Chronology of Data Breaches
Security Breaches 2005 - Present

Posted Date: April 20, 2005
Updated Date: December 31, 2013

Is this your first visit to our Chronology of Data Breaches?

  • Read our FAQ about what we define as a breached record, how we calculate the "total" records breached, our data sources, state breach notice laws, studies and other resources

  • Learn how to use our Chronology and take advantage of its sophisticated search and sort features

  • Get our RSS Feed to see when we add new breaches to the list

What would you like to do?

Chronology of Data Breaches

Custom Sort
Select your desired results. Then click "Go!"

Click or unclick the boxes then select go.


Select features, then click GO.



Help Guide

Can't find the sort feature you're looking for? Click here to download a CSV file of the data breach list as it exisits today.
Breach Total
815,842,526 RECORDS BREACHED
(Please see explanation about this total.)
from 4,488 DATA BREACHES made public since 2005

Save or Print PDF of Entire Breach List including introduction.Save or Print a PDF of Entire Breach List (including introductory FAQ)

Filter breach list before saving or printing PDF. Conduct a search of the Chronology using its sorting features, and Save or Print a PDF of your search results (Select filters)

If you do not have access to PDF, you can print the Chronology in landscape view.

Date Made Publicsort icon Name Entity Type
January 2, 2006 H&R Block
Kansas City, Missouri
BSO DISC

Unknown

H&R Block included Social Security numbers in a 40-digit number string on mailing labels.  Affected individuals were contacted.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

January 1, 2006 University of Pittsburgh Medical Center, Squirrel Hill Family Medicine
Pittsburgh, Pennsylvania
MED STAT

700

Six computers containing names, Social Security numbers, and birth dates of patients were stolen from doctors' offices. A letter was sent notifying the affected patients.

 
Information Source:
Dataloss DB
records from this breach used in our total: 700

December 28, 2005 Marriott International Inc.
Orlando, Florida
BSR PORT

206,000

It is unclear whether backup computer tapes with credit card account information and Social Security numbers were lost or stolen from headquarters during November. Employees and time-share owners and customers were affected.

 
Information Source:
Dataloss DB
records from this breach used in our total: 206,000

December 25, 2005 Ameriprise Financial Inc.
Minneapolis, Minnesota
BSF PORT

226,000

(877) 267-7408

A laptop was stolen from an employee's car on Christmas eve. It contained customers' names and Social Security numbers and in some cases, Ameriprise account information. Around 68,000 customers had their names and Social Security numbers exposed.  Around 158,000 customers had their names and internal account numbers exposed.

UPDATE (08/01/06): The laptop was recovered by local law enforcement in the community where it was stolen.

UPDATE (12/11/06): The company settled with the Massachusetts securities regulator in the office of the Secretary of State. Ameriprise agreed to hire an independent consultant to review its policies and procedures for employees' and contractors' use of laptops containing personal information. Ameriprise will pay the state regulator $25,000 for the cost of the investigation.

 
Information Source:
Dataloss DB
records from this breach used in our total: 262,000

December 22, 2005 Ford Motor Co.
Dearborn, Michigan
BSO STAT

70,000

A computer containing names and Social Security numbers of current and former employees was stolen.  Ford alerted those who were affected and offered to pay for their credit monitoring services.

 
Information Source:
Dataloss DB
records from this breach used in our total: 70,000

December 22, 2005 H&R Block
Kansas City, Missouri
BSO DISC

Unknown

Many past and present customers received unsolicited copies of the program TaxCut that displayed their Social Security numbers on the outside, embedded in a lengthy string of code.

 
Information Source:
Security Breach Letter
records from this breach used in our total: 0

December 21, 2005 Sunrise Volkswagen
Lynbrook, New York
BSR PHYS

Unknown

Bank credit applications with names, Social Security numbers, addresses, telephone numbers, employment information and signatures were obtained by unauthorized access between December 15 and 16.  

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

December 20, 2005 Guidance Software, Inc.
Pasadena, California
BSO HACK

3,800

A hacked database exposed credit card numbers of law enforcement officials and network security professionals.  The company is a leading provider of software used to diagnose hacked attacks.

UPDATE (4/3/07): The FTC came to a settlement agreement and final consent order against Guidance Software.

