Chronology of Data Breaches
Security Breaches 2005 - Present

Posted Date: April 20, 2005
Updated Date: December 31, 2013

Is this your first visit to our Chronology of Data Breaches?

  • Read our FAQ about what we define as a breached record, how we calculate the "total" records breached, our data sources, state breach notice laws, studies and other resources

  • Learn how to use our Chronology and take advantage of its sophisticated search and sort features

  • Get our RSS Feed to see when we add new breaches to the list

What would you like to do?


Click or unclick the boxes then select go.


Select features, then click GO.



Help Guide

Can't find the sort feature you're looking for? Click here to download a CSV file of the data breach list as it exisits today.
Breach Total
929,676,448 RECORDS BREACHED
(Please see explanation about this total.)
from 4,421 DATA BREACHES made public since 2005

Save or Print PDF of Entire Breach List including introduction.Save or Print a PDF of Entire Breach List (including introductory FAQ)

Filter breach list before saving or printing PDF. Conduct a search of the Chronology using its sorting features, and Save or Print a PDF of your search results (Select filters)

If you do not have access to PDF, you can print the Chronology in landscape view.

Date Made Publicsort icon Name Entity Type
June 18, 2006 Ulster County Community College
Stone Ridge, New York
EDU PORT

18

A laptop that contained student information was stolen from a professor's office on or around June 28. The information included names and Social Security numbers.

 
Information Source:
Dataloss DB
records from this breach used in our total: 18

June 20, 2006 Equifax
Atlanta, Georgia
BSF PORT

2,500

On May 29, a company laptop containing employee names and partial and full Social Security numbers was stolen from an employee.

 
Information Source:
Dataloss DB
records from this breach used in our total: 2,500

June 20, 2006 University of Alabama
Birmingham, Alabama
EDU STAT

9,800

In February a computer was stolen from a locked office of the kidney transplant program at the University of Alabama at Birmingham that contained confidential information of donors, organ recipients and potential recipients including names, Social Security numbers and medical information.

 
Information Source:
Dataloss DB
records from this breach used in our total: 9,800

June 20, 2006 New Jersey Department of Labor and Workforce Development
Jersey City, New Jersey
GOV DISC

498

Customers are being notified that their personal information may have been unintentionally mailed to other customers. A malfunction in the mail processing equipment meant that personal information of unemployment insurance claimants was included with the information of other people. Names, addresses and Social Security numbers were exposed.

 
Information Source:
Dataloss DB
records from this breach used in our total: 498

June 21, 2006 Cumberland County Emergency Medical Service
Fayetteville, North Carolina
MED PORT

24,350

Portable computer containing personal information of more than 24,000 people was stolen from ambulance of Cumberland Co. Emergency Medical Services on June 8th. It contained information on people treated by the EMS, including names, addresses, and birthdates, plus SSNs of 84% of those listed.

 
Information Source:
Dataloss DB
records from this breach used in our total: 24,350

June 21, 2006 Lancaster General Hospital
Lancaster, Pennsylvania
EDU STAT

Hundreds (at least 200)

Date of letter sent to doctors: June 21, 2006 Date of news story: July 28, 2006

A desktop computer with personal information of hundreds of doctors was stolen from a locked office June 10. The unencrypted data included names, practice addresses, and SSNS of physicians on medical and dental staff.

 
Information Source:
Security Breach Letter
records from this breach used in our total: 200

June 22, 2006 Ohio University
Athens, Ohio
EDU HACK

2,480

http://www.ohio.edu/datasecurity

A breach was discovered on a computer that housed IRS 1099 forms for vendors and independent contractors for calendar years 2004 and 2005.

 
Information Source:
Media
records from this breach used in our total: 2,480

June 22, 2006 Ohio University
Athens, Ohio
EDU HACK

Unknown

http://www.ohio.edu/datasecurity/

A computer was compromised that hosted a variety of Web-based forms, including some that processed online business transactions. Although this computer was not set up to store personal information, investigators did discover files that contained fragments of personal information, including Social Security numbers. The data is fragmentary and it is not certain if the compromised information can be traced to individuals. Also found on the computer were 12 credit card numbers that were used for event registration.

