Chronology of Data Breaches
Security Breaches 2005 - Present

Posted Date: April 20, 2005
Updated Date: December 31, 2013

Is this your first visit to our Chronology of Data Breaches?

  • Read our FAQ about what we define as a breached record, how we calculate the "total" records breached, our data sources, state breach notice laws, studies and other resources

  • Learn how to use our Chronology and take advantage of its sophisticated search and sort features

  • Get our RSS Feed to see when we add new breaches to the list

What would you like to do?


Click or unclick the boxes then select go.


Select features, then click GO.



Help Guide

Can't find the sort feature you're looking for? Click here to download a CSV file of the data breach list as it exisits today.
Breach Total
864,188,052 RECORDS BREACHED
(Please see explanation about this total.)
from 4,252 DATA BREACHES made public since 2005

Save or Print PDF of Entire Breach List including introduction.Save or Print a PDF of Entire Breach List (including introductory FAQ)

Filter breach list before saving or printing PDF. Conduct a search of the Chronology using its sorting features, and Save or Print a PDF of your search results (Select filters)

If you do not have access to PDF, you can print the Chronology in landscape view.

Date Made Public Name Entity Type
August 25, 2006 Dominion Resources
Richmond, Virginia
BSO PORT

Unknown

Two laptops containing employee information were stolen earlier in August. It was not clear what type of data were included. No customer records were on the computers. Dominion operates a gas and electric energy distribution company.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

August 25, 2006 U.S. Department of Transportation, Federal Motor Carrier Safety Administration
Baltimore, Maryland
GOV PORT

193 (not added to total)

(800) 832-5660

A laptop that might contain personal information of people with commercial driver's licenses was stolen Aug. 22. FMCSA said the data might include names, dates of birth, and commercial driver's license numbers of 193 individuals from 40 trucking companies.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

August 25, 2006 Sovereign Bank
New Bedford, Massachusetts
BSF PORT

thousands of customers

Personal data may have been compromised when 3 managers' laptops were stolen from 2 separate locations in early August. Customers were notified Aug. 21. Sovereign serves New England and the Mid-Atlantic. The bank said the data included unspecified customer information, but not account data.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

August 29, 2006 Valley Baptist Medical Center
Harlingen, Texas
MED DISC

Unknown

 (877) 840-5999

A programming error on the hospital's web site exposed names, birth dates, and SSNs of healthcare workers in late August. The error was fixed but it is not known how long the personal information was compromised. The affected individuals are workers from outside the hospital who provide services and bill the hospital via an online form.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

August 29, 2006 Compass Health
Everett, Washington
MED PORT

Unknown

(800) 508-0059

Compass Health notified some of its clients that a laptop containing personal information, including SSNs, was stolen June 28. The agency serves people who suffer from mental illness.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

August 31, 2006 Labcorp
Monroe, New Jersey
MED STAT

Unknown

 (800) 788-9091 x3925

During a break-in June 4 or 5, a computer was stolen that contained names and SSNs, but according to the company did not have birth dates or lab test results.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

August 31, 2006 Diebold, Inc., GE Capital
Canton, Ohio
BSO PORT

Unknown

An employee's laptop was stolen containing employee information, including name, SSN, and if applicable, corporate credit card number.

 
Information Source:
Security Breach Letter
records from this breach used in our total: 0

September 1, 2006 Wells Fargo via unnamed auditor
San Francisco, California
BSF PORT

Unknown

In a letter dated Aug. 28, the company notified its employees that a laptop and data disk were stolen from the locked trunk of an unnamed auditor, hired to audit the employees' health plan. Data included names, SSNs, and information about drug claim cost and dates from 2005, but no prescription information said the company.

 
Information Source:
Security Breach Letter
records from this breach used in our total: 0

September 8, 2006 Linden Lab, Second Life
San Francisco, California
BSO HACK

Unknown

http://blog.secondlife.com/2006/09/08/urgent-security-announcement/

On Sept. 6, Linden Lab discovered that a hacker accessed its Second Life database through web servers. The affected data included unencrypted account names, real life names, and contact information, plus encrypted account passwords and payment information. Second Life is a 3-D virtual world.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

September 11, 2006 Telesource via Veksta
Indianapolis, Indiana
BSO PHYS

Unknown

Employees discovered their personnel files in a Dumpster after the company had been bought out by another company Vekstar. The files were discarded when the office was being cleaned out and shut down. Files contained SSNs, dates of birth and photocopies of SSN cards and driver's licenses.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

