Chronology of Data Breaches
Security Breaches 2005 - Present

Posted Date: April 20, 2005
Updated Date: December 31, 2013

Is this your first visit to our Chronology of Data Breaches?

  • Read our FAQ about what we define as a breached record, how we calculate the "total" records breached, our data sources, state breach notice laws, studies and other resources

  • Learn how to use our Chronology and take advantage of its sophisticated search and sort features

  • Get our RSS Feed to see when we add new breaches to the list

What would you like to do?

Chronology of Data Breaches

Custom Sort
Select your desired results. Then click "Go!"

Click or unclick the boxes then select go.


Select features, then click GO.



Help Guide

Can't find the sort feature you're looking for? Click here to download a CSV file of the data breach list as it exisits today.
Breach Total
815,842,526 RECORDS BREACHED
(Please see explanation about this total.)
from 4,488 DATA BREACHES made public since 2005
Date Made Public Name Entity Type
March 2, 2010 Diabetes Direct Inc
Juniper, Florida
MED INSD

Unknown

A former employee is accused of stealing patient information to commit identity theft. The former employee also had multiple driver's licenses and was able to open utility, bank and credit accounts.

 
Information Source:
Databreaches.net
records from this breach used in our total: 0

October 9, 2007 Pembroke Schools
Pembroke, Massachusetts
EDU DISC

Unknown

(781) 829-1178

Personal information on anyone who worked or volunteered for the Pembroke schools in the last four years was accessible via the Internet because of a weakness in the district's computer system. The information included names, birth dates and Social Security numbers.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

October 10, 2007 Wheels Inc., Pfizer
Des Plaines, Illinois
BSO DISC

1,800 + 23 Not included in Total because it is not clear if SSNs were exposed.

The spouses and domestic partners of about 1,800 Pfizer employees, including 23 from Connecticut, learned late last month about a data breach at Wheels Inc., which provides cars to the company, mostly for use by its sales force. The breach at Wheels, first reported by the Pharmalot Web site, released onto the Internet names, addresses, birth dates and driver's license numbers, but not Social Security numbers, according to the company.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

February 24, 2010 7-Eleven
Sandy, Utah
BSR CARD

Unknown

A skimming device monitored transactions at a gas station pump in Sandy, Utah. The device could have been active for 60 days before being discovered and was used to steal over $11,000.

 
Information Source:
Databreaches.net
records from this breach used in our total: 0

October 17, 2007 Louisiana Office of Student Financial Assistance, Iron Mountain
Baton Rouge, Louisiana
EDU PORT

Unknown

http://www.osfa.state.la.us/notice.htm

Sensitive data for virtually all Louisiana college applicants and their parents over the past nine years were in a case lost last month during a move. The data included Social Security numbers for applicants and their parents. The bank account information for START account holders also was involved.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

February 17, 2010 T.G.I. Friday's (TGIF)
Coon Rapids, Minnesota
BSR CARD

Unknown

A former employee used a skimming device to gain credit card information from customers of the Coon Rapids T.G.I. Friday's. The dishonest employee was involved with a partner who used skimming devices in a variety of locations throughout Minnesota.

 
Information Source:
Databreaches.net
records from this breach used in our total: 0

October 23, 2007 Blockbuster
Sarasota, Florida
BSR PHYS

Unknown

A Sarasota resident was fishing in a trash container for boxes when he found 400 documents. These documents included membership forms and employment applications with names, addresses, credit card numbers and Social Security numbers.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

October 24, 2007 Not Your Average Joe's
Dartmouth, Massachusetts
BSO HACK

Unknown

Massachusetts restaurants were targeted by an individual or individuals seeking to illegally obtain credit card data. The data that was compromised included credit card numbers, expiration date and name associated with the card.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

October 28, 2007 Art.com
Lockbourne, Ohio
BSR HACK

Unknown

Cyberspace criminals gained systems entry despite multiple security layers and accessed some credit card transactions. The retailer of posters, prints and framed art alerted customers that hackers had gotten into the website to access credit card accounts.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

October 29, 2007 ABC Phones, ACC Communications
Greenville, North Carolina
BSO PHYS

Unknown

Two men found a box in a dumpster. The cell phone business recently moved and threw away documents that contained personal information from customers. The information contained driver's license numbers, Social Security number, bank accophonesunt numbers, credit card numbers, work and home addresses.

 
Information Source:
Media
records from this breach used in our total: 0

February 11, 2010 Sandwich Board Cafe
Greenwood Village, Colorado
BSO INSD

Unknown

An employee used customer credit card information to purchase $200,000 worth of Wal-Mart shopping cards.

