Chronology of Data Breaches
Security Breaches 2005 - Present

Posted Date: April 20, 2005
Updated Date: December 31, 2013

Is this your first visit to our Chronology of Data Breaches?

  • Read our FAQ about what we define as a breached record, how we calculate the "total" records breached, our data sources, state breach notice laws, studies and other resources

  • Learn how to use our Chronology and take advantage of its sophisticated search and sort features

  • Get our RSS Feed to see when we add new breaches to the list

What would you like to do?


Click or unclick the boxes then select go.


Select features, then click GO.



Help Guide

Can't find the sort feature you're looking for? Click here to download a CSV file of the data breach list as it exisits today.
Breach Total
931,357,921 RECORDS BREACHED
(Please see explanation about this total.)
from 4,447 DATA BREACHES made public since 2005

Save or Print PDF of Entire Breach List including introduction.Save or Print a PDF of Entire Breach List (including introductory FAQ)

Filter breach list before saving or printing PDF. Conduct a search of the Chronology using its sorting features, and Save or Print a PDF of your search results (Select filters)

If you do not have access to PDF, you can print the Chronology in landscape view.

Date Made Public Name Entity Type
August 20, 2007 University of Toledo
Toledo, Ohio
EDU PORT

Unknown

A laptop computer has been stolen from an office in the Student Recreation Center that contained some student and employee names and Social Security numbers.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

August 21, 2007 Walter Reed Army Institute of Research
Silver Spring, Maryland
GOV PHYS

Unknown

Boxes of documents containing personal information were supposed to be shredded but instead turned up last week in an off-base trash bin. Police do not believe anyone had access to the information other than the person who found the records. An investigation is under way to determine precisely what information they held and why they appeared off base.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

August 21, 2007 West Virginia Board of Barbers and Cosmetologists
Charleston, West Virginia
BSO UNKN

Unknown

Every barber and cosmetologist licensed in the state of West Virginia since 1986 could now potentially be a victim of identity theft. Someone broke into the second floor office of the Board of Barbers and Cosmetologists and stole a safe. The director of the agency says the safe contains the personal information of thousands of hair dressers.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

August 23, 2007 New York City Financial nformation Services Agency
New York, New York
GOV PORT

280,000 Not added to total. It is not clear that SSNs or financial account numbers were exposed.

A laptop loaded with financial information on as many as 280,000 city retirees was stolen from a consultant who took the computer to a restaurant.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

August 23, 2007 Loomis Chaffee School
Windsor, Connecticut
EDU UNKN

Unknown

Valuable computer equipment, including two large storage devices were stolen during a night time burglary from the locked IT facility on campus. The stolen storage devices contained information about some recent graduates of the school, including their names, Social Security numbers, and contact information from their days as students at the school.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

August 23, 2007 Monster.com
Maynard, Massachusetts
BSO HACK

Unknown

http://help.monster.com/besafe/

Monster announced that the details of some 1.6 million job seekers had been stolen. Fewer than 5,000 of those 1.6 million users affected are based outside the United States. The information stolen was limited to names, addresses, phone numbers and email addresses, and no other details including bank account numbers were uploaded.

UPDATE (8/29/07) : Hackers have stolen the names, e-mail addresses and telephone numbers of about 146,000 subscribers to USAJOBS.gov. The hackers accessed the information from the resume database run by Monster.com, which provides the technology for USAJOBS.gov. Monster Worldwide told OPM that no Social Security numbers were compromised.

 
Information Source:
Media
records from this breach used in our total: 0

August 27, 2007 University of Illinois
Champaign-Urbana, Illinois
EDU DISC

5,247 Not added to total. It does not appear that SSNs or financial account numbers were exposed.

An e-mail sent Aug. 24 to about 700 University of Illinois engineering students contained a spreadsheet listing personal information, including addresses and grade point averages, of thousands of students. The spreadsheet attached to the mass mail did not contain Social Security numbers or the students' university identification numbers. But, the person who sent the mass e-mail attached a spreadsheet containing information on all 5,247 students in the College of Engineering. The spreadsheet included each student's name, e-mail address, major, gender, race and ethnicity, class, date admitted, spring 2007 grade point average, cumulative GPA, plus local address and phone number.