September 15, 2006 Whistle Junction restaurant
Orlando, Florida
BSO PHYS

Unknown

Personnel files of employees of the now-closed restaurant were found in a nearby Dumpster. Papers included names and SSNs of former employees,

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

September 21, 2006 Pima County Health Department
Tucson, Arizona
GOV PHYS

2,500 (no SSNs or financial information reported)

Vaccination records on 2,500 clients had been left in the trunk of a car that was stolen Sept. 12. The car and records have since been recovered. Records included names, dates of birth and ZIP codes, but no SSNs or addresses.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

September 21, 2006 U.S. Department of Commerce and Census Bureau
Washington, District Of Columbia
GOV PORT

Unknown

https://www.census.gov/Press-Release/www/releases/archives/miscellaneous/007497.html

The agency reported that 1,137 laptops have been lost or stolen since 2001. Of those, 672 were used by the Census Bureau, with 246 of those containing personal data. Secretary Gutierrez said the computers had protections to prevent a breach of personal information.

 
Information Source:
Media
records from this breach used in our total: 0

September 22, 2006 Several Indianapolis pharmacies
Indianapolis, Indiana
MED PHYS

Unknown

Earlier this year a local TV reporter from WTHR found that dozens of pharmacies disposed of customer records in unsecured garbage bins. Now the Indiana Board of Pharmacy has launched an investigation of 30 pharmacies. Both the Board and the Attorney General say that the pharmacies violated state law.

 
Information Source:
Media
records from this breach used in our total: 0

October 3, 2006 Willamette Educational Service District (ESD)
Salem, Oregon
EDU STAT

4,500 Oregon high school students [not included in total because not thought to contain sensitive info. such as SSNs]

Seven computers stolen from a Willamette Educational Service District office were believed to contain personal information of 4,500 Oregon high school students. Backup tapes indicate the computers hold information about the students' school clubs but do not contain sensitive information.

 
Information Source:
Media
records from this breach used in our total: 0

October 3, 2006 Picatinny Arsenal
Rockaway, New Jersey
GOV UNKN

Unknown

 If you have tips, call (973) 989-0652

28 computers are missing from the Picatinny Arsenal, a Department of Defense Weapons Research Center. The computers were reported lost or stolen over the last two years. None of the computers was encrypted. Officials state the computers did not contain classified information.

 
Information Source:
Media
records from this breach used in our total: 0

October 4, 2006 Orange County Controller
Orlando, Florida
GOV DISC

Unknown

A Florida woman discovered her marriage license was visible on the Orange County (FL) controller's Web site with no information blacked out, not even SSNs. She discovered the breach because someone had applied for a loan in her name. The Orange County Comptroller is reportedly paying a vendor $500,000 to black out all SSNs by January 2008.

 
Information Source:
Media
records from this breach used in our total: 0

October 5, 2006 San Juan Capistrano Unified School District (CA)
San Juan Capistrano, California
EDU STAT

Unknown

Five computers stolen from the HQ of San Juan Capistrano Unified School District likely contain the names, SSNs and dates of birth of district employees enrolled in an insurance program.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

October 12, 2006 U.S. Census Bureau
Washington, District Of Columbia
GOV PORT

Unknown

Additional location: Travis Co., TX

This spring, residents of Travis County, TX helped the Census Bureau test new equipment. When the test period ended, 15 devices were unaccounted for. The Census Bureau and the Commerce Department issued a press release saying the devices held names, addresses and birthdates, but not income or SSNs.

 
Information Source:
Media
records from this breach used in our total: 0

October 12, 2006 Congressional Budget Office
Washington, District Of Columbia
GOV HACK

Unknown

Hackers broke into the Congressional Budget Office's mailing list and sent a phishing e-mail that appeared to come from the CBO.

 
Information Source:
Media
records from this breach used in our total: 0

October 13, 2006 Ohio Ethics Commission
Columbus, Ohio
GOV PHYS

Unknown

Papers belonging to the Ohio Ethics Commission were found floating on the wind in an alley. The documents are related to state employees' finances and contained SSNs and financial statements. They were supposed to be in the possession of the state archives.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

October 16, 2006 Germanton Elementary School
Germanton, North Carolina
EDU STAT

Unknown

A computer stolen from Germanton Elementary school holds students' SSNs. The data on the computer are encrypted.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

October 16, 2006 VISA, FirstBank (1st Bank)
Lakewood, Colorado
BSF UNKN

Unknown

FirstBank sent a letter to an unknown number of customers informing them their FirstTeller Visa Check Card numbers were compromised when someone accessed “a merchant card processor's transaction database.” The FirstBank letter said customers would receive new cards by October 27.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

October 24, 2006 Jacobs Neurological Institute
Buffalo, New York
MED PORT

Unknown

The laptop of a research doctor was stolen from her locked office at the Institute. It included records of patients and her research data.