 
Information Source:
Media
records from this breach used in our total: 0

June 22, 2006 University of Kentucky
Lexington, Kentucky
EDU PORT

6,500

The personal data of current and former students including classroom rosters names, grades and Social Security numbers was reported stolen on May 26 following the theft of a professor's flash drive.

 
Information Source:
Dataloss DB
records from this breach used in our total: 6,500

June 22, 2006 U.S. Department of Agriculture (USDA)
Washington, District Of Columbia
GOV HACK

26,000

http://www.firstgov.gov/usdainfo.shtml

During the first week in June, a hacker broke into the Department's computer system and may have obtained names, Social Security numbers and photos of current and former employees and contractors.

 
Information Source:
Dataloss DB
records from this breach used in our total: 26,000

June 22, 2006 Federal Trade Commission (FTC)
Washington, District Of Columbia
GOV PORT

110

Two laptop computers containing personal and financial data were stolen from an employee's vehicle. The data included names, addresses, Social Security numbers, dates of birth, and in some instances, financial account numbers gathered in law enforcement investigations.

 
Information Source:
Dataloss DB
records from this breach used in our total: 110

June 23, 2006 San Francisco State University
San Francisco, California
EDU PORT

3,000

www.sfsu.edu/%7Eadmisrec/reg/idtheft.html

A faculty member's laptop was stolen from a car on June 1 that contained personal information of former and current students including Social Security numbers, and names and ins some instance, phone numbers and grade point averages.

 
Information Source:
Dataloss DB
records from this breach used in our total: 3,000

June 23, 2006 U.S. Navy
Washington, District Of Columbia
GOV UNKN

28,000

Navy personnel were notified on June 22 that a civilian website contained files with personal information of Navy members and dependents including names, birth dates and Social Security numbers.

 
Information Source:
Dataloss DB
records from this breach used in our total: 28,000

June 23, 2006 CBCInnovis Inc., Andover Bank
Conneaut, Ohio
BSF UNKN

1,122

Names, Social Security numbers, addresses, names of creditors, account numbers, payment histories and public records of financial judgments may have been accessed without proper authorization at Andover Bank.

 
Information Source:
Dataloss DB
records from this breach used in our total: 1,122

June 24, 2006 Catawba County Schools
Newton, North Carolina
EDU UNKN

619

On June 22, it was discovered that a web site posted names, Social Security numbers, and test scores of students who had taken a keyboarding and computer applications placement test during the 2001-02 school year.

UPDATE:The web site containing the data has been removed.

 
Information Source:
Dataloss DB
records from this breach used in our total: 619

June 24, 2006 Social Security Administration
Atlanta, Georgia
GOV PORT

228

People in Roanoke, Salem, Blacksburg, Christianburg, Radford, Rocky Mount, Buchanan, Wytheville, Pulaski, Pearisburg and Fincastle were affected.

A lawyer working for the Social Security Administration broke a work-at-home agreement and brought a laptop with sensitive information to a conference in Atlanta.  The laptop was stolen there.  Social Security numbers, names and possibly medical information would have been on the laptop.  

 
Information Source:
Dataloss DB
records from this breach used in our total: 228

June 26, 2006 AAAAA Rent-A-Space
Colma, California
BSO DISC

13,000

Customer's account information including name, address, credit card, and Social Security number was easily accessible due to a security gap in AAAAA's online payment system.

 
Information Source:
Dataloss DB
records from this breach used in our total: 13,000

June 26, 2006 King County Elections
Seattle, Washington
GOV DISC

Unknown

Public election records with Social Security numbers were made available online. Like in other counties, individuals can request that their specific information be removed by submitting a written request.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

June 27, 2006 Government Accountability Office (GAO)
Washington, District Of Columbia
GOV DISC

Fewer than 1,000 [1,000 used in total]

Data from audit reports on Defense Department travel vouchers from the 1970s were inadvertently posted online and included some service members' names, Social Security numbers and addresses. The agency has subsequently removed the information.

 
Information Source:
Dataloss DB
records from this breach used in our total: 1,000

June 27, 2006 Empire Beauty School Inc.
Brooklyn, New York
EDU PHYS

1,132

The June 20 theft of a briefcase from an administrative employee's vehicle caused reports with the names and Social Security numbers of former students to be lost. A laptop was also stolen during the burglary, but it is unlikely that it had personal information.

