Chronology of Data Breaches
Security Breaches 2005 - Present

Posted Date: April 20, 2005
Updated Date: December 31, 2013

Is this your first visit to our Chronology of Data Breaches?

  • Read our FAQ about what we define as a breached record, how we calculate the "total" records breached, our data sources, state breach notice laws, studies and other resources

  • Learn how to use our Chronology and take advantage of its sophisticated search and sort features

  • Get our RSS Feed to see when we add new breaches to the list

What would you like to do?


Click or unclick the boxes then select go.


Select features, then click GO.



Help Guide

Can't find the sort feature you're looking for? Click here to download a CSV file of the data breach list as it exisits today.
Breach Total
930,526,448 RECORDS BREACHED
(Please see explanation about this total.)
from 4,427 DATA BREACHES made public since 2005

Save or Print PDF of Entire Breach List including introduction.Save or Print a PDF of Entire Breach List (including introductory FAQ)

Filter breach list before saving or printing PDF. Conduct a search of the Chronology using its sorting features, and Save or Print a PDF of your search results (Select filters)

If you do not have access to PDF, you can print the Chronology in landscape view.

Date Made Publicsort icon Name Entity Type
June 10, 2005 Federal Deposit Insurance Corp. (FDIC)
Washington, District Of Columbia
GOV UNKN

6,000

Personal information including the names, birthdays, salaries, and Social Security numbers of former Federal Deposit Insurance Corporation employees was stolen.  Some of the information was used for fraudulent purposes.  Affected employees from as far back as July 2002 were notified.

 
Information Source:
Dataloss DB
records from this breach used in our total: 6,000

June 16, 2005 CardSystems
Tucson, Arizona
BSF HACK

40,000,000

The motion to dismiss by Savvis: http://www.box.net/shared/static/180zctq8dz.pdf

Over 40 million card accounts were exposed to potential fraud due to a security breach that occurred at a third-party processor of payment card transactions. Of the more than 40 million accounts exposed, information on 68,000 Mastercard accounts, 100,000 Visa accounts and 30,000 accounts from other card brands are known to have been exported by the hackers. The data exported included names, card numbers and card security codes.

UPDATE (2/23/2006) CardSystems agreed to settle Federal Trade Commission charges that it failed to take appropriate security measures to protect sensitive personal information. The company must implement a comprehensive security program and obtain audits every 2 years for 20 years.

UPDATE (5/12/2006) CardSystems filed for bankruptcy.

UPDATE (5/28/2009) Merrick Bank has launched a multi-million dollar lawsuit against Savvis, accusing the vendor of erroneously telling it that CardSystems Solutions complied with Visa and MasterCard security regulations less than a year before the payment processor's systems were hacked, compromising up to 40 million credit card accounts. Less than a year later the security breach occurred. Hackers were able to get hold of the data because CardSystems kept unencrypted card information on its servers - in contravention of the regulations for which Savvis certified it.

 
Information Source:
Dataloss DB
records from this breach used in our total: 40,000,000

June 17, 2005 Kent State University
Kent, Ohio
EDU PORT

1,400

A laptop containing the names, Social Security numbers, and in some cases birthdays of current and former University employees was stolen from a human resources administrator's car. 

 
Information Source:
Dataloss DB
records from this breach used in our total: 1,400

June 18, 2005 University of Hawai'i
Honolulu, Hawaii
EDU INSD

150,000

A former librarian with access to the personal information of students, faculty, staff and patrons was convicted of Social Security fraud.  The former librarian used Social Security information to obtain fraudulent loans.  The University used Social Security numbers to track who checked out library materials. At the time of the press release it was unclear whether any information had been stolen from the University.

 
Information Source:
Dataloss DB
records from this breach used in our total: 150,000

June 21, 2005 CVS
Woonsocket, Rhode Island
BSR DISC

Unknown

CASPIAN, a consumer privacy group, notified CVS of a security hole that allowed people to access information about purchases made by customers who used a CVS Corp. loyalty card. Anyone with someone's card number, zip code and the first three letters of the customer's last name could have a list of recent purchases sent to an email account. The company removed Internet access to the information. Fifty million loyalty cards have been issued.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

June 22, 2005 Eastman Kodak
Rochester, New York
BSO PORT

5,800

A password-protected laptop containing former employee names, Social Security numbers, birth dates, and benefits information was stolen from a consultant's car trunk. The consulting company has been identified as Hewitt Associates. Kodak sent letters and offered one-year of credit monitoring services and identity theft insurance covering up to $50,000 in fraud.