 
Information Source:
Media
records from this breach used in our total: 0

August 30, 2007 Maryland Department of the Environment
Annapolis, Maryland
GOV PORT

Unknown

A laptop computer containing personal information on people with state licenses has been stolen from a vehicle. It contains four databases that include personal information related to licenses issued by four state boards.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

August 30, 2007 AT&T
San Antonio, Texas
BSO PORT

Unknown

A laptop containing unencrypted personal data on current and former employees of the former AT&T Corp. was stolen recently from the car of an employee of a professional services firm doing work for the company. That theft prompted the company to notify an unspecified number of individuals about the potential compromise of their Social Security numbers, names and other personal details.

 
Information Source:
Media
records from this breach used in our total: 0

September 19, 2007 Kansas University
Lawrence, Kansas
EDU PHYS

Unknown

A number of documents containing Kansas University student, faculty and staff personal information were recovered from the recycling and trash in the Mathematics Department at Kansas University. The information included student exams, student change of grade forms, class rosters, copies of health insurance cards, copies of immigration forms as well as a copy of a Social Security card.

 
Information Source:
Media
records from this breach used in our total: 0

October 8, 2007 Carnegie Mellon University
Pittsburgh, Pennsylvania
EDU PORT

Unknown

Two laptops were stolen from the office of a computer science professor. Both of the computers were believed to have contained significant personal identifying data, such as Social Security numbers.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

October 8, 2007 Semtech
Camarillo, California
BSO PORT

Unknown

A laptop computer and other personal belongings were stolen from one of Semtech's vendors. The computer was not stolen from a Semtech facility, but may have contained computerized data relating to Semtech employees. Semtech declined to provide further details of the incident, such as what personal employee data may have been put at risk, when the theft happened or how long it took the company to inform its workers of the potential breach.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

October 9, 2007 Pembroke Schools
Pembroke, Massachusetts
EDU DISC

Unknown

(781) 829-1178

Personal information on anyone who worked or volunteered for the Pembroke schools in the last four years was accessible via the Internet because of a weakness in the district's computer system. The information included names, birth dates and Social Security numbers.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

October 10, 2007 Wheels Inc., Pfizer
Des Plaines, Illinois
BSO DISC

1,800 + 23 Not included in Total because it is not clear if SSNs were exposed.

The spouses and domestic partners of about 1,800 Pfizer employees, including 23 from Connecticut, learned late last month about a data breach at Wheels Inc., which provides cars to the company, mostly for use by its sales force. The breach at Wheels, first reported by the Pharmalot Web site, released onto the Internet names, addresses, birth dates and driver's license numbers, but not Social Security numbers, according to the company.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

October 17, 2007 Louisiana Office of Student Financial Assistance, Iron Mountain
Baton Rouge, Louisiana
EDU PORT

Unknown

http://www.osfa.state.la.us/notice.htm

Sensitive data for virtually all Louisiana college applicants and their parents over the past nine years were in a case lost last month during a move. The data included Social Security numbers for applicants and their parents. The bank account information for START account holders also was involved.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

October 23, 2007 Blockbuster
Sarasota, Florida
BSR PHYS

Unknown

A Sarasota resident was fishing in a trash container for boxes when he found 400 documents. These documents included membership forms and employment applications with names, addresses, credit card numbers and Social Security numbers.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

October 24, 2007 Not Your Average Joe's
Dartmouth, Massachusetts
BSO HACK

Unknown

Massachusetts restaurants were targeted by an individual or individuals seeking to illegally obtain credit card data. The data that was compromised included credit card numbers, expiration date and name associated with the card.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

October 28, 2007 Art.com
Lockbourne, Ohio
BSR HACK

Unknown

Cyberspace criminals gained systems entry despite multiple security layers and accessed some credit card transactions. The retailer of posters, prints and framed art alerted customers that hackers had gotten into the website to access credit card accounts.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

October 29, 2007 ABC Phones, ACC Communications
Greenville, North Carolina
BSO PHYS

Unknown

Two men found a box in a dumpster. The cell phone business recently moved and threw away documents that contained personal information from customers. The information contained driver's license numbers, Social Security number, bank accophonesunt numbers, credit card numbers, work and home addresses.

