Chronology of Data Breaches
Security Breaches 2005 - Present

Posted Date: April 20, 2005
Updated Date: December 31, 2013

Is this your first visit to our Chronology of Data Breaches?

  • Read our FAQ about what we define as a breached record, how we calculate the "total" records breached, our data sources, state breach notice laws, studies and other resources

  • Learn how to use our Chronology and take advantage of its sophisticated search and sort features

  • Get our RSS Feed to see when we add new breaches to the list

What would you like to do?


Click or unclick the boxes then select go.


Select features, then click GO.



Help Guide

Can't find the sort feature you're looking for? Click here to download a CSV file of the data breach list as it exisits today.
Breach Total
931,357,921 RECORDS BREACHED
(Please see explanation about this total.)
from 4,447 DATA BREACHES made public since 2005

Save or Print PDF of Entire Breach List including introduction.Save or Print a PDF of Entire Breach List (including introductory FAQ)

Filter breach list before saving or printing PDF. Conduct a search of the Chronology using its sorting features, and Save or Print a PDF of your search results (Select filters)

If you do not have access to PDF, you can print the Chronology in landscape view.

Date Made Publicsort icon Name Entity Type
August 18, 2006 Experian, LA Walker Company
Roseville, California
BSF HACK

30

Thirty New York residents and an unknown number of customers nationwide had their information accessed.  The unauthorized access by an Experian client resulted in the exposure of names, dates of birth, account numbers, Social Security numbers and addresses.

 
Information Source:
Dataloss DB
records from this breach used in our total: 30

August 21, 2006 U.S. Department of Education via contractor, DTI Associates
Washington, District Of Columbia
GOV PORT

43

Two laptops were stolen from DTI's office in downtown DC containing personal information on 43 grant reviewers for the Teacher Incentive Fund. DTI could not rule out that the data included SSNs.

 
Information Source:
Dataloss DB
records from this breach used in our total: 43

August 22, 2006 AFLAC American Family Life Assurance Co.
Greenville, South Carolina
BSF PORT

612 policyholders

(888) 794-2352

A laptop containing customers' personal information was stolen from an agent's car. It contained names, addresses, SSNs, and birth dates of 612 policyholders. They were notified Aug. 11.

 
Information Source:
Dataloss DB
records from this breach used in our total: 612

August 22, 2006 Beaverton School District
Beaverton, Oregon
EDU PHYS

1,600 employees

Time slips revealing personal information were missing and presumed stolen following a July 24 break-in at a storage shed on the administration office's property. The time slips included names and SSNs but not addresses.

 
Information Source:
Dataloss DB
records from this breach used in our total: 1,600

August 22, 2006 Beaumont Hospital
Troy, Michigan
MED PORT

28,473

A vehicle of a home health care nurse was stolen from outside a senior center Aug. 5. Although it was recovered nearby, a laptop left in the rear of the car was not recovered. It contained names, addresses, SSNs, and insurance information of home health care patients.

UPDATE (8/23/06). The laptop was returned Aug. 23 by a woman who said she found it in her yard.

 
Information Source:
Dataloss DB
records from this breach used in our total: 28,473

August 23, 2006 U.S. Department of Education, Direct Loan Servicing Online
Atlanta, Georgia
GOV DISC

21,000

http://www.dlssonline.com

A faulty Web site software upgrade resulted in personal information of 21,000 student loan holders being exposed on the U.S. Department of Education's loan Web site. Information included names, birthdates, SSNs, addresses, phone numbers, and in some cases, account information. Affiliated Computer Services Inc. is the contractor responsible for the breach. The breach did not include those whose loans are managed through private companies.

