Chronology of Data Breaches
Security Breaches 2005 - Present

Posted Date: April 20, 2005
Updated Date: December 31, 2013

Is this your first visit to our Chronology of Data Breaches?

  • Read our FAQ about what we define as a breached record, how we calculate the "total" records breached, our data sources, state breach notice laws, studies and other resources

  • Learn how to use our Chronology and take advantage of its sophisticated search and sort features

  • Get our RSS Feed to see when we add new breaches to the list

What would you like to do?

Chronology of Data Breaches

Custom Sort
Select your desired results. Then click "Go!"

Click or unclick the boxes then select go.


Select features, then click GO.



Help Guide

Can't find the sort feature you're looking for? Click here to download a CSV file of the data breach list as it exisits today.
Breach Total
815,842,526 RECORDS BREACHED
(Please see explanation about this total.)
from 4,488 DATA BREACHES made public since 2005
Date Made Public Name Entity Type
January 21, 2009 Missouri State University
Springfield, Missouri
EDU DISC

565 Not included in total -- not known how many students have SSNs.

Personal information, including Social Security numbers for 565 foreign students at MSU was leaked this month when a university office sent an e-mail message soliciting their help with language tutoring. The email message they got had a spreadsheet attachment that contained names and Social Security numbers for international students.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

January 23, 2009 Monster.com
Maynard, Massachusetts
BSO HACK

Unknown

http://help.monster.com/besafe/, http://help.monster.com/besafe/jobseeker/index.asp

Their database was illegally accessed and user IDs, passwords, names, e-mail addresses, birth dates, gender, ethnicity, and in some cases, users' states of residence were stolen.

 
Information Source:
Media
records from this breach used in our total: 0

May 26, 2010 Inovis
Alpharetta, Georgia
BSO PORT

Unknown

On May 4th a laptop containing employee information was stolen from an employee of GXS who was helping with their merger. A letter notified an unknown number of Inovis employees that their addresses, Social Security numbers, names and salary information were on the laptop.

 
Information Source:
Databreaches.net
records from this breach used in our total: 0

June 17, 2010 Quantum Corporation
Bellevue, Washington
BSR PORT

Unknown

Laptops were stolen on June 13th. One of the laptops was password protected and contained sensitive employee information such as Social Security numbers, addresses, and names.

 
Information Source:
Databreaches.net
records from this breach used in our total: 0

January 27, 2009 U.S. Consulate
,
GOV PHYS

Unknown

Hundreds of files - with Social Security numbers, bank account numbers and other sensitive U.S. government information - were found in a filing cabinet purchased from the U.S. consulate in Jerusalem through a local auction.

 
Information Source:
Media
records from this breach used in our total: 0

January 27, 2009 Citi Habitats
New York, New York
BSO PHYS

Unknown

During a refurbishing of their office, paper that should have been shredded was improperly placed as trash. Information found blowing in the street included bank statements, 401k statements, credit reports, tax returns, driver's licenses, names, phone numbers and Social Security numbers.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

January 31, 2009 HoneyBaked Ham
Indianapolis, Indiana
BSR PHYS

Unknown

A computer server stocked with credit-card information was stolen from a store. Customers might be at risk.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

February 2, 2009 Southern Satellite
Orange City, Florida
BSO PHYS

Unknown

Hundreds of folders containing names, addresses, Social Security numbers and credit card information were found in a dumpster.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

February 3, 2009 Baystate Medical Center
Springfield, Massachusetts
MED PORT

Unknown

(413 )794-4722

Several laptops were stolen from Baystate Medical Center's Pediatrics department. Some of those computers had patient information on them. All of the information is password protected and the computers had no financial or Social Security information on them.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

February 3, 2009 SRA International
Fairfax, Virginia
BSO HACK

Unknown

Malicious software may have allowed hackers to get access to data maintained by SRA, including employee names, addresses, Social Security numbers, dates of birth and healthcare provider information.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

February 3, 2009 Georgia State Board of Pardons and Paroles
Atlanta, Georgia
GOV STAT

Unknown

The offices of a state contractor in Roswell were burglarized and a computer was stolen. Information regarding current and past parolees that was lost in a burglary includes names, dates of birth and Social Security numbers.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

February 4, 2009 Womancare Inc.
Lathrup Village, Michigan
MED PHYS

unknown

Medical records were improperly disposed of. Pro-Life Society found the records in a dumpster behind the office.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

February 5, 2009 Mooresville's Dry Cleaning Station
Mooresville, North Carolina
BSO INSD

Unknown

A Mooresville dry cleaner skipped town, taking her clients' clothes and credit card numbers with her.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

May 28, 2010 Interior National Business Center
Denver, Colorado
GOV PORT

7,500 (0 SSNs reported)

A disc containing employee information was lost or stolen.  The Interior Department reported that it was encrypted and password-protected personally identifiable federal employee information.