 
Information Source:
Dataloss DB
records from this breach used in our total: 3,800

December 16, 2005 La Salle Bank, ABN AMRO Mortgage Group, DHL
Ann Arbor, Michigan
BSF PORT

[2,000,000] Not included in total below.

A backup tape with residential mortgage customers' information was lost in shipment by DHL.  It contained Social Security numbers and account information.

UPDATE (12/20/05): DHL found the lost tape.

 
Information Source:
Security Breach Letter
records from this breach used in our total: 0

December 16, 2005 Colorado Technical University (CTU)
Colorado Springs, Colorado
EDU DISC

300

An email was erroneously sent which contained names, phone numbers, email addresses, Social Security numbers and class schedules.

 
Information Source:
Security Breach Letter
records from this breach used in our total: 300

December 12, 2005 Sam's Club, a division of Wal-Mart Stores, Inc
Bentonville, Arkansas
BSR UNKN

Unknown

Note: location is corporate headquarters, not necessarily the location of the breach.

Customers who used credit cards at the wholesaler's gas stations discovered fraudulent activity on their credit accounts.  Sam's Club is unaware of how the information was stolen.  Visa alerted the affected financial institutions and asked them to provide fraud monitoring services for the affected customers.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

December 12, 2005 Iowa State University
Ames, Iowa
EDU HACK

5,500

At least one ISU computer was hacked. Social Security numbers and encrypted credit card numbers may have been obtained. Between 2,000 and 2,500 Social Security numbers are at risk and between 2,300 and 3,000 credit card numbers are at risk. Student, alumni, employee and volunteer information was put at risk. 

 
Information Source:
Dataloss DB
records from this breach used in our total: 5,500

December 9, 2005 Oregon Community Credit Union
Springfield, Oregon
BSF PHYS

200

A packet of insurance forms with names, Social Security numbers and addresses of around 200 Oregon Community Credit Union employees was inside of a stolen car. Someone tried to use the identity of an employee after the theft.  The company is on alert and purchased extended identity theft insurance for those who were affected by the theft.

 
Information Source:
Dataloss DB
records from this breach used in our total: 200

December 8, 2005 San Antonio Independent School District
San Antonio, Texas
EDU PORT

1,000

A laptop with personal information of more than a thousand teachers was stolen from an employee's unlocked car.  The information included names, Social Security numbers and dates of birth. 

 
Information Source:
Dataloss DB
records from this breach used in our total: 1,000

December 8, 2005 J-Sargeant Reynolds Community College
Richmond, Virginia
EDU DISC

26,000

The names, Social Security numbers and addresses of students taking non-credit classes from 2000 to 2003 were posted online for months.  The information was compiled for a mailing list, but an employee posted it on the College's server.  A student informed officials of the mistake after accessing the information online.  The College began the process of removing the information from the web.

 
Information Source:
Dataloss DB
records from this breach used in our total: 26,000

December 8, 2005 Federal Reserve Bank of Dallas
Dallas, Texas
GOV PHYS

8,000

A courier truck dropped canceled personal and business checks on northbound Central Expressway near Woodall Rodgers Freeway around 4 a.m.  The incident closed the freeway exit until 7 a.m.  Employees from the Federal Reserve, the courier company and the Texas Department of Transportation removed many checks, though some disappeared.  Some unaffiliated people also returned checks to the authorities.  A very similar incident happened in August of 2005.

 
Information Source:
Dataloss DB
records from this breach used in our total: 8,000

December 7, 2005 Idaho State University, Office of Institutional Research
Pocatello, Idaho
EDU HACK

Unknown

Contact: Information Technology Services (208) 282-2872, http://www.isu.edu/announcement/

ISU discovered a security breach in a server containing archival information about students, faculty, and staff, including names, Social Security numbers, birth dates, and grades. Anyone who was a student or employee between 1995 and 2005 could be affected.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

December 6, 2005 Washington State Employment Security Department
Olympia, Washington
GOV PORT

530

A laptop was stolen from the trunk of an auditor's car. Names, Social Security numbers and earnings of former employees from 2002 to 2005 were exposed.  The Employment Security Department does not have all of the contact information for those affected and used the media to help notify those whose information was compromised.  The laptop contained unemployment insurance reports for 49 Seattle businesses that were undergoing routine audits by Employment Security between November 2004 and October 2005..

