Chronology of Data Breaches
Security Breaches 2005 - Present

Posted Date: April 20, 2005
Updated Date: December 31, 2013

Is this your first visit to our Chronology of Data Breaches?

  • Read our FAQ about what we define as a breached record, how we calculate the "total" records breached, our data sources, state breach notice laws, studies and other resources

  • Learn how to use our Chronology and take advantage of its sophisticated search and sort features

  • Get our RSS Feed to see when we add new breaches to the list

What would you like to do?

Chronology of Data Breaches

Custom Sort
Select your desired results. Then click "Go!"

Click or unclick the boxes then select go.


Select features, then click GO.



Help Guide

Can't find the sort feature you're looking for? Click here to download a CSV file of the data breach list as it exisits today.
Breach Total
929,676,448 RECORDS BREACHED
(Please see explanation about this total.)
from 4,421 DATA BREACHES made public since 2005

Save or Print PDF of Entire Breach List including introduction.Save or Print a PDF of Entire Breach List (including introductory FAQ)

Filter breach list before saving or printing PDF. Conduct a search of the Chronology using its sorting features, and Save or Print a PDF of your search results (Select filters)

If you do not have access to PDF, you can print the Chronology in landscape view.

Date Made Public Name Entity Type
October 30, 2007 Pathology Group
Memphis, Tennessee
MED STAT

75,000

Someone broke into a locked office building, several computers with flat screen monitors were stolen. One of those computers had patient information on about 75,000 people. This information included names, addresses, Social Security number, even medical information

 
Information Source:
Dataloss DB
records from this breach used in our total: 75,000

January 21, 2010 University of Missouri System
Columbia, Missouri
EDU DISC 75,000
About 100 people responded to an e-mail notifying students that their Social Security numbers may have been visible in the envelope window of a tax form sent by the University of Missouri System. More than 75,000 Form 1098-Ts were mailed. The four-campus system has no way of assessing how many envelopes displayed the numbers. Form 1098-T is an Internal Revenue Service form that reports tuition billed and paid. Campus Mail Services committed the folding errors.  
Information Source:
Dataloss DB
records from this breach used in our total: 75,000

July 6, 2010 DentaQuest
Chicago, Illinois
MED DISC

76,000

In a statement datelined out of Nashville, DentaQuest reported the laptop theft occurred March 20 in Chicago and was informed of the incident April. DentaQuest reported the laptop contained a database which held the personal information of approximately 76,000 clients. The contractor advised most of the data is not considered sensitive, but the device did contain the first names, last names and Social Security Numbers of about 21,000 individuals. Some 10,500 are Tennessee residents.

 
Information Source:
Dataloss DB
records from this breach used in our total: 76,000

February 10, 2007 State of Indiana Official Website www.IN.gov
Indianapolis, Indiana
GOV HACK

76,600

  (888) 438-8397, Email: securityconcerns @www.IN.gov

A hacker gained access to the State Web site and obtained credit card numbers of individuals who had used the site's online services and gained access to Social Security numbers for 71,000 healthcare workers and 5,600 individuals and businesses.

UPDATE (3/22/07): Investigators have identified a teen they believe hacked into the IN.gov as a prank.

 
Information Source:
Dataloss DB
records from this breach used in our total: 76,600

January 28, 2010 PricewaterhouseCoopers
New York, New York
BSO UNKN

77,000

The names, birth dates and Social Security numbers of 77,000 people were lost in their Chicago office. The people at risk for identify theft are those who were in the PERS and TRS system in 2003-04 as active or inactive employees or retirees. Price Waterhouse Coopers has agreed in a settlement to pay for credit monitoring and other security measures and cover any losses to individuals caused by its mishandling of the information. A number of people associated with the State of Alaska had their information exposed.

 
Information Source:
Dataloss DB
records from this breach used in our total: 77,000

January 12, 2007 MoneyGram International
Minneapolis, Minnesota
BSF HACK

79,000

MoneyGram, a payment service provider, reported that a company server was unlawfully accessed over the Internet last month. It contained information on about 79,000 bill payment customers, including names, addresses, phone numbers, and in some cases, bank account numbers.

