Chronology of Data Breaches
Security Breaches 2005 - Present

Posted Date: April 20, 2005
Updated Date: December 31, 2013

Is this your first visit to our Chronology of Data Breaches?

  • Read our FAQ about what we define as a breached record, how we calculate the "total" records breached, our data sources, state breach notice laws, studies and other resources

  • Learn how to use our Chronology and take advantage of its sophisticated search and sort features

  • Get our RSS Feed to see when we add new breaches to the list

What would you like to do?

Chronology of Data Breaches

Custom Sort
Select your desired results. Then click "Go!"

Click or unclick the boxes then select go.


Select features, then click GO.



Help Guide

Can't find the sort feature you're looking for? Click here to download a CSV file of the data breach list as it exisits today.
Breach Total
815,842,526 RECORDS BREACHED
(Please see explanation about this total.)
from 4,489 DATA BREACHES made public since 2005

Save or Print PDF of Entire Breach List including introduction.Save or Print a PDF of Entire Breach List (including introductory FAQ)

Filter breach list before saving or printing PDF. Conduct a search of the Chronology using its sorting features, and Save or Print a PDF of your search results (Select filters)

If you do not have access to PDF, you can print the Chronology in landscape view.

Date Made Public Name Entity Type
June 6, 2006 Thomson West
Eagan, Minnesota
BSO PORT

Unknown

A laptop was discovered stolen on or around April 28. The information on the laptop included employee names, Social Security numbers, addresses and phone numbers. Notifications were sent in early June.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

July 13, 2006 New York State Department of Motor Vehicles (DMV), New York State Thruway Authority
, New York
GOV INSD

57 (No SSNs or financial information reported)

A Thruway employee performed searches of DMV records without authorization. The discovery was made on December 27, but the length of time this employee engaged in the behavior was not reported. The employee had access to all the information contained on driver's licenses.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

August 25, 2006 Verizon Wireless
Basking Ridge, New Jersey
BSR DISC

5,210 (No SSNs or financial information reported)

A Microsoft Excel spreadsheet file with the information of 5,210 customers was accidentally distributed to 1,800 Verizon Wireless subscribers. The information included names, email addresses, cell phone numbers and cell phone models. The file was accidentally attached to an ad for a Bluetooth wireless headset.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

August 9, 2006 Hunter College of the City University of New York
New York, New York
EDU STAT

Unknown

A computer was stolen from the Writing Center in Thomas Hunter Hall on or around July 5.  Its hard drive had a file that contained a list of student names and Social Security numbers. Students who participated in the Spring 2006 CPE intervention session were affected.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

August 15, 2006 New Century Mortgage Corporation
Irvine, California
BSF INSD

Unknown

On August 10, a former employee was found to have copied and disseminated customer information to unknown third parties. The information included names, addresses and Social Security numbers.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

August 29, 2006 Wells Fargo, Paymap Inc., First Horizon Home Loans, Western Union
Memphis, Tennessee
BSF PORT

Unknown

Computer discs with sensitive customer information were stolen from a Paymap facility in September of 2005. People who were subscribers between 1999 and 2002 may have been affected. The theft was not discovered until an unrelated mail fraud investigation was in process. information included names, addresses, telephone numbers, Social Security numbers, loan account numbers, bank account information, copies of signatures and copies of voided or cleared personal checks.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

August 28, 2006 Copart, Inc.
Fairfield, California
BSR HACK

43,764 (No SSNs or financial information reported)

Hackers may have acquired the full names of customers, business and home addresses, telephone numbers, email addresses, driver's license numbers and possibly driver's license photographs. The website breach was discovered on July 17 and customers were notified on August 28. No Social Security numbers or financial information was accessed.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

November 19, 2010 Private Dental Practice
Florissant, Missouri
MED PORT

1,400 (No SSNs or financial information reported)

A dentist's laptop was stolen from his car in October. It contained the clinical information for patients who saw him at a St. Charles office. The dentist notified police immediately, but waited about a month to notify patients.

 
Information Source:
PHIPrivacy.net
records from this breach used in our total: 0

November 18, 2010 EOD Technology (EODT)
Knoxville, Tennessee
BSO HACK

Unknown

One or more unauthorized individuals definitely accessed employee names and Social Security numbers in 2008. The breach was not reported until 2010 because EODT did not have evidence that personal information had been accessed during the breach. The firm claims that the breach did not lead to any fraudulent activity during those two years.

 
Information Source:
Databreaches.net
records from this breach used in our total: 0

November 18, 2010 Federal Reserve Bank of Cleveland, FedComp
Cleveland, Ohio
GOV HACK

Unknown

FedComp system held the data of the Firemen’s Association of the State of New York Federal Credit Union and the Mercer County New Jersey Teachers’ Federal Credit Union, and other federal credit unions.