 
Information Source:
Dataloss DB
records from this breach used in our total: 530

December 2, 2005 Cornell University
Ithaca, New York
EDU HACK

900

The University discovered a security breach last summer that exposed names, addresses, Social Security numbers, bank names and account numbers.

 
Information Source:
Dataloss DB
records from this breach used in our total: 900

December 1, 2005 First Trust Bank
Memphis, Tennessee
BSF PORT

100,000

A man claiming to be a janitor bypassed security and stole a laptop from the bank.  The laptop contained Social Security numbers and other personal information of current and former customers.  Affected customers were contacted and the theft was caught on tape.

 
Information Source:
Dataloss DB
records from this breach used in our total: 100,000

December 1, 2005 University of San Diego
San Diego, California
EDU HACK

7,800

Hackers gained access to computers containing personal income tax data, including Social Security numbers, names, and addresses.  Faculty members, students and vendors had their information compromised and were notified by the University.

 
Information Source:
Dataloss DB
records from this breach used in our total: 7,800

November 23, 2005 University of Delaware
Newark, Delaware
EDU HACK

952

Two separate departments were breached by hacking within a short period of time.  A School of Education computer with the names and Social Security numbers of 772 students registered in online education courses was attacked in late August.  A Department of English computer that had the Social Security numbers of 180 faculty, graduate assistant and other teaching staff from the department was also hacked in August.  The larger breach appears to be the result of someone attempting to establish an illegal movie sharing system.  The smaller breach was a possible attempt to log onto and control one server in order to gain control over servers of other campuses.  Those affected received notification and Social Security numbers have been removed from both servers.

 
Information Source:
Dataloss DB
records from this breach used in our total: 952

November 19, 2005 Boeing
Chicago, Illinois
BSO PORT

161,000

A laptop containing names, Social Security numbers, bank account information and other human resources data was stolen.  Affected current and former employees were notified.

 
Information Source:
Dataloss DB
records from this breach used in our total: 161,000

November 18, 2005 Indiana University Kelley School of Business
Indianapolis, Indiana
EDU HACK

5,278 (4,778 SSNs reported)

Students at the Indianapolis and Bloomington campuses may have been affected.

A hacker may have accessed the names, Social Security numbers and grades of students who enrolled in Introduction to Business courses between 2001 and 2005. The computer may have been hacked and installed with malware as early as August. A representative believes the breach occurred because the files were stored on a computer that did not have current anti-virus and system-protection software.

 
Information Source:
Dataloss DB
records from this breach used in our total: 4,778

November 11, 2005 Georgia Tech University Office of Enrollment Services
Atlanta, Georgia
EDU STAT

13,000

On October 16 of 2005 computers were stolen from campus which contained the names, Social Security numbers, addresses and birth dates of current and prospective students. Notifications were sent to those who were affected.

 
Information Source:
Dataloss DB
records from this breach used in our total: 13,000

November 11, 2005 Scottrade Troy Group
Santa Ana, California
BSF HACK

Unknown

A hacker compromised a server containing names, Social Security numbers, driver's licenses, state ID numbers, dates of birth, phone numbers, bank names, bank codes, bank account numbers and Scottrade account numbers.  Scottrade alerted all affected customers.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

November 10, 2005 State of California - Department of Corrections and Rehabilitations (CDCR) Parole Outpatient Clinic
Sacramento, California
MED PORT

Unknown

On or around June 18, 2005 a laptop computer was stolen with information on parolees. It was unclear from the letter we recieved whether Social Security numbers were involved. 

 
Information Source:
Security Breach Letter
records from this breach used in our total: 0

November 9, 2005 TransUnion Credit Bureau
Chester, Pennsylvania
BSF STAT

3,623

A desktop containing Social Security numbers and other information was stolen from a regional sales office in California.  Affected consumers were notified and offered one year of free credit monitoring services.

