorp
Burlington, North Carolina
MED PHYS

Unknown

Thousands of medical documents fell out of a truck bed while in transit.  The scattered documents contained billing information and possibly medical records from 1993 or later.

 
Information Source:
Media
records from this breach used in our total: 0

March 29, 2010 University MRI Diagnostic Center, Holy Cross Hospital, North Ridge Medical Center, and Oncology and Hematology Associates of West Broward
, Florida
MED INSD

40,000

People in Fort Lauderdale, Aventura and Tamarac, Florida were affected.  The hospital's information hotline is (800) 388-4301.

The Holy Cross Hospital breach has its own post for November 10, 2010.

Two former employees of these organizations were involved in an identity theft scheme with at least three other partners.  Thousands of victims have been confirmed.  The employees had access to emergency room patient records such as names, dates of birth, Social Security numbers, Medicare numbers, and addresses.  The stolen information was used by others to obtain Care Credit accounts and Chevron Visa credit cards.  Victims lost a total of approximately $162,000.

 
Information Source:
Databreaches.net
records from this breach used in our total: 0

March 19, 2010 MyPilotStore.com
Scottsdale, Arizona
BSO HACK

Unknown

In February, it was discovered that a database containing customer names, addresses, e-mails, telephone numbers, and credit card information had been hacked. Some customers received phony charges to their accounts as a result of this hack.

 
Information Source:
Databreaches.net
records from this breach used in our total: 0

December 7, 2009 Gateway Community College
New Haven, Connecticut
EDU HACK

Unknown

The College attempted to notify potential victims of a breach caused by malware discovered on campus computers. College alumni who donated to the College, potential donors, and students receiving scholarships between 2004 and 2006 may have been affected.

 
Information Source:
Databreaches.net
records from this breach used in our total: 0

March 25, 2010 New York State DMV
, New York
GOV INSD

Over 200 (0 reports of SSNs or financial information)

Two employees from the New York City office

Seven people, including two former New York State DMV employees from New York City, were indicted in a theft ring. The identify fraud ring involved New York State driver's licenses, learner's permits, and identification cards. The information was then sold to felons.  Fifteen other people were charged with buying the stolen information.

 
Information Source:
Databreaches.net
records from this breach used in our total: 0

March 25, 2010 Valencia High School
Valencia, California
EDU INSD

Unknown

A student gained access to the entire district of Hart's system, but only went into his high school's portion. The student claimed he changed some things and then returned them. The student most likely used a password, but it is not known whether he used a district computer or a personal one. The district is providing one year of free credit monitoring services.

 
Information Source:
Databreaches.net
records from this breach used in our total: 0

March 25, 2010 Johns Hopkins University School of Education
Baltimore, Maryland
EDU DISC

Unknown

A file containing student enrollment information was accessible online.  Student names, races, genders, Social Security numbers, identification numbers and dates of birth were accessible for at least one month.

 
Information Source:
Databreaches.net
records from this breach used in our total: 0

March 24, 2010 Wachovia
Alexandria, Washington
BSF CARD

Unknown

A skimming device was spotted outside a Wachovia branch in Alexandria, Washington. It is estimated that over $60,000 in fraudulent charges was stolen from ATM customers of the Wachovia King Street branch.

 
Information Source:
Databreaches.net
records from this breach used in our total: 0

March 22, 2010 Arkansas Crime Information Center
Little Rock, Arkansas
BSO INSD

Unknown

It appears that the owner of a bail bonds business accessed criminal, family, and financial background information by misusing a police password. The Arkansas Crime Information Center database was fraudulently accessed 1,200 times in less than one year.

 
Information Source:
Databreaches.net
records from this breach used in our total: 0

March 16, 2010 Albany Police Department (ADP Georgia)
Albany, Georgia
GOV DISC

Unknown

Sensitive city documents were found near a garbage can in an alley. The documents may have contained Social Security numbers. It is believed that officers failed to shred the documents and dispose of them properly.

 
Information Source:
Databreaches.net
records from this breach used in our total: 0

March 13, 2010 TD Bank
Mount Laurel, New Jersey
BSF INSD

Unknown

A former TD Bank employee provided information to outside accomplices who stole over $200,000 from customer accounts. The insider passed along driver's license numbers and bank account numbers.

UPDATE (8/7/2011): A fraud ring involving insiders at multiple TD Banks in South Jersey was uncovered.  A federal trial will begin in October.  The members of the fraud group are accused of stealing more than $400,000 from customers and banks between November 2005 and May 2010.  Six members are part of the 148-count indictment.  The scheme involved obtaining customer ID data, creating false ID photos with customer data and using the phony IDs to access customer accounts. Investigators were able to raid the ring leader's home on June 7 after catching a few of the ring members posing as customers.

 
Information Source:
Databreaches.net
records from this breach used in our total: 0

March 13, 2010 California Pizza Kitchen
Plymouth Meeting, Pennsylvania
BSR CARD

Unknown

A credit card thief and his partner used skimming devices to obtain credit card account information. The thief provided his partner with a skimming device while she worked at a California Pizza Kitchen in Plymouth Meeting, Pa. from 2008 to 2009. Around 26 customer credit cards were fraudulently charged.

 
Information Source:
Databreaches.net
records from this breach used in our total: 0

March 13, 2010 Beer and Wine Hobby
Woburn, Massachusetts
BSR HACK

35,000 (0 complete credit card numbers reported)

Personal information may have been accessed during a breach of Beer and Wine Hobby's computer system. The personal information included partial credit card numbers.

 
Information Source:
Databreaches.net
records from this breach used in our total: 0

May 7, 2010 Fast Cash
Knoxville, Tennessee
BSF PHYS

Unknown

Hundreds, maybe thousands, of documents with personal information were dumped behind a shopping center. The documents scattered around a dumpster behind the business listing Social Security numbers, names, addresses, bank account numbers and signatures.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

May 7, 2010 Bureau of Engraving and Printing
Washington, District Of Columbia
BSF HACK

Unknown

Hackers have caused the Bureau of Engraving and Printing (BEP), a part of the US Department of the Treasury, to shut down a number of websites. The BEP confirmed to IT PRO that the hosting company it uses experienced an intrusion and as a result of the breach numerous websites were affected, including non-BEP sites. Those URLs are: bep.gov; bep.treas.gov; moneyfactory.gov and moneyfactory.com. BEP has since suspended the website. The chief research officer at IT security company AVG, indicated that the BEP websites had a line of code injected into them. Upon accessing the US Treasury website (treas.gov, bep.gov, or moneyfactory.gov), the iframe silently redirects victims through statistic servers and exploit packs which will carry the victim onto the second stage of the attack. The exploit kit determined that Java was the “best method” for infecting his test machine. Once infected, users' web browsers will start directing them to ads and “other nasty things” like rogueware.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

Breach Total
929,676,448 RECORDS BREACHED
(Please see explanation about this total.)
from 4,421 DATA BREACHES made public since 2005
Showing 351-400 of 4421 results


X

Sign In!

Loading