 
Information Source:
Dataloss DB
records from this breach used in our total: 21,000

August 25, 2006 Dominion Resources
Richmond, Virginia
BSO PORT

Unknown

Two laptops containing employee information were stolen earlier in August. It was not clear what type of data were included. No customer records were on the computers. Dominion operates a gas and electric energy distribution company.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

August 25, 2006 U.S. Department of Transportation, Federal Motor Carrier Safety Administration
Baltimore, Maryland
GOV PORT

193 (not added to total)

(800) 832-5660

A laptop that might contain personal information of people with commercial driver's licenses was stolen Aug. 22. FMCSA said the data might include names, dates of birth, and commercial driver's license numbers of 193 individuals from 40 trucking companies.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

August 25, 2006 Sovereign Bank
New Bedford, Massachusetts
BSF PORT

thousands of customers

Personal data may have been compromised when 3 managers' laptops were stolen from 2 separate locations in early August. Customers were notified Aug. 21. Sovereign serves New England and the Mid-Atlantic. The bank said the data included unspecified customer information, but not account data.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

August 25, 2006 Verizon Wireless
Basking Ridge, New Jersey
BSR DISC

5,210 (No SSNs or financial information reported)

A Microsoft Excel spreadsheet file with the information of 5,210 customers was accidentally distributed to 1,800 Verizon Wireless subscribers. The information included names, email addresses, cell phone numbers and cell phone models. The file was accidentally attached to an ad for a Bluetooth wireless headset.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

August 26, 2006 PortTix
Portland, Maine
BSO HACK

2,000

Credit card information for about 2,000 people who ordered tickets online through PortTix was accessed by someone who hacked into the Web site. PortTix is Merrill Auditorium's ticketing agency. The Web site was secured as of Aug. 24.

 
Information Source:
Dataloss DB
records from this breach used in our total: 2,000

August 26, 2006 University of South Carolina
Columbia, South Carolina
EDU HACK

6,000

TheState.com reported that the University of South Carolina warned 6,000 current and former students that their information, including Social Security numbers and birth dates, may have been breached when a server was accessed from outside the system.

 
Information Source:
Media
records from this breach used in our total: 6,000

August 27, 2006 New Mexico Administrative Office of the Courts
Santa Fe, New Mexico
GOV DISC

1,500 employees

For 8 days in late May, an unsecured document was exposed on the agency's FTP site on the state's computer server. It contained names, birth dates, SSNs, home addresses and other personal information of judicial branch employees. The FTP site was shut down June 2 and has since be redesigned.

 
Information Source:
Dataloss DB
records from this breach used in our total: 1,500

August 28, 2006 Copart, Inc.
Fairfield, California
BSR HACK

43,764 (No SSNs or financial information reported)

Hackers may have acquired the full names of customers, business and home addresses, telephone numbers, email addresses, driver's license numbers and possibly driver's license photographs. The website breach was discovered on July 17 and customers were notified on August 28. No Social Security numbers or financial information was accessed.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

August 29, 2006 Valley Baptist Medical Center
Harlingen, Texas
MED DISC

Unknown

 (877) 840-5999

A programming error on the hospital's web site exposed names, birth dates, and SSNs of healthcare workers in late August. The error was fixed but it is not known how long the personal information was compromised. The affected individuals are workers from outside the hospital who provide services and bill the hospital via an online form.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

August 29, 2006 AT&T via vendor that operates an order processing computer
San Francisco, California
BSO HACK

19,000

Computer hackers accessed credit card account data and other personal information of customers who purchased DSL equipment from AT&T's online store. The company is notifying fewer than 19,000 customers.

UPDATE (9/1/06). The breach was followed by a bogus phishing e-mail to those customers that attempted to trick them into revealing more info such as SSN and birthdate -- essential for crime of identity theft.

 
Information Source:
Dataloss DB
records from this breach used in our total: 19,000

August 29, 2006 Compass Health
Everett, Washington
MED PORT

Unknown

(800) 508-0059

Compass Health notified some of its clients that a laptop containing personal information, including SSNs, was stolen June 28. The agency serves people who suffer from mental illness.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

August 29, 2006 Wells Fargo, Paymap Inc., First Horizon Home Loans, Western Union
Memphis, Tennessee
BSF PORT

Unknown

Computer discs with sensitive customer information were stolen from a Paymap facility in September of 2005. People who were subscribers between 1999 and 2002 may have been affected. The theft was not discovered until an unrelated mail fraud investigation was in process. information included names, addresses, telephone numbers, Social Security numbers, loan account numbers, bank account information, copies of signatures and copies of voided or cleared personal checks.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

August 31, 2006 CoreLogic for ComUnity Lending
Sacramento, California
BSO STAT

Unknown

(877) 510-3700, identityprotection@corelogic.com. Exact date in August 2006 unknown.