 
Information Source:
Dataloss DB
records from this breach used in our total: 3,623

November 7, 2005 Papa John's
Louisville, Kentucky
BSR DISC

Unknown

An error made thousands of customer comments and internal corporate emails available to anyone searching the Internet.  Customer comments submitted between September 29 and November 7 were viewable and had customer names, addresses, phone numbers and email addresses attached.  The company stated that "customer feedback over the last five weeks...could be viewed by a user who would have to enter a very specific, unpublished URL."  The system now requires a password.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

November 5, 2005 Safeway, Hawaii
Pleasanton, California
BSR PORT

1,400 in Hawaii, perhaps more elsewhere

Additional locations: Hawaii (where affected employees work). Laptop was stolen from a private home in California.

A division director's laptop was stolen.  Names and Social Security numbers of some Hawaii workers were compromised by the theft.  The theft occurred in August and letters were sent to affected employees in October.

 
Information Source:
Dataloss DB
records from this breach used in our total: 1,400

November 4, 2005 Keck School of Medicine, University of Southern California (USC)
Los Angeles, California
EDU STAT

50,000

A computer server containing names and Social Security numbers of patients, donors and employees was stolen from a campus computer room.

 
Information Source:
Security Breach Letter
records from this breach used in our total: 50,000

November 1, 2005 University of Tennessee Medical Center
Knoxville, Tennessee
MED PORT

3,800

A laptop was stolen from the University's medical billing office.  Personal information lost included names, Social Security numbers and birth dates.  Affected patients were not informed of the theft for nearly two months.

 
Information Source:
Dataloss DB
records from this breach used in our total: 3,800

October 29, 2005 University of Tennessee
Knoxville, Tennessee
EDU DISC

1,900

People at any of the University of Tennessee campuses may have been affected.

Nineteen hundred students and employees had their names and Social Security numbers posted on the Internet from spring of 2004 until the discovery in October of 2005.  A student searched her name and found it listed with her Social Security number on a UT email discussion group site.  Information pertaining to individuals who had either paid or owed small amounts of money to the University was shared among 10 employees and the information technology office.  The information was mistakenly coded as public rather than private.

 
Information Source:
Dataloss DB
records from this breach used in our total: 1,900

October 21, 2005 Wilcox Memorial Hospital
Lihue, Hawaii
MED PORT

130,000

A backup computer data drive containing medical record numbers, addresses, names and Social Security numbers of current and former patients was lost.  Letters have been sent to affected patients.

 
Information Source:
Dataloss DB
records from this breach used in our total: 130,000

October 20, 2005 Monmouth University
West Long Branch, New Jersey
EDU DISC

677

The names and Social Security numbers of 677 students were posted online for over four months.  The University corrected the error and notified students after a student notified them of the problem.  A glitch seems to have caused the information to be found through a simple Internet search.

 
Information Source:
Dataloss DB
records from this breach used in our total: 677

October 20, 2005 Vermont Technical College
Randolph Center, Vermont
EDU DISC

Unknown

Names, Social Security numbers, addresses, SAT scores and ethnicity of all students enrolled during 2003 were posted online from January 2004 until the mistake was discovered in October of 2005.  Someone accidentally sent the data to a publicly accessible place.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

October 15, 2005 Montclair State University
Montclair, New Jersey
EDU DISC

9,100

Names and Social Security numbers of undergraduates were posted online for nearly four months.  An undergraduate alerted the University after running a Google.com search of his name.  The University warned all students of the problem.

 
Information Source:
Dataloss DB
records from this breach used in our total: 9,100

October 12, 2005 Ohio State University Medical Center
Columbus, Ohio
MED DISC

2,800

Appointment information including Social Security numbers, birth dates, addresses, phone numbers, medical record numbers, reasons for appointments, and physicians was exposed online.

 
Information Source:
Security Breach Letter
records from this breach used in our total: 2,800

October 8, 2005 Blockbuster
New York, New York
BSR PHYS

Unknown

Hundreds of files were dumped in clear garbage bags on the street. Recent membership applications revealed customer names, birth dates, addresses, phone numbers, driver's license numbers, credit card number, credit card expiration date and signatures. For some strange reason, the applications also included customer Social Security numbers. The files were dumped after the store went out of business.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

September 29, 2005 University of Georgia
Athens, Georgia
EDU HACK

1,600

A hacker may have accessed the names and Social Security numbers of at least 1,600 people working for the College of Agricultural and Environmental Sciences.  The University is attempting to contact individuals who may have been affected.