 
Information Source:
Media
records from this breach used in our total: 79,000

July 2, 2010 AMR Corporation
Fort Worth, Texas
BSO STAT

79,000

Retirees, current, and former employees who participated in AMR's pension plan may have had their names, Social Security numbers, addresses, dates of birth, and other personal information stolen by the theft of a hard drive containing microfilm files. Employees and beneficiaries of employees who were enrolled between 1960 and 1995 are at risk.

 
Information Source:
Databreaches.net
records from this breach used in our total: 79,000

July 4, 2010 AMR Corporation
Fort Worth, Texas
BSO PORT

79,000

American Airlines parent company said Friday the personal information of about 79,000 retirees, former and current employees has been compromised after a hard drive was stolen from its Fort Worth headquarters. No customer data was affected. The data was held by the company's pension department.  The drive contained images of microfilm files, which included names, addresses, dates of birth, Social Security numbers and a "limited amount" of bank account information. Some health insurance information may have also been included -- mostly enrollment forms, but also details about coverage, treatment, and other administrative information. The data spans a period from 1960 to 1995. AMR also believes some of the employee files also contained information on beneficiaries, dependents and other employees from 1960 to 1995.

 
Information Source:
Dataloss DB
records from this breach used in our total: 79,000

August 10, 2011 University of Wisconsin - Milwaukee
Milwaukee, Wisconsin
EDU HACK

79,000

On May 25, University technology staff learned that unauthorized individuals had installed computer viruses on a University server.  It housed a software system for managing confidential information.  The names and Social Security numbers or people associated with the University could have been exposed.  There was no evidence that unauthorized parties had attempted to download the confidential information.

 
Information Source:
Databreaches.net
records from this breach used in our total: 79,000

May 7, 2005 Department of Justice
Washington, District Of Columbia
GOV PORT

80,000

The laptop was stolen from Omega World Travel of Fairfax, VA.

A laptop containing password protected names and travel account credit card information was stolen sometime between May 7 and May 9.

 
Information Source:
Dataloss DB
records from this breach used in our total: 80,000

July 17, 2007 Louisiana Board of Regents
Baton Rouge, Louisiana
GOV DISC

80,000

Records of students and staff including Social Security numbers,names, and addresses exposed on web.  In all, more than 80,000 names and Social Security numbers were accessible for perhaps as long as two years on an internal Internet site.

 
Information Source:
Dataloss DB
records from this breach used in our total: 80,000

March 4, 2009 New York Police Department
New York, New York
GOV INSD

80,000

A civilian employee of the department's pension fund is accused of stealing eight tapes containing the Social Security numbers and direct-deposit information for 80,000 current and retired cops. The employee, who served as the pension fund's director of communications, has been charged with computer trespass, burglary and grand larceny. He is accused of removing the tapes from a backup data warehouse on Staten Island after disabling security cameras. Police found the missing tapes at his home before arresting him.

 
Information Source:
Dataloss DB
records from this breach used in our total: 80,000

November 18, 2009 Universal American Action Network
St. Petersburg, Pennsylvania
MED DISC

80,000

Thousands of Pennsylvanians are at risk for identity theft because postcards were sent to their homes with their Social Security numbers printed in plain view. The postcards were from the Universal American Action Network, a subsidiary of Universal American Insurance. 80,000 postcards with SSNs on them were sent to Universal clients throughout the country. More than 10,000 were mailed to Medicare participants in Pennsylvania.

 
Information Source:
Dataloss DB
records from this breach used in our total: 80,000

January 31, 2010 Iowa State Racing and Gaming Commission
Des Moines, Iowa
GOV HACK

80,000

The Iowa Racing and Gaming Commission says someone gained access to a computer server that holds more than 80,000 records containing casino employee information. The person who hacked into the system was traced back to China and had used a computer with an external account. The server contains records including names, birth dates and Social Security numbers.

 
Information Source:
Dataloss DB
records from this breach used in our total: 80,000

May 12, 2008 Dave & Buster's
Islandia, New York
BSO HACK

80,000

Three men have been charged with hacking into 11 Dave & Buster's networks and then remotely installing "packet sniffer" software on point-of-sale servers at locations throughout the U.S. A packet sniffer logs information being sent over a network. In this case, the criminals used it to log credit and payment card data as it was sent from the branch locations to corporate headquarters. The hacking took place from April to September 2007. At Dave & Buster's Islandia, New York, location, the hackers accessed details of about 5,000 payment cards. The information was sold to other criminals who then used the card numbers to scam online merchants. The criminals were able to post at least $600,000 in fraudulent transactions from 675 cards taken from this one store.