 
Information Source:
Databreaches.net
records from this breach used in our total: 0

November 6, 2007 Butte Community Bank
Chico, California
BSF PORT

Unknown

(866) 488-8588

A laptop with customers' personal information including names, addresses, Social Security numbers and bank account numbers was stolen from Butte Community Bank.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

November 7, 2007 University of Connecticut Foundation, Convio
Storrs, Connecticut
NGO HACK

Unknown

(800) 269-9965, security@foundation.uconn.edu

UConn was notified of a security breach by an outside party on the network of Convio, Inc., a vendor used by The University of Connecticut Foundation, Inc. for processing online gift transactions and communicating by e-mail. This breach affected 92 of Convio's clients nationwide, including the UConn Foundation. User names and passwords for Convio account preferences were compromised in this breach.

 
Information Source:
Media
records from this breach used in our total: 0

August 29, 2010 Rolling Meadows Townhomes
Saline, Michigan
BSO HACK

Unknown

Dozens of residents of the Rolling Meadows Townhomes community became identity theft victims. Thieves somehow obtained banking information from checks that residents sent to pay for their co-op properties.

 
Information Source:
Databreaches.net
records from this breach used in our total: 0

February 3, 2010 Private Dental Practice in Medical Commons One
Greensburg, Pennsylvania
MED PORT

Unknown

A laptop containing patient information was stolen.

 
Information Source:
HHS via Databreaches.net
records from this breach used in our total: 0

November 13, 2007 Commerce Bancorp
Philadelphia, Pennsylvania
BSF INSD

Unknown

A Commerce Bancorp Inc. employee gave out personal information on an unspecified number of the Cherry Hill bank's customers. The Bank discovered the breach through an internal investigation and sent letters to affected customers. The bank does not know if the information included account numbers and Social Security numbers.  It is unclear if this incident is related to or the same as the January 5 insider breach that involved a Commerce Bank employee.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

November 16, 2007 A.J. Falciani Realty Company
Vineland, New Jersey
BSO STAT

Unknown

Computers containing the personal information of between 500 to 1,000 clients of A.J. Falciani Realty Company were taken in a burglary. Many of the stolen computers stored the names, addresses, Social Security numbers, dates of birth, telephone numbers and other information on the company's clients.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

November 16, 2007 University of Wisconsin, Whitewater
Whitewater, Wisconsin
EDU DISC

Unknown

Officials were notified by one individual about his ability to access an online search feature for the school's website. The search feature could be used to see student names and Social Security numbers along with some other limited student information. Access to the feature was promptly disabled upon notification of the problem.

 
Information Source:
Media
records from this breach used in our total: 0

November 21, 2007 United Healthcare (UnitedHealthcare)
New York, New York
MED DISC

Unknown

UnitedHealthcare is headquartered in Minneapolis, Minnesota.

United Healthcare posted the Social Security numbers of doctors at Columbia University's faculty practice on a public Web site. United posted the taxpayer identification numbers, some of which were Social Security numbers, alongside the names of 993 providers at Columbia who participate in the insurer's network. The list was supposed to be accessible to Columbia employees during the current open enrollment period.

 
Information Source:
Media
records from this breach used in our total: 0

November 29, 2007 American Red Cross
Dallas, Texas
NGO PHYS

Unknown

Six boxes were left unattended in a public hallway for more than six hours. The files contained personal information of current and former employees and were placed there by human resources. Names, addresses and social security numbers could have easily been stolen. The files also contained embarrassing information, including disciplinary actions, results from a drug test, a sexual harassment case even someone's criminal record from another state.

 
Information Source:
Media
records from this breach used in our total: 0

February 3, 2010 Private Practice in Medical Arts Building
Greensburg, Pennsylvania
MED PORT

Unknown

A laptop containing patient information was stolen.

 
Information Source:
HHS via Databreaches.net
records from this breach used in our total: 0

October 17, 2009 Feeney Insurance Agency
Pittsburgh, Pennsylvania
BSF STAT

Unknown

A break in resulted in the theft of an unencrypted computer. The computer contained contact information, Social Security numbers, birth dates, and driver's license numbers.

 
Information Source:
Databreaches.net
records from this breach used in our total: 0

January 19, 2010 CHASE
Louisville, Kentucky
BSF DISC

Unknown

CHASE customer information that was sold to another business was accidentally posted on a website.  The information included names, addresses and bank account numbers.

 
Information Source:
Databreaches.net
records from this breach used in our total: 0

December 31, 2009 Time Inc., Harvard Business Review
New York, New York
MED INSD

Unknown

The incident occurred in Florida. The location listed is the corporate headquarters.

A customer service center employee may have misused customer credit card information.

UPDATE (8/09/10): Harvard Business Review customers were affected as well.