 
Information Source:
Dataloss DB
records from this breach used in our total: 1,132

June 27, 2006 University of Rochester
Rochester, New York
EDU DISC

286

Former students' names and Social Security numbers were accidentally placed on a publicly accessible web page. Names, Social Security numbers and some standardized test scores were posted. The information was removed after the discovery and it appears that the information on the web page was accessed only once, on June 12 2006.

 
Information Source:
Dataloss DB
records from this breach used in our total: 286

June 27, 2006 Maimonides Medical Center, Vision Financial Corp.
Harrison, New York
MED PORT

560

On June 9, an employee of Maimonides' contractor Vision Financial was robbed of personal belongings and a laptop that contained client information. Names, Social Security numbers, addresses, birth dates and amount owed to the Maimonides may have been exposed.

 
Information Source:
Dataloss DB
records from this breach used in our total: 560

June 29, 2006 AllState Insurance Huntsville branch
Huntsville, Alabama
BSF STAT

27,000

Over Memorial Day weekend, a computer containing personal data including images of insurance policies, correspondence and Social Security numbers was stolen.

 
Information Source:
Dataloss DB
records from this breach used in our total: 27,000

June 29, 2006 Nebraska Treasurer's Office
Lincoln, Nebraska
GOV HACK

309,000

A hacker broke into a child-support computer system and may have obtained names, Social Security numbers and other information such as tax identification numbers for 9,000 businesses.

 
Information Source:
Dataloss DB
records from this breach used in our total: 309,000

June 29, 2006 Minnesota Department of Revenue
St. Paul, Minnesota
GOV PORT

50,400

http://www.taxes.state.mn.us/taxes/publications/press_releases/content/taxpayer_information.shtml

On May 16, a package containing a data tape used to back up the regional office's computers went missing during delivery. The tape contained personal information including individuals' names, addresses, and Social Security numbers.

UPDATE (7/20/06): The package was reported delivered 2 months later, but apparently had been temporarily lost by the U.S. Postal Service.

 
Information Source:
Dataloss DB
records from this breach used in our total: 50,400

June 30, 2006 U.S. Department of Veteran Affairs
Washington, District Of Columbia
GOV PORT

16,500

A data tape disappeared from a VA facility in Indianapolis, IN that contained information on legal cases involving U.S. veterans and included veterans' Social Security numbers, dates of birth and legal documents.

UPDATE (10/11/06): The VA's Office of the General Counsel is offering identity theft protection services to those affected by the missing tape.

 
Information Source:
Dataloss DB
records from this breach used in our total: 16,500

June 30, 2006 National Institutes of Health Federal Credit Union
Rockville, Maryland
BSF UNKN

Very few of 41,000 members affected [not included in total]

NIHFCU and law enforcement are investigating the identity theft of some of its 41,000 members. No details were given on the type of information stolen, or how it was stolen.

 
Information Source:
Media
records from this breach used in our total: 41,000

June 30, 2006 Washington Regional Medical Center
Fayetteville, Arkansas
GOV PORT

5,000

A computer from the Human Resources Division of Washington Regional Medical Center was stolen on April 14. The computer was stolen from the employee's office during a 45 minute absence. Current and former employees may have had their personal information exposed.

 
Information Source:
Dataloss DB
records from this breach used in our total: 5,000

July 1, 2006 American Red Cross, Farmers Branch
Dallas, Texas
NGO PORT

Unknown

Sometime in May, three laptops were stolen, one of them containing encrypted personal information including names, SSNs, dates of birth, and medical information of all regional donors. They also report losing a laptop with encrypted donor information in June 2005.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

July 5, 2006 Bisys Group Inc.
Roseland, New Jersey
BSF PORT

61,000

Personal details about 61,000 hedge fund investors were lost when an employee's truck carrying backup tapes was stolen. The data included SSNs of 35,000 individuals. The tapes were being moved from one Bisys facility to another on June 8 when the theft occurred.