 
Information Source:
Databreaches.net
records from this breach used in our total: 0

February 5, 2009 phpBB.com
Bellevue, Washington
BSO HACK

400,000 Not added to total; SSNs were not accessed.

A popular bulletin board software package has been taken offline following a security breach that gave an attacker full access to a database containing names, email, address, and hashed passwords for its entire user base. The attacker gained access through an unpatched security bug in PHPlist, a third-party email application.

 
Information Source:
Media
records from this breach used in our total: 0

February 8, 2009 Kaspersky
Woburn, Massachusetts
BSO HACK

Unknown

An unidentified hacker gained access to databases used by the usa.kaspersky.com Web site, allowing access to users' accounts, activation codes and possibly personal data about Kaspersky customers. Kaspersky Lab is a security software company.

 
Information Source:
Media
records from this breach used in our total: 0

February 9, 2009 U.S. Postal Service Santee
Santee, California
GOV INSD

Unknown

A mail carrier in San Diego County is accused of stealing dozens of gift cards, debit cards and Social Security documents sent through the mail. Deputies found 30 gift cards, stolen mail, debit cards and money when the carrier was arrested after he finished his route. Detectives also found Social Security documents and W-2 wage and tax statements at carrier's home.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

February 11, 2009 Los Alamos National Laboratory
Los Alamos, New Mexico
GOV STAT

Unknown

The Los Alamos nuclear weapons laboratory in New Mexico is missing 69 computers, including at least a dozen that were stolen last year. The computers are a cybersecurity issue because they may contain personal information like names and addresses. But Los Alamos claims they did not contain classified information. Also missing are three computers that were taken from a scientist's home and a BlackBerry belonging to another employee that was lost in a foreign country considered sensitive.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

June 16, 2010 AT&T
Dallas, Texas
BSR DISC

Unknown

AT&T customers who were using their own usernames and passwords to log into their accounts reported being sent to the accounts of other AT&T customers.  The account information did not include Social Security numbers or credit card information.

 
Information Source:
Databreaches.net
records from this breach used in our total: 0

June 14, 2010 Franklin County Treasurer's Office
Columbus, Ohio
GOV DISC

0

Although it has a newer and better protected website for paying property taxes, the Franklin County Treasurer's Office continues to allow taxpayers to use an older URL which was recently discovered to be vulnerable to hackers.  This may expose taxpayer credit card and checking account numbers. 

 
Information Source:
Databreaches.net
records from this breach used in our total: 0

February 18, 2009 CVS Pharmacies
Woonsocket, Rhode Island
MED PHYS

Unknown

http://www.hhs.gov/ocr/privacy/hipaa/enforcement/examples/cvsresolutionagreement.html

The CVS Pharmacy chain, the largest in the country with 6,300 outlets, has agreed to a $2.25 million settlement with the U.S. Dept. of Health and Human Services. Indianapolis TV station WTHR engaged in an extensive investigation beginning in 2006 of local CVS Pharmacies and their pharmacies in other cities nationwide including Boston, Chicago, Cleveland, Detroit, Dallas, Louisville, Miami, New Haven (Conn.), Philadelphia, Phoenix, and CVS headquarters in Woonsocket, RI. They found that CVS pharmacies were disposing of documents, such as labels from prescription bottles and old prescriptions, in unsecured dumpsters. The HHS's Office of Civil Rights charged that CVS failed to implement adequate policies and procedures to reasonably and appropriately safeguard protected health information during the disposal process failed to adequately train employees on how to dispose of such information properly and did not maintain and implement a sanctions policy for members of its workforce who failed to comply with its disposal policies and procedures. In a coordinated action, CVS Caremark Corporation, the parent company of the chain, also signed a consent order with the Federal Trade Commission to settle potential violations of the FTC Act.

UPDATE (7/16/09): A state board has given final approval to settlements with Indiana's two largest drugstore chains for leaving patient information in the trash. CVS has paid a $2.25 million fine to settle a probe by the U.S. Office of Civil Rights. Also CVS will donate $1,000 to charity as part of the state settlement.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

June 12, 2010 Middle Township Municipal Hall
Middle Township, New Jersey
GOV PHYS

Unknown

Personal information from Municipal Hall was found in a public dumpster. The information was not shredded and included police reports, Social Security numbers, home addresses, telephone numbers, names, and tax records. The improper disposal of information continued after the first dumpster discovery.