 
Information Source:
Media
records from this breach used in our total: 0

November 6, 2007 Butte Community Bank
Chico, California
BSF PORT

Unknown

(866) 488-8588

A laptop with customers' personal information including names, addresses, Social Security numbers and bank account numbers was stolen from Butte Community Bank.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

November 7, 2007 University of Connecticut Foundation, Convio
Storrs, Connecticut
NGO HACK

Unknown

(800) 269-9965, security@foundation.uconn.edu

UConn was notified of a security breach by an outside party on the network of Convio, Inc., a vendor used by The University of Connecticut Foundation, Inc. for processing online gift transactions and communicating by e-mail. This breach affected 92 of Convio's clients nationwide, including the UConn Foundation. User names and passwords for Convio account preferences were compromised in this breach.

 
Information Source:
Media
records from this breach used in our total: 0

November 13, 2007 Commerce Bancorp
Philadelphia, Pennsylvania
BSF INSD

Unknown

A Commerce Bancorp Inc. employee gave out personal information on an unspecified number of the Cherry Hill bank's customers. The Bank discovered the breach through an internal investigation and sent letters to affected customers. The bank does not know if the information included account numbers and Social Security numbers.  It is unclear if this incident is related to or the same as the January 5 insider breach that involved a Commerce Bank employee.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

November 16, 2007 A.J. Falciani Realty Company
Vineland, New Jersey
BSO STAT

Unknown

Computers containing the personal information of between 500 to 1,000 clients of A.J. Falciani Realty Company were taken in a burglary. Many of the stolen computers stored the names, addresses, Social Security numbers, dates of birth, telephone numbers and other information on the company's clients.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

November 16, 2007 University of Wisconsin, Whitewater
Whitewater, Wisconsin
EDU DISC

Unknown

Officials were notified by one individual about his ability to access an online search feature for the school's website. The search feature could be used to see student names and Social Security numbers along with some other limited student information. Access to the feature was promptly disabled upon notification of the problem.

 
Information Source:
Media
records from this breach used in our total: 0

November 21, 2007 United Healthcare (UnitedHealthcare)
New York, New York
MED DISC

Unknown

UnitedHealthcare is headquartered in Minneapolis, Minnesota.

United Healthcare posted the Social Security numbers of doctors at Columbia University's faculty practice on a public Web site. United posted the taxpayer identification numbers, some of which were Social Security numbers, alongside the names of 993 providers at Columbia who participate in the insurer's network. The list was supposed to be accessible to Columbia employees during the current open enrollment period.

 
Information Source:
Media
records from this breach used in our total: 0

November 29, 2007 American Red Cross
Dallas, Texas
NGO PHYS

Unknown

Six boxes were left unattended in a public hallway for more than six hours. The files contained personal information of current and former employees and were placed there by human resources. Names, addresses and social security numbers could have easily been stolen. The files also contained embarrassing information, including disciplinary actions, results from a drug test, a sexual harassment case even someone's criminal record from another state.