A foreign national responsible for fraudulently obtaining or holding 400,000 credit card numbers was caught in the U.S. while attempting to meet hackers and utilize stolen financial information. The man is also accused of hacking into the Cleveland Federal Reserve Bank in June, though the amount of information he was able to obtain is unknown and separate from the 400,000 card numbers found on his computer.

UPDATE (4/13/2011): The foreign national pleaded guilty to hacking into a Federal Reserve Bank computer server belonging to the Federal Reserve Bank, and installing a malicious code onto that server.  The man had compromised many other computer servers that belonged to large corporations, financial institutions, defense contractors and other groups, and selling or trading the information. Because FedComp, a data processor for federal credit unions was affected, financial information from federal credit unions in various states may have been inappropriately accessed.

 
Information Source:
Databreaches.net
records from this breach used in our total: 0

November 16, 2010 All Star Lanes
Salina, Kansas
BSF PHYS

Unknown

A laptop and money bag were stolen during a burglary that occurred between November 14 and November 15.  The bag had thousands of dollar in cash, checks and credit card transactions.

 
Information Source:
Databreaches.net
records from this breach used in our total: 0

November 16, 2010 Chili's
Dallas, Texas
BSR HACK

Unknown

Chili's email club service provider InterMundo Media experienced a server breach. No financial information or Social Security numbers were collected for club membership, but full names, email addresses and dates of birth could have been accessed.

 
Information Source:
Databreaches.net
records from this breach used in our total: 0

November 21, 2010 Coliseum Hospital
Macon, Georgia
MED INSD

Unknown

A former employee was able to enter a secured area and log onto a hospital computer while attending a social event. The former employee's access code had been left active and patient records were viewed during the incident.

 
Information Source:
PHIPrivacy.net
records from this breach used in our total: 0

November 19, 2010 1st Source Bank
South Bend, Indiana
BSF UNKN

Unknown

The Bank's third-party payment service provider had a breach incident.  Customer account numbers and expiration dates may have been exposed.  The Bank sent affected customers a new pin and debit card.

 
Information Source:
Databreaches.net
records from this breach used in our total: 0

November 19, 2010 American Association of Retired Persons, AARP Insurance
Washington, District Of Columbia
BSF DISC

Unknown

Any customers who receive another customer's information should call 800-784-5789.

A client received another client's information in an insurance policy letter. He attempted to trace the mistake and notified the organization that underwrites AARP's life insurance program, New York Life Insurance. It is unknown how this error occurred and client names, phone numbers, policy numbers, check account information and dates of birth could have been exposed.

 
Information Source:
Databreaches.net
records from this breach used in our total: 0

November 20, 2010 Desert Rose Resort
Las Vegas, Nevada
BSR HACK

Unknown

Some guests and employees were affected by a breach or breaches that occurred between June 2010 and October 2010. Credit and debit card information was stolen and misused.  The method that criminals used to access the information was not disclosed.

UPDATE (11/30/10): Other hotels owned by Desert's parent company Shell Vacation Resorts may have been affected.

UPDATE (12/22/10): A notice on Shell's website states that the breach occurred because of a malicious software infection.  It was determined that the management system software program of Shell Vacation properties was infected with the malware.

 
Information Source:
Security Breach Letter
records from this breach used in our total: 0

September 5, 2006 TLM Partners LP
Palm Beach, Florida
BSF PORT

Unknown

Two backup computer tapes were stolen from a vehicle during a June 8 theft. The tapes contained names, addresses and Social Security numbers. The tapes were discovered missing on July 6 and an unknown number of affected clients were notified on July 11. At least two New York residents were affected.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

September 27, 2006 New York Life Insurance Company
Boston, Massachusetts
BSF STAT

Unknown

A life insurance agent reported that two desktops were stolen from his office.  Customer names, Social Security numbers, addresses, dates of birth and policy numbers may have been exposed. An unspecified number of customers nationwide were affected.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

October 6, 2006 StarCite Inc.
Philadelphia, Pennsylvania
BSO PORT

Unknown

A laptop containing personal information of employees was stolen from a hotel room on September 13. The information included name, Social Security number, date of birth, address, date of hire, occupation, salary, supplemental insurance information, and identified the type and tier of medical and/or dental coverage.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

November 24, 2010 Sta-Home Health & Hospice
Jackson, Mississippi
MED STAT

1,104 (No SSNs or financial information reported)

A September 15 office burglary resulted in the theft of a desktop computer. The computer once held protected health information of people with state Medicaid claims. Some files included encoded names and diagnostic codes. Medicaid account numbers, financial information and Social Security numbers were not exposed.