In early August, CoreLogic notified customers of ComUnity Lending that a computer with customers' data was stolen from its office. Data included names, SSNs, and property addresses related to an existing or anticipated mortgage loan.

 
Information Source:
Security Breach Letter
records from this breach used in our total: 0

August 31, 2006 Labcorp
Monroe, New Jersey
MED STAT

Unknown

 (800) 788-9091 x3925

During a break-in June 4 or 5, a computer was stolen that contained names and SSNs, but according to the company did not have birth dates or lab test results.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

August 31, 2006 Diebold, Inc., GE Capital
Canton, Ohio
BSO PORT

Unknown

An employee's laptop was stolen containing employee information, including name, SSN, and if applicable, corporate credit card number.

 
Information Source:
Security Breach Letter
records from this breach used in our total: 0

September 1, 2006 Wells Fargo via unnamed auditor
San Francisco, California
BSF PORT

Unknown

In a letter dated Aug. 28, the company notified its employees that a laptop and data disk were stolen from the locked trunk of an unnamed auditor, hired to audit the employees' health plan. Data included names, SSNs, and information about drug claim cost and dates from 2005, but no prescription information said the company.

 
Information Source:
Security Breach Letter
records from this breach used in our total: 0

September 1, 2006 Virginia Commonwealth University (VCU)
Richmond, Virginia
EDU DISC

2,100 current and former students

http://old.ts.vcu.edu/security/id_exposure.html

Personal information of freshmen and graduate engineering students from 1998 through 2005 was exposed on the Internet for 8 months (Jan. - Aug.) due to human error. It was discovered by a student who used a search engine to find her name. The data included SSNs and e-mail addresses.

 
Information Source:
Dataloss DB
records from this breach used in our total: 2,100

September 1, 2006 City of Chicago via contractor Nationwide Retirement Solutions, Inc.
Chicago, Illinois
GOV PORT

38,443

(800) 638-1485, http://www.chicagofop.org/Updates/links/nrs.pdf

A laptop was stolen from the home of one of the contractor's employees in April 2005. It was reported to the city July 2006. Data included names, addresses, phone numbers, birth dates and SSNs for those in the city's deferred compensation plan.

 
Information Source:
Dataloss DB
records from this breach used in our total: 38,443

September 1, 2006 LandAmerica Credit Services, Inc., Diversified Capital
San Jose, California
BSF HACK

124

A hacker may have accessed personal information.  A customer named Diversified Capital noticed unusual activity on its account.  An investigation revealed that the unauthorized access was most likely the result of a stolen password or unauthorized use of the password.  The breach was first noticed on July 17 and notification was sent on August 10.

 
Information Source:
Dataloss DB
records from this breach used in our total: 124

September 5, 2006 Transportation Security Administration (TSA) via Accenture
Washington, District Of Columbia
GOV DISC

1,195 former TSA employees

In late August 2006, Accenture, a contractor for TSA mailed documents containing former employees' SSN,, date of birth, and salary information to the wrong addresses due to an administrative error.

 
Information Source:
Dataloss DB
records from this breach used in our total: 1,195

September 5, 2006 TLM Partners LP
Palm Beach, Florida
BSF PORT

Unknown

Two backup computer tapes were stolen from a vehicle during a June 8 theft. The tapes contained names, addresses and Social Security numbers. The tapes were discovered missing on July 6 and an unknown number of affected clients were notified on July 11. At least two New York residents were affected.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

September 5, 2006 Disney Worldwide Services, Inc.
Burbank, California
BSR PORT

23

A laptop with former employee information was stolen.  The information included names, Social Security numbers, phone numbers, dates of birth, gender, marital status, workplace email and compensation information. At least 23 New York residents were affected, but the number of affected former employees nationwide was not reported.

 
Information Source:
Dataloss DB
records from this breach used in our total: 23

September 7, 2006 Florida National Guard
Bradenton, Florida
GOV PORT

100

A laptop computer was stolen from a soldier's vehicle contained training and administrative records, including Social Security numbers of up to 100 Florida National Guard soldiers.