 
Information Source:
Dataloss DB
records from this breach used in our total: 5,800

June 25, 2005 University of Connecticut (UCONN)
Storrs, Connecticut
EDU HACK

72,000

University officials became aware of an October 26, 2003 hacking incident.  The personal information included Social Security numbers and addresses for students, faculty, and staff.  The University began contacting those affected in June of 2005.

 
Information Source:
Dataloss DB
records from this breach used in our total: 72,000

June 27, 2005 U.S. Department of Veterans Affairs
Minneapolis, Minnesota
GOV PORT

66

Note: exact month and date are unknown

A laptop being stored in the trunk of a car was stolen in Minneapolis, Minnesota. Two people later reported identity fraud problems.

 
Information Source:
Dataloss DB
records from this breach used in our total: 66

June 28, 2005 Lucas County Children Services
Toledo, Ohio
GOV DISC

900

Data from around 500 former and 400 current employees from as far back as 1991 were sent outside the organization via e-mail.  The data included names, Social Security numbers, and telephone numbers.  Current employees were contacted immediately and letters were sent to former employees.

 
Information Source:
Media
records from this breach used in our total: 900

June 29, 2005 Bank of America
Charlotte, North Carolina
BSF PORT

18,000

A laptop containing the names, Social Security numbers, and addresses of customers was stolen from a consultant's car.

 
Information Source:
Dataloss DB
records from this breach used in our total: 18,000

June 29, 2005 Medica Health Plans
Minnetonka, Minnesota
MED INSD

Unknown

It was discovered that two employees had engaged in unauthorized activities for an extended period of time.  The computer administrators were fired for sabotaging the company's computers and downloading data.  Sensitive information for 1.2 million Medica members may have been accessed.  The former employees prolonged their activities and avoided heavier punishment by hiding and destroying evidence of their activities. 

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

June 30, 2005 Ohio State University Medical Center, MTE Consulting
Columbus, Ohio
MED PORT

15,000

A laptop containing patient information was stolen from a financial consultant.  MTE Consulting notified OSU medical center a month after the laptop was stolen and OSU sent a brief letter to the affected clients.

 
Information Source:
Dataloss DB
records from this breach used in our total: 15,000

July 1, 2005 University of California San Diego
La Jolla, California
EDU HACK

3,300

A University server was hacked in April.  The server contained Social Security numbers, driver's license numbers, and credit card numbers from people who attended or worked at UCSD Extension between the time of the incident and 2000.  UCSD contacted those who were affected two months after the incident.

 
Information Source:
Dataloss DB
records from this breach used in our total: 3,300

July 6, 2005 City National Bank, Iron Mountain
Los Angeles, California
BSF PORT

Unknown

Two tapes containing Social Security numbers, account numbers, and other customer information were lost or stolen during transportation.  The tapes have been missing since April.  City National Bank notified its customers.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

July 7, 2005 Michigan State University
East Lansing, Michigan
EDU HACK

27,000

Student information was compromised during an attack on the College of Education server.  The information included Social Security numbers, names, addresses, student courses, and personal identification numbers.  The breach occurred in April and students were emailed in July.

 
Information Source:
Dataloss DB
records from this breach used in our total: 27,000

July 12, 2005 University of Southern California (USC)
Los Angeles, California
EDU DISC

270,000 possibly accessed, dozens exposed

A reporter contacted USC based on an individual's claim to be able to access personal information on college applicants online.  USC removed the site pending investigation and sent letters to affected individuals.

 
Information Source:
Security Breach Letter
records from this breach used in our total: 270,000

July 13, 2005 Arizona Biodyne
Phoenix, Arizona
MED PORT

57,000

Arizona Biodyne is an affiliate of Magellan Health Services and manages behavioral health for Blue Cross of Arizona.