UPDATE (04/05/2010): In reaching a settlement with Dave & Buster’s, the FTC quietly and without fanfare introduced a new security standard, requiring the company to monitor and filter outbound Internet traffic to block the unauthorized export of sensitive information. The consent decree puts companies on notice that they may face FTC scrutiny and penalties if they fail to use data loss prevention software.

UPDATE (07/19/2012): A member of the hacking ring was sentenced to seven years in prison.  Around 80,000 payment card numbers were taken from the 11 Dave & Buster's locations.  It appears that the hacker was part of a larger conspiracy that last between 2005 and 2008 and affected Hannaford Bros. grocery chain, Heartland Payment Systems, TJX retail chain, BJ's Wholesale Club, OfficeMax, Boston Market, 7-Eleven, JCPenney, Barnes & Noble, Sports Authority, and Forever 21. Two other members of the hacking ring were sentenced to 20 years in prison and 30 years in prison.

 
Information Source:
Dataloss DB
records from this breach used in our total: 80,000

December 8, 2011 Subway
Milford, Connecticut
BSR HACK

80,000

Over 150 Subway franchises and at least 50 other small retailers had customer data hacked from their point-of-sale (POS) systems.  Four Romanian hackers were indicted for hacking and misusing the credit card information between 2008 and May of 2011.  Over $3 million in fraudulent charges on customer cards was obtained by scanning the internet for vulnerable POS systems and then easily breaking the passwords to these systems. Keyloggers and a backdoor were also installed to allow further access to the system.  Retailers who were hit had used a certain type or types of basic POS software and many had failed to change the default password for the software.

UPDATE (01/08/2013): A Romanian national was arrested and sentenced for his role in the POS system hack of Subway.  Three other Romanians face charges related to the breach.

UPDATE (03/19/2013): The scheme may have affected 150 restaurants and may have led to $10 million in fraudulent charges.  Two additional hackers were sentenced on conspiracy to commit computer fraud and conspiracy to commit access device fraud charges.

 
Information Source:
Databreaches.net
records from this breach used in our total: 80,000

January 4, 2008 Mariner Health Care, Windham Brannon, SavaSeniorCare Administrative Services, LLC
Atlanta, Georgia
BSF PORT

80,124

Cash and several laptops were stolen from Windham's Atlanta office on the evening of December 31, 2007.  Windham provides audit services for Mariner's and SaveSeniorCare's 401(k) benefit plans.  Current and former employees may have had their names, Social Security numbers, addresses, dates of birth, salary information and 401(l) account information.

 
Information Source:
Dataloss DB
records from this breach used in our total: 80,124

August 29, 2013 Republic Services
Phoenix, Arizona
BSO PORT

82,160

An unspecified number of current and former employees were affected by the theft of a laptop.  The laptop was stolen from an employee's home on August 10.  The laptop contained names and Social Security numbers.

UPDATE (09/03/2013): As many as 82,160 current and former employees may have been affected.

 
Information Source:
Media
records from this breach used in our total: 82,160

June 17, 2009 Blackbaud Inc.
Charleston, South Carolina
BSO PORT

84,000

A computer that was stolen from a car in Charleston, SC, last year contained personal financial information on 84,000 University of North Dakota donors. The missing laptop belonged to Daniel Island-based software giant Blackbaud Inc., which stressed that all of the information was password-protected and encrypted.

 
Information Source:
Media
records from this breach used in our total: 84,000

March 15, 2006 Ernst & Young, IBM
New York, New York
BSF PORT

84,000

A laptop with sensitive information was stolen from an employee's car in January. IBM employees who may have been stationed overseas during their careers were affected. Names, Social Security numbers, dates of birth, genders, family sizes and tax identifiers for employees were exposed. Those affected were notified in March.

 
Information Source:
Dataloss DB
records from this breach used in our total: 84,000

February 12, 2011 Saint Francis Broken Arrow (Broken Arrow Medical Center)
Broken Arrow, Oklahoma
MED STAT

84,000

A computer that had not been used since May of 2004 was stolen from a secured information systems room. Patient billing information and some employee records were exposed. The information would have included names, Social Security numbers, dates of birth, addresses and patient insurance and diagnostic information.