 
Information Source:
Media
records from this breach used in our total: 0

October 25, 2006 Tuscarawas County and Warren County
Tuscarawas County, Ohio
GOV DISC

Unknown

Additional location: Warren County, OH

The Social Security numbers of some Tuscarawas and Warren County voters were available on the LexisNexis Internet database service. Local boards of elections may be the source of the information. 

UPDATE (11/1/06): LexisNexis says it has now removed the SSNs.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

October 26, 2006 Empire Equity Group
Charlotte, North Carolina
BSF PHYS

Unknown

Mortgage files that included personal financial details about loan applicants were found in a dumpster. Empire Equity will pay $12,500 to the State of NC.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

October 27, 2006 Hancock Askew & Co.
Savannah, Georgia
BSO PORT

Unknown

On October 5, 2006, a laptop computer containing 401(k) information for employees of at least one company (Atlantic Plastics, Inc.) was stolen from accounting firm Hancock Askew.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

November 11, 2006 Hertz Global Holdings, Inc.
Oklahoma City, Oklahoma
BSO INSD

Unknown

1-888-222-8086

The names and Social Security numbers of Hertz employees dating back to 2002 were discovered on the home computer of a former employee.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

November 2, 2006 Greater Media, Inc.
Philadelphia, Pennsylvania
BSO PORT

Unknown

A laptop computer containing the Social Security numbers of the radio broadcasting company's current and former employees was stolen from their Philadelphia offices.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

November 3, 2006 Wesco
Muskegon, Michigan
BSR CARD

Unknown

Wesco gas stations experienced a breach in credit card transactions from July 25-Sept. 7 resulting in inaccurate charges to customer accounts.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

November 3, 2006 Several Joliet area motels
Joliet, Illinois
BSO INSD

Unknown

Motel owners and employees allegedly stole and sold customers' credit card numbers.

 
Information Source:
Media
records from this breach used in our total: 0

November 16, 2006 American Cancer Society (ACS)
Louisville, Kentucky
NGO PORT

Unknown

Headquarters in Atlanta, GA.  If you have tips, call (502) 574-5673

An unspecified number of laptop computers were stolen from the Louisville offices of the American Cancer Society. It is not clear what personal information was exposed, if any.

 
Information Source:
Media
records from this breach used in our total: 0

November 20, 2006 Administration for Children's Services
New York, New York
GOV PHYS

200 (No reports of SSNs or financial information)

More than 200 case files from the Emergency Children's Services Unit of ACS were found on the street in a plastic garbage bag. The files contain sensitive information of families, social workers and police officers.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

November 28, 2006 Kaiser Permanente Colorado-- Skyline and Southwest offices
Denver, Colorado
MED PORT

38,000 (No SSNs or financial information reported)

 For members who have questions: (866) 529-0813

A laptop was stolen from the personal car of a Kaiser employee in California on Oct. 4. It contained names, Kaiser ID number, date of birth, gender, and physician information. The data did not include SSNs.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

November 29, 2006 Gundersen Lutheran Medical Center
LaCrosse, Wisconsin
MED INSD

unknown

A Medical Center employee used patient information, including SSNs and dates of birth, to apply for credit cards in their names. As patient liaison, her duties included insurance coverage, registration, and scheduling appointments. She was arrested for 37 counts of identity theft, and was convicted of identity theft and uttering forged writing, according to the criminal complaint.

 
Information Source:
Media
records from this breach used in our total: 0

December 5, 2006 Army National Guard 130th Airlift Wing
Charleston, West Virginia
GOV PORT

Unknown

A laptop was stolen from a member of the unit while he was attending a training course. It contained names, SSNs, and birth dates of everyone in the 130th Airlift Wing.

 
Information Source:
Media
records from this breach used in our total: 0

December 22, 2005 H&R Block
Kansas City, Missouri
BSO DISC

Unknown

Many past and present customers received unsolicited copies of the program TaxCut that displayed their Social Security numbers on the outside, embedded in a lengthy string of code.