A safe with computer backup tapes containing financial, personal and medical records was stolen from Arizona Biodyne.  Policyholders' addresses, phone numbers, dates of birth and Social Security numbers were among the personal information lost.  Partial treatment histories and doctor information for some patients was also lost.  

 
Information Source:
Dataloss DB
records from this breach used in our total: 57,000

July 21, 2005 University of Colorado, Boulder
Boulder, Colorado
EDU HACK

49,000

Prospective students, current students, staff, faculty and University health care service recipients may have had their data exposed in a campus server breach.  The information included names, Social Security numbers, addresses, student ID numbers, birth dates, and lab test information. The University mailed letters and sent emails to the individuals affected.

UPDATE (08/20/2005) The number of students affected was increased from an estimate of 42,000 to 49,000.

 
Information Source:
Dataloss DB
records from this breach used in our total: 49,000

July 30, 2005 San Diego County Employees Retirement Association
San Diego, California
GOV HACK

33,000

Two computers that contained personal information for current and retired San Diego County employees were hacked.  The information included names, addresses, Social Security numbers, and dates of birth.  The San Diego Retirement Association mailed warnings to members.

 
Information Source:
Dataloss DB
records from this breach used in our total: 33,000

July 30, 2005 California State University, Dominguez Hills
Carson, California
EDU HACK

9,613

Hackers accessed several computers containing personal information such as names and Social Security numbers.  The students who were affected were emailed.

 
Information Source:
Dataloss DB
records from this breach used in our total: 9,613

July 30, 2005 Austin Peay State University
Clarksville, Tennessee
EDU DISC

1,500

The University removed student Social Security numbers, grade point averages and names that were accidentally posted. A student alerted the University to the problem after searching his name and finding the information on the website. A school employee put the internal documents on the website to email other staff members the information, but forgot to remove the information from the website.

 
Information Source:
Dataloss DB
records from this breach used in our total: 1,500

July 31, 2005 California State Polytechnic University (Cal PolyPomona)
Pomona, California
EDU HACK

31,077

Hackers gained access to two computers containing names, Social Security numbers and transfer records.  Applicants, current students, current and former faculty, and staff were affected.

 
Information Source:
Dataloss DB
records from this breach used in our total: 31,077

August 2, 2005 University of Colorado
Denver, Colorado
EDU HACK

36,000

Hackers accessed files containing names, photographs, Social Security numbers, and University meal card information.  Around 7,000 staff members, 29,000 current students, and some former students were affected.

 
Information Source:
Dataloss DB
records from this breach used in our total: 36,000

August 4, 2005 Anderson College
Anderson, North Carolina
EDU PHYS

800

A bag with student resident hall assignments was found on campus. The paperwork also had the students' Social Security numbers. The documents were destroyed and a new program that will prevent unauthorized faculty and staff from accessing student Social Security numbers was developed.

 
Information Source:
Dataloss DB
records from this breach used in our total: 800

August 5, 2005 Madison Area Technical College
Madison, Wisconsin
EDU PHYS

100

A news crew found around 100 applications in a MATC dumpster. The applications showed names, contact information, Social Security numbers, birth dates, academic records and canceled checks. The applications and transcripts go back to at least 2002. The College agreed to lock the dumpster and destroy documents in a trash compactor on a more frequent basis. It did not state that it would begin shredding documents before dumping them.

 
Information Source:
Dataloss DB
records from this breach used in our total: 100

August 9, 2005 Sonoma State University
Rohnert Park, California
EDU HACK

61,709

Hackers broke into a computer system and may have accessed the names and Social Security numbers of people who applied, attended, or worked at the University between 1995 and 2002.  University officials attempted to notify those who were affected.

 
Information Source:
Dataloss DB
records from this breach used in our total: 61,709

August 9, 2005 University of Utah
Salt Lake City, Utah
EDU HACK

100,000

A server containing library archival databases was hacked.  The server included names and Social Security numbers of former University employees.  The University issued a warning that people may try to get personal information by posing as University officials involved in the investigation.