 
Information Source:
Media
records from this breach used in our total: 0

December 5, 2007 Forrester Research
Cambridge, Massachusetts
BSO PORT

unknown

Thieves stole a laptop from the home of a Forrester Research employee, potentially exposing the names, addresses and Social Security numbers of an undisclosed number of current and former employees and directors.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

December 7, 2007 Beacon Medical Services
Aurora, Colorado
MED DISC

Unknown

Detailed, personally identifiable medical records of thousands of Colorado residents were viewable on a publicly accessible Internet site for an uncertain period of time. The data included details of patients' visits to emergency rooms -- what ailments they complained of, diagnoses, treatments, and medical histories, along with the patients' names, occupations, addresses, phone numbers, insurance providers, and in some cases, Social Security numbers. The company is trying to determine the exact number of patients affected, but Beck says the number looks to be fewer than 5,000.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

December 10, 2007 Cameron County
Brownsville, Texas
GOV UNKN

Unknown

An employee released an e-mail with a list of all county officials and employees. It reportedly contained names, Social Security numbers, and salaries.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

December 10, 2007 Sutter Lakeside Hospital
Lakeport, California
MED PORT

45,000 Not added to total. It is not clear if SSNs or financial account numbers were exposed.

 (866) 785-6443

A laptop computer containing personal and medical information of approximately 45,000 former patients, employees and physicians has been stolen from the residence of a contractor.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

December 14, 2007 Deloitte & Touche
New York, New York
BSO PORT

Unknown

A laptop containing the personal information of an undisclosed number of Deloitte & Touche partners, principals and employees was stolen while in possession of a contractor responsible for scanning the accounting firm's pension fund documents. The computer contained confidential data, including names, Social Security numbers, birth dates, and other personnel information, such as hire and termination dates.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

December 18, 2007 Brownsville School District
Brownsville, Pennsylvania
EDU PHYS

Unknown

Forms with employee personal information littered the fence of a Brownsville school district warehouse. Information on litter contained confidential letters with names, bank account numbers, and Social Security numbers. The forms may be more than ten years old, but they each contain information that's still valuable.

 
Information Source:
Media
records from this breach used in our total: 0

December 20, 2007 Greenville County School District
Greenville, South Carolina
EDU HACK

Unknown

The district notified employees last week that its computers had been compromised and that employees' personal information was taken, including their names, home phone numbers and Social Security numbers.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

January 3, 2008 Robotics Industries Association
Ann Arbor, Michigan
BSO HACK

Unknown

A hacker accessed the administration site for Robotics Online gaining access to individual orders that contained credit card information. Seven residents of NH were affected, but national totals were not indicated.

 
Information Source:
Media
records from this breach used in our total: 0

January 3, 2008 Dorothy Hains Elementary School
Augusta, Georgia
EDU STAT

Unknown

The library door was kicked in and the circulation computer was stolen, something the principal desperately wants back because it has the Social Security numbers of students and teachers on it.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

January 5, 2008 New Mexico State University
Las Cruces, New Mexico
EDU PORT

Unknown

A computer hard drive containing the names and Social Security numbers of current and former NMSU employees is missing from the Pan American Center.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

January 7, 2008 Sears, ManageMyHome.com
Cook County, Illinois
BSR DISC

Unknown

Sears' ManageMyHome.com site exposed customer purchase data to any online visitor who asked about it.

 
Information Source:
Media
records from this breach used in our total: 0

January 7, 2008 Geeks.com
Oceanside, California
BSR HACK

Unknown

Personal and financial data may have been compromised by an intrusion into the systems of the online retailer's Web site. Compromised information included the names, addresses, telephone numbers and Visa credit card numbers.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

January 12, 2008 California State University Stanislaus, Sodexho
Turlock, California
EDU UNKN

Unknown

A possible data breach occurred on a food vendor's computer server. Credit card numbers, cardholder names and expiration dates were exposed, leaving hundreds, possibly thousands, of university students, staff and guests open to identity theft, with victims reporting fake charges on their cards. Social Security numbers were not accessible.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

January 15, 2008 Naval Surface Warfare Center Dahlgren Division
White Oak, Maryland
GOV PHYS

Unknown

(800) 352-7967

Officials at the Naval Surface Warfare Center are warning past and present employees that their identities and credit ratings could be at risk. Two pages of a Naval Surface Warfare Center Employment Verification Report was found when four people were arrested in Bensalem Township, Pa., last week for attempted identity fraud. The report included names, Social Security numbers, birth dates, position titles, tenure codes, pay grades, salaries and other information about the employees.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

January 23, 2008 Baylor University
Waco, Texas
EDU INSD

Unknown

A student employee breached the security of the Baylor Information Network to access the Bear ID and passwords of those logging on to the BIN. This access didn't include sensitive information like Social Security Numbers, financial information or academic records. It was just unlawful access to Bear IDs and passwords. The information did, however, give access to Baylor e-mail and Blackboard accounts.