 
Information Source:
HHS via PHIPrivacy.net
records from this breach used in our total: 0

December 1, 2010 State Department of Labor and Industries, Washington State Employees Credit Union, Court of Appeals
Tacoma, Washington
GOV PHYS

Unknown

Confidential paper files from at least three tenants of the state-owned Rhodes Building were found in an unsecured recycling bin. Some documents included names, Social Security numbers, checking account information, health information and dates of birth. A news report claimed the documents numbered in the dozens. Representatives for some of the organizations claimed that the files were supposed to be shredded.

 
Information Source:
Databreaches.net
records from this breach used in our total: 0

December 3, 2010 Manor Care of Indy (South), LLC
Indianapolis, Indiana
MED PHYS

845 (No SSNs or financial information reported)

The protected health information of 845 individuals may have been viewed or obtained by an unauthorized person or persons.

 
Information Source:
HHS via PHIPrivacy.net
records from this breach used in our total: 0

December 3, 2010 Prime Home Care, LLC
Omaha, Nebraska
MED STAT

1,716 (No SSNs or financial information reported)

The September 13 theft of a desktop may have left patient information exposed.

 
Information Source:
HHS via PHIPrivacy.net
records from this breach used in our total: 0

November 23, 2010 Triple-C, Inc. (TCI), Triple-S Salud, Inc. (TSS)
San Juan, Puerto Rico
MED HACK

406,000 (No SSNs or financial information reported)

Approximately 398,000 members in the North and Metro-North districts of Puerto Rico's government health insurance plan (HIP) were affected. The information of an additional 5,500 HIP beneficiaries, 2,500 Medicare beneficiaries and IPA from three HIP districts serviced by TSS was accessed.

An internet database managed by TCI containing information of some people insured by Triple-S Salud, Inc. was accessed by employees of a competitor. People insured by TSS under the Puerto Rican government's health insurance plan and independent practice associations (IPA) that provided services to those people may have had their information accessed. The breach was the result of the unauthorized use of one or more active user IDs and passwords for the TCI IPA database. TCI believes that financial information related to IPAs was the target of the attack and not the information of individuals. Multiple intrusions happened in September. A TCI competitor notified the organization on September 21.

 
Information Source:
PHIPrivacy.net
records from this breach used in our total: 0

December 5, 2010 American Check Cashers of Oklahoma, LLC
Tulsa, Oklahoma
BSF PHYS

Unknown

Hundreds of blank checks, bank and telephone statements, Social Security card copies and ID copies were found in a dumpster by someone from a a neighboring store. The documents date from 2004 to 2009. The owner of the business said that the mistake occurred when some sensitive documents were sorted in with non-sensitive documents and dumped rather than shredded. It is unclear whether the sorting error was made by the shredding company or the business. Ninety-six of the documents were kept by the neighboring store's owner. He agreed to return the documents to their owners and destroy the ones he cannot return.

 
Information Source:
Databreaches.net
records from this breach used in our total: 0

December 4, 2010 Phoenix
Baltimore, Maryland
BSF INSD

Unknown

Phoenix was composed of tax businesses named Phoenix Tax World, 101 Taxes, 420 Income Tax Services and 1 One 1 Taxes.

Sometime between late 2005 and April of 2009 the owner of the business and a co-conspirator prepared more than 600 fraudulent individual federal income tax returns on behalf of clients. A book with the names, Social Security numbers and dates of birth of various children was found at the owner's home during a police search. The children's information was used to claim false deductions for fictional dependents of her clients. The owner pleaded guilty to conspiracy to file false tax returns and aggravated identity theft.

 
Information Source:
Databreaches.net
records from this breach used in our total: 0

December 3, 2010 Mesa County, Western Colorado Drug Task Force
Grand Junction, Colorado
GOV DISC

200,000 (Unknown number of SSNs)

A former employee accidentally posted sensitive information in a place that was publicly accessible on the Internet. The home addresses of sheriff's deputies, names of confidential drug informants, confidential emails between officers and other sensitive information were accessible from April until the discovery in November. The FBI is investigating which computer users may have accessed the information. The breach was discovered on November 24 when an individual searched the Internet and found one of the files mentioning his or her name.

 
Information Source:
Databreaches.net
records from this breach used in our total: 0

November 30, 2010 Farber Enterprises
Harlingen, Texas
BSF PHYS

Unknown

Farber Enterprises is located in Kerrville, Texas.

Hundreds of documents were abandoned near a bridge in the Harlingen area.  The documents contained receipts, invoices, canceled checks, Social Security numbers, addresses and phone and driver's license numbers. A man whose information was found said that he had applied for employment with Farber two or three years ago.