 
Information Source:
Databreaches.net
records from this breach used in our total: 0

June 29, 2010 University of Oklahoma
Norman, Oklahoma
EDU HACK

Unknown

The university's Information Technology department noticed unusual Internet activity on a laptop computer associated with its network. It determined the computer belonged to an employee and was infected with a virus known as Zeus or Z-Bod. The employee's laptop had access to computer files that contain student names and Social Security numbers.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

February 23, 2009 Seaview Financial
Corona Del Mar, California
BSF PHYS

Unknown

Folders with personal information for numerous clients of a local mortgage broker sat for days at a public recycling site. The files contained bank account statements, completed tax forms, credit reports and Social Security numbers.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

March 7, 2009 Google
Mountain View, California
BSO DISC

(Not added to total. It does not appear that SSNs or financial account numbers were exposed.)

http://googledocs.blogspot.com/2009/03/on-yesterdays-email.html

Google contacted some of its users to let them know about a situation that affected its Google Docs users. They believe the problem affected less than 0.05% of all documents. Google identified and fixed a bug where a small percentage of users shared some of their documents inadvertently. The bug occurred when the document owner, or a collaborator with sharing rights, selected multiple documents and presentations from the documents list and then changed the sharing permissions. The bug did not affect spreadsheets.

 
Information Source:
Media
records from this breach used in our total: 0

March 7, 2009 Oklahoma Department of Human Services
Shawnee, Oklahoma
GOV PHYS

Unknown

The state Department of Human Services is investigating how a child welfare worker's records ended up with a local TV station. The files, which included names, Social Security numbers, contact information and details on child abuse investigations, reportedly were left behind when a DHS worker was evicted from a rent house in Guthrie.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

March 11, 2009 Sprint
Overland Park, Kansas
BSO INSD

Unknown (It does not appear that SSNs or financial account numbers were exposed.)

(800) 300-6868

Sprint is warning several thousand customers that a former employee sold or otherwise provided their account data without permission. It appears this employee may have provided customer information to a third party in violation of Sprint policy and state law. They have terminated this employee. The information that may have been compromised includes name, address, wireless phone number, Sprint account number, security question answer, and the name of the authorized point of contact for account.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

March 12, 2009 US Army
Washington, District Of Columbia
GOV HACK

1,600 (Not added to total. It does not appear that SSNs or financial account numbers were exposed.)

An Army database that contains personal information about nearly 1,600 soldiers may have been penetrated by unauthorized users. The information that may have been breached includes the service members' names, e-mail messages, phone numbers, home addresses, awards received, ranks, gender, ethnicity, and dates the soldiers deployed and returned from their deployment.

 
Information Source:
Media
records from this breach used in our total: 0

March 16, 2009 Comcast
Philadelphia, Pennsylvania
BSO DISC

4,000 Not added to total. SSNs and financial account numbers were not accessed.

A list of over 8,000 Comcast user names and passwords were available to the public via Scribd for two months, before a Wilkes University professor discovered it over the weekend after doing a search for his identity online. Comcast is saying it looks like the result of a phishing scam and isn't an inside job, and that there are so many duplicate entries on the list that it's closer to 4,000 customers who were exposed.

 
Information Source:
Media
records from this breach used in our total: 0

March 18, 2009 New York City Housing Authority
New York, New York
GOV PHYS

Unknown

Dozens of confidential files with city public housing residents' birth dates, Social Security numbers, and eviction notices were dumped on an East New York street. City Housing Authority officials are investigating to determine how the files ended up scattered along Atlantic Ave. near Pennsylvania Ave.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

March 24, 2009 Massachusetts General Hospital
Boston, Massachusetts
MED PHYS

192 (No SSNs or financial information reported)

Massachusetts General Hospital has put dozens of patients on notice that it has lost some of their confidential medical records, which were left on an MBTA Red Line train by a hospital employee. The MGH employee left the hospital, taking the records with her to do billing work on them over the weekend. The records belonged to at least 66 patients and included private information such as the patients' diagnoses, their names, birth dates and billing information.