 
Information Source:
Databreaches.net
records from this breach used in our total: 0

December 5, 2007 Forrester Research
Cambridge, Massachusetts
BSO PORT

unknown

Thieves stole a laptop from the home of a Forrester Research employee, potentially exposing the names, addresses and Social Security numbers of an undisclosed number of current and former employees and directors.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

December 7, 2007 Beacon Medical Services
Aurora, Colorado
MED DISC

Unknown

Detailed, personally identifiable medical records of thousands of Colorado residents were viewable on a publicly accessible Internet site for an uncertain period of time. The data included details of patients' visits to emergency rooms -- what ailments they complained of, diagnoses, treatments, and medical histories, along with the patients' names, occupations, addresses, phone numbers, insurance providers, and in some cases, Social Security numbers. The company is trying to determine the exact number of patients affected, but Beck says the number looks to be fewer than 5,000.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

December 10, 2007 Cameron County
Brownsville, Texas
GOV UNKN

Unknown

An employee released an e-mail with a list of all county officials and employees. It reportedly contained names, Social Security numbers, and salaries.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

December 10, 2007 Sutter Lakeside Hospital
Lakeport, California
MED PORT

45,000 Not added to total. It is not clear if SSNs or financial account numbers were exposed.

 (866) 785-6443

A laptop computer containing personal and medical information of approximately 45,000 former patients, employees and physicians has been stolen from the residence of a contractor.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

December 14, 2007 Deloitte & Touche
New York, New York
BSO PORT

Unknown

A laptop containing the personal information of an undisclosed number of Deloitte & Touche partners, principals and employees was stolen while in possession of a contractor responsible for scanning the accounting firm's pension fund documents. The computer contained confidential data, including names, Social Security numbers, birth dates, and other personnel information, such as hire and termination dates.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

December 22, 2009 Western Michigan University
Kalamazoo, Michigan
EDU DISC

Unknown

University officials discovered that student employee information was viewable online. The information included names, addresses and Social Security numbers.

 
Information Source:
Databreaches.net
records from this breach used in our total: 0

December 18, 2007 Brownsville School District
Brownsville, Pennsylvania
EDU PHYS

Unknown

Forms with employee personal information littered the fence of a Brownsville school district warehouse. Information on litter contained confidential letters with names, bank account numbers, and Social Security numbers. The forms may be more than ten years old, but they each contain information that's still valuable.

 
Information Source:
Media
records from this breach used in our total: 0

January 27, 2010 Seattle Municipal Court
Seattle, Washington
GOV INSD

Unknown

Those with questions may call (206) 553-4110.

A former customer service representative sold the names and credit card information of court customers to ID thieves who then used the information to make fake credit cards in the victims' names.

UPDATE (6/24/2011):  The leader of an ID theft ring was sentenced to five years in prison, five years of supervised release and over $220,000 in restitution for bank fraud and aggravated identity theft on June 17, 2011.  The information that the ID thieves obtained from the Seattle Municipal Court employee included the personal information and credit card numbers of people who used credit cards to pay parking and traffic fines.  One member of the ID theft ring also managed to obtain financial information from the customers of an unnamed fast food restaurant where the defendant worked.  At least five people participated in the ID theft ring.

 
Information Source:
Databreaches.net
records from this breach used in our total: 0

December 20, 2007 Greenville County School District
Greenville, South Carolina
EDU HACK

Unknown

The district notified employees last week that its computers had been compromised and that employees' personal information was taken, including their names, home phone numbers and Social Security numbers.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

January 5, 2010 Metropark
Los Angeles, California
BSR DISC

Unknown

Personal documents were found at the Palisades Mall in West Nyack, New York. The documents had names, Social Security numbers, contact information, and other personal information. They appeared to be mishandled applications from a clothing store called Metropark.

 
Information Source:
Databreaches.net
records from this breach used in our total: 0

January 3, 2008 Robotics Industries Association
Ann Arbor, Michigan
BSO HACK

Unknown

A hacker accessed the administration site for Robotics Online gaining access to individual orders that contained credit card information. Seven residents of NH were affected, but national totals were not indicated.

 
Information Source:
Media
records from this breach used in our total: 0

January 3, 2008 Dorothy Hains Elementary School
Augusta, Georgia
EDU STAT

Unknown

The library door was kicked in and the circulation computer was stolen, something the principal desperately wants back because it has the Social Security numbers of students and teachers on it.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

January 5, 2008 New Mexico State University
Las Cruces, New Mexico
EDU PORT

Unknown

A computer hard drive containing the names and Social Security numbers of current and former NMSU employees is missing from the Pan American Center.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

January 7, 2008 Sears, ManageMyHome.com
Cook County, Illinois
BSR DISC

Unknown

Sears' ManageMyHome.com site exposed customer purchase data to any online visitor who asked about it.