 
Information Source:
PHIPrivacy.net
records from this breach used in our total: 84,000

October 7, 2008 University of North Dakota Alumni Association
Grand Forks, North Dakota
EDU PORT

84,554

A laptop computer containing sensitive personal and financial information on alumni, donors and others was stolen from a vehicle belonging to a software vendor retained by the UND. The information, included individuals' credit card and Social Security numbers,

 
Information Source:
Dataloss DB
records from this breach used in our total: 84,554

June 12, 2012 Bethpage Federal Credit Union
Bethpage, New York
BSF DISC

86,000

An employee accidentally posted data onto a file transfer protocol site that was not secure on May 3.  The data contained customer VISA debit card names, addresses, dates of birth, card expiration dates and checking and savings account numbers.  The error was discovered on June 3. The data was accessed, but there was no evidence of identity theft or fraud as of June 12.  New cards were issued to 25% of the affected members and the remaining members will have their affected cards deactivated on June 30.

 
Information Source:
Databreaches.net
records from this breach used in our total: 86,000

April 12, 2012 Housatonic Community College
Bridgeport, Connecticut
EDU HACK

87,667 

Two campus computers were determined to have been infected by malware.  The breach occurred when a faculty or staff member opened an email that contained a virus.  The virus was immediately detected.  Faculty, staff, and students affiliated with the school between the early 1990's and the day of the breach may have had their names, Social Security numbers, dates of birth, and addresses exposed.  Housatonic's president acknowledged that the cost of handling the breach could be as much as $500,000.

 
Information Source:
Dataloss DB
records from this breach used in our total: 87,667

May 4, 2008 Staten Island University Hospital
Staten Island, New York
MED STAT

88,000

Computer equipment stolen from an administrator contained personal information from patients. Social Security numbers and health insurance numbers were contained in computer files on a desktop computer and the backup hard drive.

 
Information Source:
Dataloss DB
records from this breach used in our total: 88,000

September 23, 2008 Texas Lottery Commission
Austin, Texas
GOV INSD

89,000

A former Texas Lottery Commission computer analyst has been arrested for copying the personal data of Texas lottery winners. He downloaded his own work files off his computer and took them to his next job. The names and Social Security numbers of 27,075 mid-level lottery winners -- people who have won prizes from $600 up to around $1 million -- were on the employee's hard drive.

UPDATE 10/31/08: 89,000 lottery winners are being notified their personal information, including Social Security numbers, may have been breached.

 
Information Source:
Dataloss DB
records from this breach used in our total: 89,000

January 12, 2006 People's Bank
Bridgeport, Connecticut
BSF PORT

90,000

A computer tape containing names, addresses, Social Security numbers, and checking account numbers was lost while being transported by UPS.  The bank alerted the affected customers and provided them with a credit monitoring service for one year.

 
Information Source:
Dataloss DB
records from this breach used in our total: 90,000

May 19, 2007 Stony Brook University
Stony Brook, New York
EDU DISC

90,000

http://www.stonybrook.edu/sb/disclosure/, Call Center, (866) 645-5830 (available until July 15, 2007)

SSNs and university ID numbers of faculty, staff, students, alumni, and other community members were visible via the Google search engine after they were posted to a Health Sciences Library Web server April 11. It was discovered and removed 2 weeks later.

 
Information Source:
Dataloss DB
records from this breach used in our total: 90,000

November 29, 2013 University of Washington Medicine
Seattle, Washington
MED HACK

90,000

An employee at UW Medicine opened an email attachment that contained malicious software in early October.  The malware affected the employee's computer and any information on the computer may have been compromised.  Patient names, Social Security numbers, phone numbers, addresses, and medical record numbers may have been affected.  Patients who were seen at UW Medicine dating back to at least 2008 could have had their information exposed.  Notifications of the breach were sent at the end of November.

 
Information Source:
Media
records from this breach used in our total: 90,000

August 23, 2011 Lincoln Financial Group, Lincoln National Life Insurance Company, Lincoln Life and Annuity Company of New York
New York, New York
BSF DISC

91,763

A programming error caused the names and Social Security numbers of current and former retirement plan enrollees to be accessible to unauthorized plan administrators.  The error had existed in the database's search function since October 2009.  A plan administrator notified Lincoln Financial Group of the issue on July 18.  