 
Information Source:
Dataloss DB
records from this breach used in our total: 61,000

July 5, 2006 RBS National Bank, Asset Acceptance LLC
Bridgeport, Connecticut
BSF PORT

1,221

A laptop was stolen from an Asset Acceptance LLC employee's car on June 19.  The laptop contained information from RBS National Bank.  Customer names, addresses, Social Security numbers, phone numbers and loan information may have been accessed.

 
Information Source:
Dataloss DB
records from this breach used in our total: 1,221

July 5, 2006 Columbia University
New York, New York
EDU DISC

98

An emergency contact list from the Columbia University School of International and Public Affairs was posted on an unsecure website on August 2005.  Names, business and home phone numbers, addresses, emergency contact person and Social Security numbers were available.

 
Information Source:
Dataloss DB
records from this breach used in our total: 98

July 6, 2006 Automatic Data Processing (ADP)
Roseland, New Jersey
BSO UNKN

0

Payroll service company ADP gave scam-artist names, addresses, and number of shares held of investors, although apparently not SSNs or account numbers. The leak occurred from Nov. '05 to Feb. '06 and involved individual investors with 60 companies including Fidelity, UBS, Morgan Stanley, Bear Stearns, Citigroup, Merrill Lynch. Hundreds of thousands of investors may have been affected.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

July 7, 2006 University of Tennessee
Knoxville, Tennessee
EDU HACK

36,000

(866) 748-1680, http://security.tennessee.edu.  Additional locations: Chattanooga, Martin, Tullahoma and Memphis, TN

Hacker broke into a UT computer containing names, addresses and SSNs of about 36,000 past and current employees. The intruder used the computer from Aug. '05 to May '06 to store and transmit movies.

 
Information Source:
Dataloss DB
records from this breach used in our total: 36,000

July 7, 2006 National Association of Securities Dealers (NASD)
Boca Raton, Florida
BSF PORT

73

Ten laptops were stolen on Feb. 25 '06 from NASD investigators. They included SSNs of securities dealers who were the subject of investigations involving possible misconduct. Inactive account numbers of about 1,000 consumers were also contained on laptops.

 
Information Source:
Dataloss DB
records from this breach used in our total: 73

July 7, 2006 Naval Safety Center, United States Navy
Norfolk, Virginia
GOV DISC

100,000

The SSNs and other personal information of more than 100,000 naval and Marine Corps aviators and air crew, both active and reserve, were exposed on the Center website and on 1,100 computer discs mailed to naval commands.

 
Information Source:
Dataloss DB
records from this breach used in our total: 100,000

July 7, 2006 Montana Public Health and Human Services Department
Helena, Montana
MED STAT

Unknown

A state government computer was stolen from the office of a drug dependency program during a 4th of July break-in. It was not known if sensitive information such as SSNs was compromised.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

July 7, 2006 City of Hattiesburg
Hattiesburg, Mississippi
GOV STAT

thousands of city workers and contractors (at least 2,000)

Video surveillance cameras caught 2 intruders stealing hard drives from 18 computers June 23. Data files contained names, addresses, and SSNs of current and former city employees and registered voters as well as bank account information for employees paid through direct deposit and water system customers who paid bills electronically.

 
Information Source:
Dataloss DB
records from this breach used in our total: 2,000

July 13, 2006 Moraine Park Technical College
Beaver Dam, Wisconsin
EDU PORT

1,500

Additional locations: Fond du Lac and West Bend, WI

Computer disk (CD) with personal information of 1,500 students was reported missing. Information includes names, addresses, phone numbers & SSNs of apprenticeship students back to 1993.

 
Information Source:
Dataloss DB
records from this breach used in our total: 1,500

July 13, 2006 New York State Department of Motor Vehicles (DMV), New York State Thruway Authority
, New York
GOV INSD

57 (No SSNs or financial information reported)

A Thruway employee performed searches of DMV records without authorization. The discovery was made on December 27, but the length of time this employee engaged in the behavior was not reported. The employee had access to all the information contained on driver's licenses.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

July 14, 2006 Northwestern University
Evanston, Illinois
EDU HACK

17,000

(888) 209-0097. http://www.northwestern.edu/newscenter/stories/2006/07/data.html 

Files containing names and some personal information including SSNs were on 9 desktop computers that had been accessed by unauthorized persons outside the University. The computers were in the Office of Admissions and Financial Aid.