 
Information Source:
Security Breach Letter
records from this breach used in our total: 0

December 14, 2006 Bank of America
Charlotte, North Carolina
BSF INSD

Unknown

A former contractor for Bank of America unauthorizedly accessed the personal information (name, address, phone number, Social Security number) of an undisclosed number of customers, for the purpose of committing fraud.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

December 20, 2006 Lakeland Library Cooperative
Grand Rapids, Michigan
GOV DISC

15,000 (No SSNs or financial information reported)

Lakeland Library Cooperative serves 80 libraries in eight counties.

Personal information of 15,000 library users in West Michigan was displayed on the Cooperative's Web site due to a technical problem. Information exposed included names, phone numbers, e-mail addresses, street addresses, and library card numbers. Children's names were also listed along with their parents' names on a spreadsheet document. The information has since been removed.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

December 20, 2006 Deb Shops, Inc.
Philadelphia, Pennsylvania
BSR HACK

Unknown

(800) 460-9704

A hacker illegally accessed company Web pages and a related data base used for Internet-based purchases. The intruder may have accessed customers' credit card information including names on cards and credit card numbers.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

January 2, 2007 Notre Dame University
Notre Dame, Indiana
EDU PORT

Unknown

Additional location: South Bend, IN

A University Director's laptop was stolen before Christmas. It contained personal information of employees, including names, SSNs, and salary information.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

January 2, 2007 News accounts are not clear as to source, but thought to be a realty office
Las Vegas, Nevada
BSO PHYS

Unknown

About 40 boxes of financial paperwork, thought to be from loan applications, was found in a dumpster. One of the boxes visible to news reporters was said to contain paperwork with bank account details, photocopies of driver's licenses, SSNs and other private information.

 
Information Source:
Media
records from this breach used in our total: 0

January 5, 2007 Dr. Baceski's office, internal medicine
Somerset, Pennsylvania
MED PORT

hundreds of patients

A hard drive was stolen containing personal information on hundreds of patients.

 
Information Source:
Media
records from this breach used in our total: 0

January 10, 2007 University of Arizona
Tucson, Arizona
EDU UNKN

Unknown

Breaches occurred in November and December 2006 that affected services with UA Student Unions, University Library, and UA Procurement and Contracting Services. Some services were shut down for several days.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

January 16, 2007 University of New Mexico
Albuquerque, New Mexico
EDU STAT

Unknown

At least 3 computers and 4 monitors were stolen from the associate provost's office overnight between Jan. 2 and 3. They may have included faculty members' names and SSNs.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

January 19, 2007 U.S. Internal Revenue Service via City of Kansas City
Kansas City, Missouri
GOV PORT

Unknown

26 IRS computer tapes containing taxpayer information were reported missing after they were delivered to City Hall. They potentially contain taxpayers' names, SSNs, bank account numbers, or employer information. The 26 tapes were the entire shipment received by the City last August. The disappearance was noticed late December 2006.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

January 22, 2007 U.S. Department of Veterans Affairs
Seattle, Washington
GOV PHYS

Unknown

Folders of veterans' personal information were stolen from a locked car in Bremerton, WA. News stories are not clear on the type of information contained in the folders.

 
Information Source:
Media
records from this breach used in our total: 0

January 25, 2007 Clay High School
Oregon, Ohio
EDU HACK

Unknown

A former high school student obtained sensitive staff and student information through an apparent security breach. The data was copied onto an iPod and included names, birth dates, SSNs, addresses, and phone numbers.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

January 29, 2007 Mendoza College of Business, Notre Dame University
Notre Dame, Indiana
EDU DISC

Unknown

Additional location: South Bend, Indiana

A file of individuals who took the GMAT test (Graduate Management Admissions Test) was mistakenly left on a computer that was decommissioned. The computer was later reactivated and plugged into the Internet. Its files were available through a file-sharing program. Data included names, scores, SSNs and demographic information from 2001.

 
Information Source:
Media
records from this breach used in our total: 0

February 2, 2007 Indian Consulate via Haight Ashbury Neighborhood Council recycling center
San Francisco, California
GOV PHYS

Unknown

Visa applications and other sensitive documents were accessible for more than a month in an open yard of a recycling center. Information included applicants' names, addresses, phone numbers, birthdates, professions, employers, passport numbers, and photos. A sampling of documents indicated that the paperwork included everyone who applied in the Western states from 2002-2005. Applicants were current and former executives of major Bay Area companies that have operations in India.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

Breach Total
864,188,052 RECORDS BREACHED
(Please see explanation about this total.)
from 4,252 DATA BREACHES made public since 2005
Showing 51-100 of 4252 results


X

Sign In!

Loading