UPDATE (2/24/2011): Massachusetts General Hospital agreed to pay one million dollars to settle violation of privacy charges. http://www.hhs.gov/ocr/privacy/hipaa/news/mghnews.html

UPDATE (6/08/2012): The lost documents consisted of a patient schedule with names and medical record numbers for 192 patients.  There were also billing encounter forms with names, dates of birth, medical record numbers, health insurer and policy numbers, diagnoses, and provider names for 66 of those patients.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

March 27, 2009 Pacific University
Forest Grove, Oregon
EDU PORT

Unknown

Student Life (503) 352-2212,  Faculty and staff (503) 352-1511,  Legal Affairs (503) 352-2236

A University-owned laptop was stolen from a staff member's residence. The stolen laptop was password protected and there is no factual evidence that any private information was stored on the laptop. The computer contained names and some personal information. It does not appear that any Social Security numbers were stored on the system.

 
Information Source:
Media
records from this breach used in our total: 0

June 8, 2010 Tri-City Medical Center
Oceanside, California
MED INSD

Unknown

Employees shared patient information on Facebook. Differing reports leave it unclear if these employees were nurses, and whether or not they were fired.

 
Information Source:
PHIPrivacy.net
records from this breach used in our total: 0

April 10, 2009 Borrego Springs Bank, Vavrinek, Trine, Day and Co.
Borrego Springs, California
BSF PORT

Unknown

The theft of seven laptop computers from an auditing firm has led the Borrego Springs Bank to send warning letters to all of its customers saying their personal financial information may be in the hands of criminals. The bank would not comment on the name of the accounting firm that was auditing the records or how or where the thefts occurred. The computer files contain sensitive personal financial information including account name, number and balance.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

June 21, 2010 TeleTech, Sony Electronics
Englewood, Colorado
BSR UNKN

Unknown

Customers who placed orders through Sony Style Telesales Department between May 23rd and June 3rd 2010 may have had their credit card information illegitimately copied and sent to parties outside of the TeleTech network. TeleTech is a third party service provider of Sony.

 
Information Source:
Databreaches.net
records from this breach used in our total: 0

April 12, 2009 CBIZ Medical Management Professionals
Chattanooga, Tennessee
MED STAT

Unknown

The office of CBIZ Medical was broken into on Feb. 23. Among the items stolen was a computer belonging to the hospital with stored radiology reports related to some patients. Patients between December 2007 and Feb. 23, 2009, may have had records saved on the stolen computer.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

April 16, 2009 MySpace
Los Angeles, California
BSO INSD

Unknown

(877) 369-1369

Confidential employee information, including at least name, Social Security numbers and compensation, was taken by an employee in the company's benefit's department without authorization, beginning in June 2008 or earlier. The information was used to annoy selected individuals and the now former employee was arrested and is being prosecuted by the High Tech Crimes Division of the Los Angeles County District Attorneys Office.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

April 27, 2009 Federal Reserve Bank of New York
New York, New York
BSF INSD

Unknown

A former employee at the Federal Reserve Bank of New York and his brother were arrested on suspicion of obtaining loans using stolen identities. The former employee previously worked as an IT analyst at the bank and had access to sensitive employee information, including names, birthdates, Social Security numbers and photographs. A thumb drive attached to his computer had applications for $73,000 in student loans using two stolen identities. They also found a fake drivers license with the photo of a bank employee who wasn't the person identified in the license.

 
Information Source:
Media
records from this breach used in our total: 0

April 28, 2009 West Virginia State Bar
Charleston, West Virginia
NGO HACK

Unknown

The West Virginia State Bar has hired forensic computer experts in hopes of finding those responsible for hacking into the group's website and internal computer network. Information about the State Bar's current and former members may have been compromised. The hacker was able to access the group's internal database server where there was information concerning lawyer identification numbers, names, mailing addresses, email addresses and some Social Security numbers.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

April 29, 2009 Orleans Parish Public Schools
New Orleans, Louisiana
EDU PHYS

Unknown

The confidential records of Orleans Parish public-school employees have been discovered in an abandoned and unsecured warehouse in New Orleans. Personnel files, payroll records, and other documents with private data were uncovered. Inside were countless boxes filled with confidential information, not to mention stacks of other documents lying on the ground, listing payroll information, worker evaluations, notices of personnel action, and investigations into employee discrimination. Also found were full names, home addresses, and Social Security numbers on document after document.