 
Information Source:
Dataloss DB
records from this breach used in our total: 100,000

August 9, 2005 Federal Reserve Bank of Dallas
Dallas, Texas
GOV PHYS

Unknown

A truck driver lost thousands of Federal Reserve Bank checks headed to Houston. It seems that the back door of the truck was not closed when the driver left the loading area. Paid and canceled checks with Social Security numbers, names, addresses and signatures were scattered on the highway between Dallas and Houston. Most of the checks were not recovered.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

August 10, 2005 University of North Texas
Denton, Texas
EDU HACK

39,000

A server containing housing records, financial aid inquiries, and in some cases credit card numbers was hacked.  UNT sent letters to current, former, and prospective students whose information may have been accessed.

 
Information Source:
Dataloss DB
records from this breach used in our total: 39,000

August 12, 2005 Verizon
New York, New York
BSR DISC

Unknown

A website flaw allowed customers to check the account details of other customers if they knew their phone numbers. Users' minutes and cell phone models could be viewed in this manner. This unintentional feature may have gone unnoticed for five years due to a glitch.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

August 17, 2005 California State University, Stanislaus
Turlock, California
EDU HACK

900

The names and Social Security numbers of student workers were exposed during a hacker attack.  The student workers were contacted by the University.

 
Information Source:
Dataloss DB
records from this breach used in our total: 900

August 19, 2005 University of Colorado
Denver, Colorado
EDU HACK

49,000

A hacker may have gained access to personal information from June of 1999 to May of 2001, and fall of 2003 to summer of 2005.  The information included current and former student names, Social Security numbers, addresses and phone numbers.  The University contacted individuals who were affected.

 
Information Source:
Dataloss DB
records from this breach used in our total: 49,000

August 22, 2005 U.S. Air Force
Washington, District Of Columbia
GOV HACK

33,300

A hacker used a legitimate user ID and password to access career information, birth dates, and Social Security numbers.  Those affected were notified several months after the breach was discovered.

 
Information Source:
Dataloss DB
records from this breach used in our total: 33,300

August 27, 2005 University of Florida, Health Sciences Center, ChartOne
Gainesville, Florida
EDU PORT

3,851

A contractor's laptop containing patient names, Social Security numbers, dates of birth, and medical record numbers was stolen.  A letter was sent to the affected patients.

 
Information Source:
Dataloss DB
records from this breach used in our total: 3,851

August 29, 2005 Iowa Student Loan
Des Moines, Iowa
BSF PORT

Unknown

A CD-Rom including Social Security numbers, last name and state of residence was lost while in transit from an outside business partner.

 
Information Source:
Security Breach Letter
records from this breach used in our total: 0

August 30, 2005 JP Morgan Chase & Co.
Dallas, Texas
BSF PORT

Unknown

A laptop was stolen on August 8th.  It contained personal and financial account information of customers.  Those affected were contacted.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

August 30, 2005 California State University, Chancellor's Office
Long Beach, California
EDU HACK

154

A computer virus attack exposed names and Social Security numbers. Those affected included two financial aid administrators and 152 students enrolled at various Cal State Universities.  Those affected were contacted.

 
Information Source:
Dataloss DB
records from this breach used in our total: 154

August 30, 2005 Stark State College of Technology
North Canton, Ohio
EDU DISC

7,058

Students attempting to access their grades, financial aid information and academic standing were able to view the information of other students. Social Security numbers, GPA, and course enrollment were viewable. A glitch is believed to be the source of the problem.

 
Information Source:
Dataloss DB
records from this breach used in our total: 7,058

September 2, 2005 Iowa Student Loan
West Des Moines, Iowa
BSF PORT

165,000

A compact disk containing personal information, including SSNs, was lost when shipped by private courier.

 
Information Source:
Dataloss DB
records from this breach used in our total: 165,000

September 10, 2005 Kent State University
Kent, Ohio
EDU STAT

100,000

Five desktop computers were stolen from the locked offices of two deans. Names, Social Security numbers, and grades were on the computers.  The information goes back to 2000 for students and 2002 for instructors.  Affected students and professors were alerted by the University.