 
Information Source:
Dataloss DB
records from this breach used in our total: 1,600

September 28, 2005 RBC Dain Rauscher
Minneapolis, Minnesota
BSF INSD

300,000 households (100 targeted)

Someone claiming to be a former employee obtained customer names, addresses, tax ID number, birth date and Dain Rauscher account number.  The former employee sent letters to over 100 customers and claimed that their personal information had been sold in retaliation against the company.

 
Information Source:
Dataloss DB
records from this breach used in our total: 100

September 23, 2005 Bank of America
Charlotte, North Carolina
BSF PORT

Not disclosed

A laptop was stolen from a Bank of America service provider.  Information such as names, account numbers, routing transit numbers, and credit card numbers were compromised by the theft.  An unspecified number of Visa Buxx users were contacted by Bank of America.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

September 22, 2005 City University of New York
New York, New York
EDU DISC

771

An unprotected payroll link exposed personal information for Hunter College Campus Schools.  Those affected included 335 Queens College law school students, 265 current workers and 171 former workers at local elementary and high schools.  All affected people were contacted.

 
Information Source:
Dataloss DB
records from this breach used in our total: 771

September 22, 2005 Internal Revenue Service (IRS)
San Francisco, California
GOV PHYS

30,000

Taxpayers in Alaska, Arizona, California, Hawaii, Idaho, Montana, Nevada, Ohio, Oregon, Utah, Virginia, Washington and Wyoming may have been affected.

A truck carrying checks with tax information for the self-employed was involved in an accident on the San Mateo Bridge. Wind blew about 30,000 pieces of mail into the bay and beyond. The IRS agreed to waive penalties and interest for anyone whose payment was affected.

 
Information Source:
Dataloss DB
records from this breach used in our total: 30,000

September 19, 2005 Children's Health Council
San Jose, California
NGO PORT

5,000 - 6,700

A tape containing sensitive information was stolen from a Children's Health Council office. The tape contained names, Social Security numbers, and detailed medical information for around 6,000 current and former clients.  Payroll information for 700 current and former employees was also on the tape.  The agency alerted those who may be at risk of identity theft.

 
Information Source:
Dataloss DB
records from this breach used in our total: 6,700

September 17, 2005 North Fork Bank (now Capital One Bank)
New York, New York
BSF PORT

9,000

A laptop containing mortgage data was stolen from a North Fork Bank office on the weekend of July 24 of 2005.  Personal information included names, addresses, and mortgage account numbers.  Affected customers were contacted and offered one year of free credit monitoring services from Equifax.

 
Information Source:
Dataloss DB
records from this breach used in our total: 9,000

September 15, 2005 Miami University
Hamilton, Ohio
EDU DISC

21,762

A report containing Social Security numbers and grades of students was accessible online for three years.  The University is attempting to contact those affected via letters and emails.  A graduate alerted the University to the exposure after running a Google.com search of her name.

 
Information Source:
Dataloss DB
records from this breach used in our total: 21,762

September 13, 2005 Fort Carson
Colorado Springs, Colorado
GOV PORT

9,300

Four computer hard drives were stolen from the Soldier Readiness Processing center during the weekend of August 20. Personnel records with names, Social Security numbers, ages, ranks, jobs, citizenship information and unit affiliations of soldiers, civilian federal employees and contractors who had been processed through the center since January were on the hard drives.

 
Information Source:
Dataloss DB
records from this breach used in our total: 9,300

September 10, 2005 Kent State University
Kent, Ohio
EDU STAT

100,000

Five desktop computers were stolen from the locked offices of two deans. Names, Social Security numbers, and grades were on the computers.  The information goes back to 2000 for students and 2002 for instructors.  Affected students and professors were alerted by the University.

 
Information Source:
Dataloss DB
records from this breach used in our total: 100,000

September 2, 2005 Iowa Student Loan
West Des Moines, Iowa
BSF PORT

165,000

A compact disk containing personal information, including SSNs, was lost when shipped by private courier.

 
Information Source:
Dataloss DB
records from this breach used in our total: 165,000

Breach Total
815,842,526 RECORDS BREACHED
(Please see explanation about this total.)
from 4,488 DATA BREACHES made public since 2005
Showing 4351-4400 of 4488 results


X

Sign In!

Loading