 
Information Source:
Media
records from this breach used in our total: 0

May 5, 2009 Spencer House Apartment Complex
Beaverton, Oregon
BSO PHYS

Unknown

Residents at an apartment complex blamed apartment management Monday for leaving their personal information out in the open. The documents were found in an unlocked public container that was sitting off a side street in their apartment complex. The documents included Social Security numbers, addresses, phone numbers, immigration numbers and names.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

January 18, 2010 City of Oakridge
Oakridge, Oregon
GOV DISC

Unknown

A list of the names, addresses and Social Security numbers of employees of the City of Oakridge was sent out with monthly water bills. The town has about 1,400 households. The city has signed up all employees for a credit monitoring service. The city does not know how many people received the list of employee information in a newsletter included with their water bill.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

May 11, 2009 Multiple financial institutions
New York, New York
BSF CARD

Unknown

A band of brazen thieves ripped off hundreds of New Yorkers by rigging ATMs to steal account and password information from bank customers. The first - a skimmer - went over the slot where customers insert their ATM cards. The skimmer read, and stored, the personal information kept in the magnetic strip on the back of the bank card. The second device was a tiny camera hidden in the lighted signs over the ATM. The pinhole camera lens pointed directly onto the ATM keypad and filmed victims typing in their supposedly secret PIN codes. The thieves would then create their own phony ATM cards and use their victims' PINs to access accounts.

 
Information Source:
Media
records from this breach used in our total: 0

August 24, 2010 Oak Ridge National Laboratory
Columbus, Ohio
GOV STAT

Unknown

About 1,500 unused hard drives were mismanaged, abandoned, and unsecured in the offices. The hard drives had sensitive information such as names, medical information, dates of birth and salary information. Auditors found hard drives in hallways, unused offices and docks. Only 55 unused hard drives were being stored properly; computer security officers destroyed the others.

 
Information Source:
Databreaches.net
records from this breach used in our total: 0

May 18, 2009 Anderson Kia Car Dealership
Boulder, Colorado
BSR PHYS

Unknown

Police have chained up 10 recycling bins outside Boulder's now-defunct Anderson Kia car dealership after learning that the bins were stuffed with personal information from the dealership's former customers. Green recycling bins were piled full with folders, each headed with an individual's name. All of the folders contained Social Security numbers, driver's license information, photos, phone numbers and financial information for Kia customers.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

May 19, 2009 CompuCredit
Atlanta, Georgia
BSF DISC

120 (0 SSNs were accessed)

A computer processing error created a single image file of 120 account statements for the month of April. Statement files are delivered to the cardholder through the website in Adobe PDF format. Because of a load error, the system failed to detect page breaks between the account statements, thus resulting in the system believing that all of the pages belonged to a single statement. As a result, the PDF image file contained 119 statements in addition to the cardholder's statement. (Note: Monthly account statements do not include customers' Social Security numbers or PINs.)

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

May 19, 2009 Rudder
Houston, Texas
BSF DISC

Unknown

Rudder, a financial management company, erred in sending users' confidential financial information to the wrong individuals. Through an online financial planning application, hundreds of individuals were able obtain the full details on others' finances - their salary, debts, bank balance, and where they shop. Bank account numbers were apparently not exposed.

 
Information Source:
Media
records from this breach used in our total: 0

May 21, 2009 Internal Revenue Service
Washington, District Of Columbia
GOV PHYS

Unknown

Additional locations: several IRS document disposal facilities in the U.S.), http://www.treas.gov/tigta/auditreports/2009reports/200930059fr.pdf

The U.S Treasury Inspector General for Tax Administration found in a fiscal year 2008 audit that in more than a dozen IRS document disposal facilities, old taxpayer documents were being tossed out in regular waste containers and dumpsters. In addition, the investigation found that IRS officials failed to consistently verify whether contract employees who have access to taxpayer documents had passed background checks. Further, investigators had difficulty finding anyone responsible for oversight of most of the facilities that the IRS contracted with to burn or shred sensitive taxpayer documents. The review was performed at IRS offices in Phoenix, Tempe, and Tucson, Arizona New Carrollton, Maryland Holtsville, Garden City, and Westbury, New York and Ogden, Utah, and included questionnaires to 14 Territory Managers across the country during the period September 2007 through May 2008.

 
Information Source:
Media
records from this breach used in our total: 0

June 29, 2010 Merrimack Mortgage
Greer, South Carolina
BSF PHYS

Unknown

Personal documents from Merrimack Mortgage were found in an unsecured public dumpster. The documents were not shredded and contained Social Security numbers, credit scores, bank information, and other personal information.

 
Information Source:
Databreaches.net
records from this breach used in our total: 0

April 21, 2010 St. Mary and Elizabeth Hospital Women's Center
Louisville, Kentucky
MED STAT

77 (0 SSNs reported)

A hard drive was stolen from a locked area. Medical information such as biopsy images, patient names, and medical exams were on the stolen hard drive.

 
Information Source:
PHIPrivacy.net
records from this breach used in our total: 0

Showing 401-450 of 4488 results


X

Sign In!

Loading