 
Information Source:
Media
records from this breach used in our total: 0

January 7, 2008 Geeks.com
Oceanside, California
BSR HACK

Unknown

Personal and financial data may have been compromised by an intrusion into the systems of the online retailer's Web site. Compromised information included the names, addresses, telephone numbers and Visa credit card numbers.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

January 12, 2008 California State University Stanislaus, Sodexho
Turlock, California
EDU UNKN

Unknown

A possible data breach occurred on a food vendor's computer server. Credit card numbers, cardholder names and expiration dates were exposed, leaving hundreds, possibly thousands, of university students, staff and guests open to identity theft, with victims reporting fake charges on their cards. Social Security numbers were not accessible.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

January 15, 2008 Naval Surface Warfare Center Dahlgren Division
White Oak, Maryland
GOV PHYS

Unknown

(800) 352-7967

Officials at the Naval Surface Warfare Center are warning past and present employees that their identities and credit ratings could be at risk. Two pages of a Naval Surface Warfare Center Employment Verification Report was found when four people were arrested in Bensalem Township, Pa., last week for attempted identity fraud. The report included names, Social Security numbers, birth dates, position titles, tenure codes, pay grades, salaries and other information about the employees.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

November 7, 2009 Renal Treatment Centers Southeast, DaVita Inc.
Denver, Colorado
MED STAT

Unknown

Multiple desktop computers were stolen from a facility in Dallas.  The computers contained the names, addresses, Social Security numbers, insurance numbers, and other personal information of patients.

 
Information Source:
PHIPrivacy.net
records from this breach used in our total: 0

January 23, 2008 Baylor University
Waco, Texas
EDU INSD

Unknown

A student employee breached the security of the Baylor Information Network to access the Bear ID and passwords of those logging on to the BIN. This access didn't include sensitive information like Social Security Numbers, financial information or academic records. It was just unlawful access to Bear IDs and passwords. The information did, however, give access to Baylor e-mail and Blackboard accounts.

 
Information Source:
Media
records from this breach used in our total: 0

January 24, 2008 OmniAmerican Bank
Fort Worth, Texas
BSF HACK

Unknown

An international gang of cyber criminals hacked into the bank's records. They stole account numbers, created new PINs, fabricated debit cards, then withdrew cash from ATMs in Eastern Europe, Russia, Ukraine, Britain, Canada and New York. Fewer than 100 accounts, some of them dormant, were compromised.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

February 8, 2008 MLSgear.com
Louisville, Kentucky
BSR HACK

Unknown

Injection attacks on web servers hosted by a third-party service provider has compromised the personal data of an unspecified number of individuals who had shopped on Major League Soccer's MLSgear.com Web site. The compromised information included names, addresses, credit card data, debit card data, and MLSgear.com passwords.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

February 10, 2008 Administrative Systems, Inc
Seattle, Washington
BSO STAT

Unknown

A desktop computer stolen from an Administrative Systems, Inc. (ASI) office in Seattle contained names and sensitive information about customers or employees of several of the firm's clients: Continental American Medical, EyeMed Vision/Kelly Services Vision, and Jefferson Pilot Financial Dental. Personal details may have included name, date of birth, mailing address, and Social Security number, depending on the service being provided.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

February 27, 2010 Ameripath
Palm Beach Gardens, Florida
MED PORT

Unknown

A laptop containing sensitive information was stolen from an employee. The data included names, Social Security numbers, and addresses for patients, employees, or both.

 
Information Source:
PHIPrivacy.net
records from this breach used in our total: 0

February 13, 2008 Milwaukee County
Milwaukee, Wisconsin
GOV DISC

Unknown

Milwaukee County officials mistakenly released numerous confidential court records for a citizens group's Web site that detail payments for tests and other costs linked to to mental competency, paternity and guardianship cases. Entries for psychiatric examinations and guardianship fees in which the clients' names were still listed.

 
Information Source:
Media
records from this breach used in our total: 0

February 25, 2010 Logic World Medical
Houston, Texas
MED INSD

Unknown

The owner and operator of Logic World Medical used the names, addresses, and account numbers of Medicaid beneficiaries to file false claims for payment of services and goods that he never provided.  Approximately $1,101,865.37 was fraudulently claimed between April of 2004 and August of 2006.

 
Information Source:
PHIPrivacy.net
records from this breach used in our total: 0

February 15, 2008 Lexmark International
Lexington, Kentucky
BSO DISC

Unknown

The employee personal data was inadvertently exposed, it included Social Security numbers, dates of birth, along with names and addresses. The data was accessed by two unknown parties when the data was loaded to a company file sharing site.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

Showing 251-300 of 4488 results


X

Sign In!

Loading