 
Information Source:
Databreaches.net
records from this breach used in our total: 91,763

June 2, 2006 Ahold USA, parent company of Stop & Shop, Giant stores and Tops stores via subcontractor Electronic Data Systems (EDS)
Landover, Maryland
BSR PORT

92,000

Additional location: Plano, TX

An EDS employee lost a laptop computer during a commercial flight that contained pension data of former employees of Ahold's supermarket chains including Social Security numbers, birth dates and benefit amounts.  The laptop was lost form the checked baggage of a domestic commercial airline flight on May 2, 2006.  The laptop was not recovered even though the incident was reported immediately.

 
Information Source:
Dataloss DB
records from this breach used in our total: 92,000

August 18, 2008 Dominion Enterprises
Richmond, Virginia
BSO HACK

92,095

(757) 351-7951

A computer server within InterActive Financial Marketing Group (IFMG), a division of Dominion Enterprises located in Richmond, Virginia, was hacked into and illegally accessed by an unknown and unauthorized third party between November 2007 and February 2008. The data intrusion resulted in the potential exposure of personal information, including the names, addresses, birth dates, and Social Security numbers of 92,095 applicants who submitted credit applications to IFMG's family of special finance Web sites.

 
Information Source:
Dataloss DB
records from this breach used in our total: 92,095

April 26, 2006 Pershing LLC
Jersey City, New Jersey
BSF PORT

92,541

A Pershing employee lost a laptop computer. Personal information of clients may have been stored on the laptop. Names, Social Security numbers, addresses, brokerage account numbers and account holdings may have been exposed.

 
Information Source:
Dataloss DB
records from this breach used in our total: 92,541

March 3, 2006 Metropolitan State College of Denver (MSCD)
Denver, Colorado
EDU PORT

93,000

http://www.mscd.edu/securityalert/

A laptop containing student information was stolen.  The information included names and Social Security numbers of students who registered for Metropolitan State courses between the 1996 fall semester and the 2005 summer semester.

 
Information Source:
Security Breach Letter
records from this breach used in our total: 93,000

July 16, 2010 Buena Vista University
Storm Lake, Iowa
EDU HACK

93,000

Someone gained unauthorized access to a BVU database. The database contained records of names, Social Security numbers, and driver's license numbers of BVU applicants, current and former students, parents, current and former faculty and staff, alumni and donors. These records go back as far as 1987.

 
Information Source:
Databreaches.net
records from this breach used in our total: 93,000

April 5, 2011 MidState Medical Center
Hartford, Connecticut
MED PORT

93,500

People with comments or questions regarding this incident may call (855) 398-6435.

A former Hartford Hospital employee misplaced a computer hard drive on February 15. It contained patient names, Social Security numbers, addresses, dates of birth and medical record numbers. Not all of the patients who were affected had their Social Security numbers exposed.

UPDATE (04/07/2011): Connecticut's Attorney General and Consumer Protection Commissioner are investigating the breach and data security policies of Hartford Medical Center and Midstate Medical Center.  Additional details reveal that the hospital employee misplaced the computer hard drive after taking it home. The Connecticut Attorney General is asking that affected patients receive two years of credit monitoring services, identity theft insurance and reimbursement for placing and lifting security freezes.

UPDATE (07/10/2012): The Connecticut Attorney General has decided to end an investigation of MidState's practices.  The Attorney General claimed to base his decision to close the investigation with no further action on the fact that the Hospital had taken significant actions on behalf of the affected patients.

 
Information Source:
PHIPrivacy.net
records from this breach used in our total: 93,500

May 11, 2011 Michaels Stores Inc.
New York, New York
BSR CARD

94,000

The location listed is Michaels headquarters.  Customers from multiple states were affected.

Those with questions may call 800-MICHAELS (642-4235).

A number of PIN pads in Chicago-area Michaels stores were found to have been tampered with.  Michaels checked 7,200 PIN pads in 964 US stores.  Fewer than 90 pads were found to have been compromised, but the affected pads were in 20 states. Michaels expects the process of replacing the pads to last about 15 days. The number of affected customers is in the tens of thousands. PIN pads in Canada will also be checked.