 
Information Source:
Dataloss DB
records from this breach used in our total: 100

September 7, 2006 Circuit City and Chase Card Services, a division of JP Morgan Chase & Co.
Wilmington, Delaware
BSF PORT

2.6 million past and current Circuit City credit cardholders

Chase Card Services mistakenly discarded 5 computer data tapes in July containing Circuit City cardholders' personal information.

 
Information Source:
Security Breach Letter
records from this breach used in our total: 2,600,000

September 7, 2006 Liberty Mutual Insurance Company
Rancho Cordova, California
BSF PORT

672

A laptop was stolen from an employee's car on July 14. Names and Social Security numbers of employees of Liberty's insureds were exposed. Analysis of the breach was completed on August 22 and notifications were sent in early September.

 
Information Source:
Dataloss DB
records from this breach used in our total: 672

September 7, 2006 Mystic Stamp Company
Camden, New York
BSR HACK

13

The website fell victim to an SQL injection attack. Hackers accessed the website database and obtained customer names, addresses, credit card numbers and expiration dates. The breach was discovered on August 29 and the website's charge card function was disabled.

 
Information Source:
Dataloss DB
records from this breach used in our total: 13

September 8, 2006 Linden Lab, Second Life
San Francisco, California
BSO HACK

Unknown

http://blog.secondlife.com/2006/09/08/urgent-security-announcement/

On Sept. 6, Linden Lab discovered that a hacker accessed its Second Life database through web servers. The affected data included unencrypted account names, real life names, and contact information, plus encrypted account passwords and payment information. Second Life is a 3-D virtual world.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

September 8, 2006 University of Minnesota
Minneapolis, Minnesota
EDU STAT

13,084 students including SSNs of 603 students

On August 14-15 eve, two computers were stolen from the desk of an Institute of Technology employee, containing information on students who were freshmen from 1992-2006 -- including names, birthdates, addresses, phone numbers, high schools attended, student ID numbers, grades, test scores, and, academic probation. SSNs of 603 students were also exposed.

 
Information Source:
Dataloss DB
records from this breach used in our total: 603

September 8, 2006 Berks County Sheriff's Office via contractor Canon Technology Solutions
Reading, Pennsylvania
GOV DISC

25,000

A confidential list of some of the County's 25,000 gun permit holders was exposed on the Web by the contractor that is developing a Web-based computer records program for the Sheriff's Office. Personal information included names, addresses and SSNs.

UPDATE (10/6/06): The Berks County solicitor's office says the entire list of more than 25,000 gun permit holders was exposed.

 
Information Source:
Dataloss DB
records from this breach used in our total: 25,000

September 9, 2006 Cleveland Clinic
Naples, Florida
MED INSD

1,100 patients

(866) 907-0675

A clinic employee stole personal information from electronic files and sold it to her cousin, owner of Advanced Medical Claims, who used it to file fraudulent Medicare claims totaling more than $2.8 million. Information included names, SSNs, birthdates, addresses and other details. Both individuals were indicted.

 
Information Source:
Dataloss DB
records from this breach used in our total: 1,100

September 9, 2006 Discover Bank
Greenwood, Delaware
BSF PORT

11

At least 11 residents of New York were affected, but the total number of affected clients was not released.

A laptop was stolen from a bank employee's home.  The laptop contained bank account information and Social Security numbers.

 
Information Source:
Dataloss DB
records from this breach used in our total: 11

September 9, 2006 Action Capital Mortgage Services, Inc.
Poughkeepsie, New York
BSF STAT

923

An encrypted server was stolen during an August 23 office burglary. Customer information was lost.

 
Information Source:
Dataloss DB
records from this breach used in our total: 923

September 11, 2006 Telesource via Veksta
Indianapolis, Indiana
BSO PHYS

Unknown

Employees discovered their personnel files in a Dumpster after the company had been bought out by another company Vekstar. The files were discarded when the office was being cleaned out and shut down. Files contained SSNs, dates of birth and photocopies of SSN cards and driver's licenses.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

September 12, 2006 City of Paris Kentucky
Paris, Kentucky
GOV PORT

130

A portable drive that contained the personal information of current and former city employees was lost or stolen in August. Employee names, Social Security numbers and dates of birth were lost.