 
Information Source:
Media
records from this breach used in our total: 0

January 24, 2008 OmniAmerican Bank
Fort Worth, Texas
BSF HACK

Unknown

An international gang of cyber criminals hacked into the bank's records. They stole account numbers, created new PINs, fabricated debit cards, then withdrew cash from ATMs in Eastern Europe, Russia, Ukraine, Britain, Canada and New York. Fewer than 100 accounts, some of them dormant, were compromised.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

February 8, 2008 MLSgear.com
Louisville, Kentucky
BSR HACK

Unknown

Injection attacks on web servers hosted by a third-party service provider has compromised the personal data of an unspecified number of individuals who had shopped on Major League Soccer's MLSgear.com Web site. The compromised information included names, addresses, credit card data, debit card data, and MLSgear.com passwords.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

February 10, 2008 Administrative Systems, Inc
Seattle, Washington
BSO STAT

Unknown

A desktop computer stolen from an Administrative Systems, Inc. (ASI) office in Seattle contained names and sensitive information about customers or employees of several of the firm's clients: Continental American Medical, EyeMed Vision/Kelly Services Vision, and Jefferson Pilot Financial Dental. Personal details may have included name, date of birth, mailing address, and Social Security number, depending on the service being provided.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

February 13, 2008 Milwaukee County
Milwaukee, Wisconsin
GOV DISC

Unknown

Milwaukee County officials mistakenly released numerous confidential court records for a citizens group's Web site that detail payments for tests and other costs linked to to mental competency, paternity and guardianship cases. Entries for psychiatric examinations and guardianship fees in which the clients' names were still listed.

 
Information Source:
Media
records from this breach used in our total: 0

February 15, 2008 Lexmark International
Lexington, Kentucky
BSO DISC

Unknown

The employee personal data was inadvertently exposed, it included Social Security numbers, dates of birth, along with names and addresses. The data was accessed by two unknown parties when the data was loaded to a company file sharing site.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

February 18, 2008 First Magnus Financial
Ft. Lauderdale, Florida
BSF PHYS

Unknown

Outside a University of Phoenix Building in Ft. Lauderdale, files and paperwork belonging to the defunct First Magnus Financial were just lying in stacked boxes inside an industrial garbage container. The paperwork contained Social Security numbers, credit card information, addresses, and properties.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

March 10, 2008 Texas Department of Health and Human Services
Austin, Texas
MED STAT

Unknown

Information, including Social Security numbers that could be used to steal Medicaid clients' identity may have been stored on two computers stolen during a burglary. Computers could have contained personal information only on e-mails. The e-mails, however, would normally contain only an individual's case number. It is unlikely those e-mails would have listed Social Security numbers.

 
Information Source:
Media
records from this breach used in our total: 0

March 15, 2008 Utah Division of Finance
Salt Lake City, Utah
GOV HACK

500 - not included in total because it is unclear whether Social Security numbers or financial information was involved

Computer files containing the personal information of approximately 500 individuals may have been accessed by unauthorized persons during a security breach. An initial investigation indicates it is highly unlikely the person who breached the computer system was able to access any personal information.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

March 19, 2008 Affordable Realty
Flint, Michigan
BSO PHYS

Unknown

Social Security numbers and financial records of customers. Affordable Realty occupied office space inside the Ben Agree building on Dort Highway for years. The company was evicted and all of its sensitive customer information ended up outside in a dumpster or on the ground nearby.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

Breach Total
931,357,921 RECORDS BREACHED
(Please see explanation about this total.)
from 4,447 DATA BREACHES made public since 2005
Showing 151-200 of 4447 results


X

Sign In!

Loading