The Chicago-area was the hardest hit; 14 stores had compromised PIN pads. Customers who used their debit or credit cards at Michaels are encouraged to monitor their transaction records. Michaels Stores released an official statement.

UPDATE (05/19/2011): A suit seeks class-action status and more than $5 million in damages for people whose credit and debit accounts were compromised by the breach.  The lawsuit claims that Michaels failed to protect customers from "cyber-pickpockets" who stole sensitive banking information from checkout keypads at stores in 20 states. Michaels is accused of knowingly violating federal and state law by failing to take reasonable steps to safeguard customers' personal information.  Michaels is also accused of failing to alert customers as soon as the security breach was discovered. There is now a theory that thieves used a combination of  "false card readers", wireless cameras or electronic membranes placed over keypads to collect the PINs and card information of MIchaels' customers. This allowed them to create fraudulent debit and credit cards.

UPDATE (05/31/2011): A second lawsuit was filed in late May.  The new suit also seeks class-action status.  It alleges that Michaels failed to safeguard shoppers' credit and debit PINs and other information.  The second lawsuit was filed by an Illinois resident who saw over $1,000 in fraudulent charges after making an $18.16 purchase at Michaels.

UPDATE (06/20/2011): An extensive fraud case has hit multiple areas of Oregon.  Over 250 people have reported fraudulent charges related to cards that were used at Michaels stores.

UPDATE (06/27/2011): Four suspects were caught making fraudulent debit card transactions on camera.  The images have been distributed by investigators hoping that someone in the Beaverton, Oregon area will recognize one or more of the people.  

Additionally, Michaels now faces a total of four lawsuits related to the data breach.

UPDATE (07/13/2011): A number of Iowa residents began reporting debit card fraud that could potentially be related to the Michaels breach.

UPDATE (03/21/2012): Two men will be sentenced for their roles in setting up phony debit and credit card pads in the 84 Michaels stores.  Each pleaded guilty to one count of conspiracy to commit bank fraud, one count of bank fraud, and one count of aggravated identity theft. A total of 94,000 credit and debit card account numbers were stolen.

UPDATE (07/30/2012): The two men were each sentenced to 36 months in prison for conspiracy to commit bank fraud.  An additional 24 months were added for aggravated identity theft.  The must also pay $42,000 in restitution and will have five years of supervised release.

 
Information Source:
Databreaches.net
records from this breach used in our total: 94,000

June 9, 2012 Franklin's Budget Car Sales, Inc.
Statesboro, Georgia
BSR DISC

95,000

The FTC fined Franklin's Budget Car Sales for compromising consumers' personal information by allowing peer-to-peer software to be installed on its network.  Any computers that were connected to the peer-to-peer network could have accessed Franklin's network of consumer names, Social Security numbers, addresses, dates of birth, and driver's license numbers.  The FTC claimed that Franklin's failed to assess risks to the consumer information it collected and stored online and failed to adopt policies to prevent or limit unauthorized disclosure of information.  Franklin's also allegedly failed to prevent, detect and investigate unauthorized access to personal information on its networks, failed to adequately train employees and failed to employe reasonable measures to respond to unauthorized access to personal information.  Franklin's settlement agreement bars Franklin's from misrepresentations about the privacy, security, confidentiality, and integrity of personal information it collected from consumers.  Franklin's must also establish and maintain a comprehensive information security program and undergo data security audits.

 
Information Source:
Databreaches.net
records from this breach used in our total: 95,000

November 24, 2008 Starbucks Corp.
Seattle, Washington
BSR PORT

97,000

A laptop containing private information on employees was stolen. The information included names, addresses and Social Security numbers.
 

 
Information Source:
Dataloss DB
records from this breach used in our total: 97,000

February 19, 2009 University of Florida
Gainesville, Florida
EDU HACK

97,200

(877) 657-9133

A foreign hacker gained access to a University of Florida computer system containing the personal information of students, faculty and staff. The files included the names and Social Security numbers of individuals who used UF's Grove computer system since 1996.

 
Information Source:
Dataloss DB
records from this breach used in our total: 97,200

March 11, 2005 University of California, Berkeley
Berkeley, California
EDU PORT

98,400

A laptop containing the Social Security numbers of doctoral degree recipients from 1976 to 1999, graduate students enrolled between 1989 and 2003, and graduate school applicants between fall 2001 and spring of 2004 was stolen.  Birth dates and addresses for about one-third of the affected people were also on the laptop.