 
Information Source:
Dataloss DB
records from this breach used in our total: 130

September 13, 2006 American Family Insurance Group
Madison, Wisconsin
BSF PORT

2,089 customers

The office of an insurance agent was broken into and robbed last July. Among the items stolen was a laptop with customers' names, SSNs, and driver's license numbers.

 
Information Source:
Dataloss DB
records from this breach used in our total: 2,089

September 14, 2006 Nikon Inc. and Nikon World Magazine
Melville, New York
BSR DISC

3,235 magazine subscribers

Workers at a Montgomery, AL, camera store discovered that subscription information for the magazine Nikon World was exposed on the Web for at least 9 hours. Data included subscribers' names, addresses and credit card numbers.

 
Information Source:
Dataloss DB
records from this breach used in our total: 3,235

September 14, 2006 Illinois Department of Corrections (IDOC)
Springfield, Illinois
GOV PHYS

16,500

A document containing employees' personal information was found outside the agency's premises where it should not have been. It has since been retrieved. Information included employees' names, SSNs, and salaries.

 
Information Source:
Dataloss DB
records from this breach used in our total: 16,500

September 14, 2006 GreenPoint Mortgage Funding Inc.
Novato, California
BSF PORT

44

A GreenPoint payment processing vendor's storage facility was robbed of several computer disks. The disks contained customer names, addresses, telephone numbers, Social Security numbers, signatures, loan account numbers, bank account information and copies of voided and cleared personal checks.

 
Information Source:
Dataloss DB
records from this breach used in our total: 44

September 15, 2006 Mercy Medical Center
Merced, California
MED PORT

295

A memory stick containing patient information was found July 18 by a local citizen on the ground at the County Fairgrounds near the hospital's information booth. It was returned to the hospital four weeks later. Data included names, SSNs, dates of birth, and medical records.

 
Information Source:
Dataloss DB
records from this breach used in our total: 295

September 15, 2006 Whistle Junction restaurant
Orlando, Florida
BSO PHYS

Unknown

Personnel files of employees of the now-closed restaurant were found in a nearby Dumpster. Papers included names and SSNs of former employees,

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

September 15, 2006 University of Texas San Antonio
San Antonio, Texas
EDU HACK

64,000

A hacker may have gained access to student and staff names, addresses and Social Security numbers.  Students who received financial aid or worked at the University were affected.  The breach was discovered during a routine risk assessment of the University's computer servers.

 
Information Source:
Dataloss DB
records from this breach used in our total: 64,000

September 15, 2006 Columbia University
New York, New York
EDU INSD

1,132

A temporary employee accessed the personal information of some University employees and used it to establish at least one fraudulent account. The former temp had access to the names, Social Security numbers, addresses, telephone numbers and direct deposit bank account information of a group of employees. The University discovered the breach on August 15 and began notifying affected individuals on August 18.

 
Information Source:
Dataloss DB
records from this breach used in our total: 1,132

September 15, 2006 Harlem Hospital Center, New York City Health and Hospitals Corporation
New York, New York
MED PORT

4,000

A computer hard drive was lost or stolen sometime around September 8. The hard drive contained the names and Social Security numbers of current and former Harlem Hospital employees.

 
Information Source:
Dataloss DB
records from this breach used in our total: 4,000

September 16, 2006 Michigan Department of Community Health
Detroit, Michigan
GOV PORT

4,000

Residents who participated in a scientific study were notified that a flash drive was discovered missing as of Aug. 4, and likely stolen, from an MDCH office.The portable memory device contained names, addresses, phone numbers, dates of birth, and SSNs of participants. The study tracked the long-term exposure to flame retardents ingested by residents in beef and milk.

 
Information Source:
Dataloss DB
records from this breach used in our total: 4,000

Breach Total
931,357,921 RECORDS BREACHED
(Please see explanation about this total.)
from 4,447 DATA BREACHES made public since 2005
Showing 401-450 of 4447 results


X

Sign In!

Loading