 
Information Source:
Dataloss DB
records from this breach used in our total: 100,000

September 13, 2005 Fort Carson
Colorado Springs, Colorado
GOV PORT

9,300

Four computer hard drives were stolen from the Soldier Readiness Processing center during the weekend of August 20. Personnel records with names, Social Security numbers, ages, ranks, jobs, citizenship information and unit affiliations of soldiers, civilian federal employees and contractors who had been processed through the center since January were on the hard drives.

 
Information Source:
Dataloss DB
records from this breach used in our total: 9,300

September 15, 2005 Miami University
Hamilton, Ohio
EDU DISC

21,762

A report containing Social Security numbers and grades of students was accessible online for three years.  The University is attempting to contact those affected via letters and emails.  A graduate alerted the University to the exposure after running a Google.com search of her name.

 
Information Source:
Dataloss DB
records from this breach used in our total: 21,762

September 17, 2005 North Fork Bank (now Capital One Bank)
New York, New York
BSF PORT

9,000

A laptop containing mortgage data was stolen from a North Fork Bank office on the weekend of July 24 of 2005.  Personal information included names, addresses, and mortgage account numbers.  Affected customers were contacted and offered one year of free credit monitoring services from Equifax.

 
Information Source:
Dataloss DB
records from this breach used in our total: 9,000

September 19, 2005 Children's Health Council
San Jose, California
NGO PORT

5,000 - 6,700

A tape containing sensitive information was stolen from a Children's Health Council office. The tape contained names, Social Security numbers, and detailed medical information for around 6,000 current and former clients.  Payroll information for 700 current and former employees was also on the tape.  The agency alerted those who may be at risk of identity theft.

 
Information Source:
Dataloss DB
records from this breach used in our total: 6,700

September 22, 2005 City University of New York
New York, New York
EDU DISC

771

An unprotected payroll link exposed personal information for Hunter College Campus Schools.  Those affected included 335 Queens College law school students, 265 current workers and 171 former workers at local elementary and high schools.  All affected people were contacted.

 
Information Source:
Dataloss DB
records from this breach used in our total: 771

September 22, 2005 Internal Revenue Service (IRS)
San Francisco, California
GOV PHYS

30,000

Taxpayers in Alaska, Arizona, California, Hawaii, Idaho, Montana, Nevada, Ohio, Oregon, Utah, Virginia, Washington and Wyoming may have been affected.

A truck carrying checks with tax information for the self-employed was involved in an accident on the San Mateo Bridge. Wind blew about 30,000 pieces of mail into the bay and beyond. The IRS agreed to waive penalties and interest for anyone whose payment was affected.

 
Information Source:
Dataloss DB
records from this breach used in our total: 30,000

September 23, 2005 Bank of America
Charlotte, North Carolina
BSF PORT

Not disclosed

A laptop was stolen from a Bank of America service provider.  Information such as names, account numbers, routing transit numbers, and credit card numbers were compromised by the theft.  An unspecified number of Visa Buxx users were contacted by Bank of America.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

September 28, 2005 RBC Dain Rauscher
Minneapolis, Minnesota
BSF INSD

300,000 households (100 targeted)

Someone claiming to be a former employee obtained customer names, addresses, tax ID number, birth date and Dain Rauscher account number.  The former employee sent letters to over 100 customers and claimed that their personal information had been sold in retaliation against the company.

 
Information Source:
Dataloss DB
records from this breach used in our total: 100

September 29, 2005 University of Georgia
Athens, Georgia
EDU HACK

1,600

A hacker may have accessed the names and Social Security numbers of at least 1,600 people working for the College of Agricultural and Environmental Sciences.  The University is attempting to contact individuals who may have been affected.

 
Information Source:
Dataloss DB
records from this breach used in our total: 1,600

October 8, 2005 Blockbuster
New York, New York
BSR PHYS

Unknown

Hundreds of files were dumped in clear garbage bags on the street. Recent membership applications revealed customer names, birth dates, addresses, phone numbers, driver's license numbers, credit card number, credit card expiration date and signatures. For some strange reason, the applications also included customer Social Security numbers. The files were dumped after the store went out of business.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

Breach Total
930,526,448 RECORDS BREACHED
(Please see explanation about this total.)
from 4,427 DATA BREACHES made public since 2005
Showing 51-100 of 4427 results


X

Sign In!

Loading