 
Information Source:
Dataloss DB
records from this breach used in our total: 98,369

September 15, 2008 Forever21
Los Angeles, California
BSR HACK

98,930

(888) 757-4447, http://www.forever21.com/notice/notice.html

If you shopped at the stores between November 26, 2003, and October 24, 2005, criminals may have hijacked your credit and debit card numbers from its computers. Approximately 20,500 of these numbers were obtained from the Fresno store transaction data. The data included credit and debit card numbers and in some instances expiration dates and other card data, but did not include customer name and address.

 
Information Source:
Dataloss DB
records from this breach used in our total: 98,930

May 5, 2009 Fulton County Board of Registration and Elections
Atlanta, Georgia
GOV PHYS

99,000

Boxes were found in a trash bin at Atlanta Technical College. They contained about 75,000 voter registration application cards and 24,000 precinct cards. Many of the documents contained personal information on active voters, such as full names and Social Security numbers.

 
Information Source:
Dataloss DB
records from this breach used in our total: 99,000

February 25, 2005 PayMaxx
Miramar, Florida
BSF DISC

100,000

A software glitch at PayMaxx Inc., a Franklin, Tenn., payroll processing company, accidentally revealed personal financial information on as many as 100,000 individuals, including Social Security numbers. The problem arose in a PayMaxx feature that enabled employees to use the Internet to get their W-2 forms, the standard tax information form issued by companies to their employees.

 
Information Source:
Dataloss DB
records from this breach used in our total: 100,000

August 9, 2005 University of Utah
Salt Lake City, Utah
EDU HACK

100,000

A server containing library archival databases was hacked.  The server included names and Social Security numbers of former University employees.  The University issued a warning that people may try to get personal information by posing as University officials involved in the investigation.

 
Information Source:
Dataloss DB
records from this breach used in our total: 100,000

September 10, 2005 Kent State University
Kent, Ohio
EDU STAT

100,000

Five desktop computers were stolen from the locked offices of two deans. Names, Social Security numbers, and grades were on the computers.  The information goes back to 2000 for students and 2002 for instructors.  Affected students and professors were alerted by the University.

 
Information Source:
Dataloss DB
records from this breach used in our total: 100,000

December 1, 2005 First Trust Bank
Memphis, Tennessee
BSF PORT

100,000

A man claiming to be a janitor bypassed security and stole a laptop from the bank.  The laptop contained Social Security numbers and other personal information of current and former customers.  Affected customers were contacted and the theft was caught on tape.

 
Information Source:
Dataloss DB
records from this breach used in our total: 100,000

July 7, 2006 Naval Safety Center, United States Navy
Norfolk, Virginia
GOV DISC

100,000

The SSNs and other personal information of more than 100,000 naval and Marine Corps aviators and air crew, both active and reserve, were exposed on the Center website and on 1,100 computer discs mailed to naval commands.

 
Information Source:
Dataloss DB
records from this breach used in our total: 100,000

May 5, 2007 Transportation Security Administration (TSA)
Crystal City, Virginia
GOV PORT

100,000

A computer hard drive containing payroll data from January 2002 to August 2005 including employee names, Social Security numbers, birth dates, bank account and routing information of current and former workers including airport security officers and federal air marshals was stolen.

UPDATE (5/14/07) The American Federation of Government Employees is suing the TSA for the loss of the hard drive. It calls the breach a violation of the Privacy Act.

 
Information Source:
Dataloss DB
records from this breach used in our total: 100,000

July 16, 2007 Transportation Security Administration (TSA)
Arlington, Virginia
GOV PORT

100,000

Authorities realized in May a storage device was missing from TSA headquarters. The drive contained historical payroll data, Social Security numbers, dates of birth, addresses, time and leave datas, bank account, routing information, and details about financial allotments and deductions.

 
Information Source:
Media
records from this breach used in our total: 100,000

Breach Total
929,676,448 RECORDS BREACHED
(Please see explanation about this total.)
from 4,421 DATA BREACHES made public since 2005
Showing 4151-4200 of 4421 results


X

Sign In!

Loading