 
Information Source:
Dataloss DB
records from this breach used in our total: 17,000

July 14, 2006 University of Iowa
Davenport, Iowa
EDU PORT

280

Laptop computer containing personal information of current and former MBA students was stolen. Data files included SSNs and some contact info.

 
Information Source:
Dataloss DB
records from this breach used in our total: 280

July 14, 2006 California Polytechnic State University (Cal Poly)
San Luis Obispo, California
EDU PORT

3,020 students

Call (805) 756-2226 or (805) 756-2171

Laptop computer was stolen from the home of a physics department professor July 3. It included names and SSNs of physics and astronomy students from 1994-2004.

 
Information Source:
Security Breach Letter
records from this breach used in our total: 3,020

July 14, 2006 Hampton Circuit Court Clerk - Treasurer's computer
Hampton, Virginia
GOV DISC

Over 100,000 records (The number containing SSNs is not known yet and not included in total below.)

Public computer in city government building containing taxpayer information was found to display SSNs of many residents -- those who paid personal property and real estate taxes. It was shut down and confiscated by the police on July 12th.

UPDATE (7/27/2006) Investigation concluded that the data was exposed due to software problem.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

July 16, 2006 Mississippi Secretary of State
Jackson, Mississippi
GOV DISC

Among the 2 million postings are "thousands" containings SSNs

The state agency's web site listed 2 million+ Uniform Commercial Code (UCC) filings in which thousands of individuals' SSNs were exposed.

 
Information Source:
Dataloss DB
records from this breach used in our total: 2,000

July 16, 2006 Columbia University
New York, New York
EDU STAT

78

On or around July 7, a computer was stolen from campus.  The hard drive contained names, Social Security numbers, passport/visa numbers, tax identification numbers, home and business addresses, telephone contacts and email contacts.

 
Information Source:
Dataloss DB
records from this breach used in our total: 78

July 17, 2006 Vassar Brothers Medical Center
Poughkeepsie, New York
MED PORT

257,800 (revised to 0)

(845) 483-6990

An analysis by Kroll later determined that the laptop contained no personal information, though 257,800 patients were initially notified.  This number is not included in the total below.

Laptop was stolen from the emergency department between June 23-26. It contained information on patients dating back to 2000, including SSNs and dates of birth.

UPDATE (10/5/06) Private investigators determined the laptop did not contain personally identifiable patient information.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

July 18, 2006 Nelnet Inc., UPS
Lincoln, Nebraska
BSO PORT

188,000

(800) 552-7925

A computer tape containing personal information of student loan customers and parents, mostly from Colorado, was lost when shipped via UPS. The loans were previously serviced by College Access Network between November 1, 2002 and May 31, 2006.

 
Information Source:
Dataloss DB
records from this breach used in our total: 188,000

July 18, 2006 CS Stars, subsidiary of insurance company Marsh Inc.
Chicago, Illinois
BSF STAT

722,000

On May 9, CS Stars lost track of a personal computer containing records of more than a half million New Yorkers who made claims to a special workers' comp fund. The lost data includes SSNs and date of birth but apparently no medical information.

UPDATE (7/26/06): Computer was recovered.

UPDATE (04/26/07): The New York Attorney General's office found that CS Stars violated the state's security breach law. CS Stars must pay the Attorney General's office $60,000 for investigation costs. It was determined that the computer had been stolen by an employee of a cleaning contractor, the missing computer was located and recovered, and that the data on the missing computer had not been improperly accessed.

 
Information Source:
Security Breach Letter
records from this breach used in our total: 722,000

July 18, 2006 U.S. Department of Agriculture
Wellington, Kansas
GOV PORT

350

A laptop computer and a printout containing names, addresses and SSNs of 350 employees was stolen from an employee's car and later recovered.

 
Information Source:
Dataloss DB
records from this breach used in our total: 350

Breach Total
929,676,448 RECORDS BREACHED
(Please see explanation about this total.)
from 4,421 DATA BREACHES made public since 2005
Showing 301-350 of 4421 results


X

Sign In!

Loading