 
Information Source:
Databreaches.net
records from this breach used in our total: 0

December 10, 2010 Memorial Hospital of Gardena
Gardena, California
MED PHYS

771 (No SSNs or financial information reported)

The Hospital reported that the unauthorized access or disclosure of paper records affected patients. The incident occurred on or around October 14.

 
Information Source:
HHS via PHIPrivacy.net
records from this breach used in our total: 0

December 10, 2010 Albert Einstein Healthcare Network
Philadelphia, Pennsylvania
MED STAT

613 (No SSNs or financial information reported)

The October 21 theft of a desktop computer may have exposed the protected health information of patients.

 
Information Source:
HHS via PHIPrivacy.net
records from this breach used in our total: 0

December 10, 2010 Kings County Hospital Center
Brooklyn, New York
MED STAT

542 (No SSNs or financial information reported)

The August 22 theft of a desktop computer may have exposed the protected health information of patients.

 
Information Source:
HHS via PHIPrivacy.net
records from this breach used in our total: 0

December 10, 2010 Newark Beth Israel Medical Center, Professional Transcription Company (PTC), Inc.
Newark, New Jersey
MED DISC

1,744 (No SSNs or financial information reported)

Clinical reports with patient names, medical record numbers, hospital account numbers, physician names, dates of birth, diagnosis and other clinical information were accidentally placed on a website by PTC. It is possible that the reports were accessible from January 1 through September. PTC assists the Medical Center in transcribing dictated physician reports.

 
Information Source:
HHS via PHIPrivacy.net
records from this breach used in our total: 0

December 10, 2010 Ochsner Health System , H.E.L.P. Financial Corporation
New Orleans, Louisiana
MED PHYS

9,475 (No SSNs or financial information reported)

The location listed is Ochsner's headquarters. Patients may call 1-877-365-1663 with questions. The senior public relations specialist can be reached at 504-842-9143.

On October 4, Oschner was contacted by several patients claiming they had received the patient information of someone else. Letters had been sent on by HELP on September 27 that included incorrect names, medical record numbers, account numbers and account balances. HELP assists Oschner patients with payment arrangements for outstanding hospital and clinical account balances. A programming error at HELP caused the mistake. No patient will be able to access another patient's medical or financial records using the incorrect information from the letters they received.

 
Information Source:
HHS via PHIPrivacy.net
records from this breach used in our total: 0

December 10, 2010 Genesco Inc.
Nashville, Tennessee
BSF HACK

Unknown

Customers who used credit or debit cards at United States Journeys, Journeys Kidz, Johnston and Murphy, Shi by Journeys and some Underground Stations stores may have had their information gathered during a criminal intrusion of Genesco's computer network. It is possible that credit and debit card numbers, expiration dates and card verification codes were accessed.

UPDATE (01/17/2013): Genesco has spent $2.1 million on consulting and legal fees related to the breach.

UPDATE (03/08/2013): Genesco also owns Lids.  Genesco sued VISA for $13 million in unnecessary fines associated with the data breach.  VISA fined banks for their role in failing to comply with industry-wide credit card security standards.  The banks then took money from Genesco to address fines and breach recovery.

 
Information Source:
Databreaches.net
records from this breach used in our total: 0

December 9, 2010 Methodist Theological School in Ohio
Delaware, Ohio
EDU PORT

Unknown

The October 13 theft of a laptop resulted in the exposure of personal information of some people with a connection to MTSO.  Names, Social Security numbers, dates of birth, financial payments received and letter grades for completed courses may have been stored on the laptop.  The laptop was stolen from a locked off-campus site.

 
Information Source:
Databreaches.net
records from this breach used in our total: 0

December 8, 2010 Illinois Secretary of State Drivers License Division
Libertyville, Illinois
GOV INSD

Unknown

An executive turned himself into authorities after being accused of selling Libertyville customer database information to identity thieves in exchange for sports tickets and gift cards.  The executive faces three counts of conspiracy to commit identity theft.

 
Information Source:
Databreaches.net
records from this breach used in our total: 0

December 13, 2010 Mountain Vista Medical Center
Mesa, Arizona
MED PORT

2,284 (No SSNs or financial information reported)

On October 13, multiple memory data cards were discovered to be missing from two endoscopy machines. The information of patients who had procedures performed between January of 2008 and October 12 of 2010 was on the data cards. The information included full name, hospital record number, date of birth, gender, age, date and type or procedure and image(s) related to the procedure.

 
Information Source:
PHIPrivacy.net
records from this breach used in our total: 0

December 14, 2010 Home Depot
Tallahassee, Florida
BSR INSD

Unknown

A loss prevention officer reported that an employee was using a skimming device to steal the credit card information of customers. The officer reported the employee on December 8 and the employee was caught in the act of using a skimmer on December 10. The number of customers affected by these incidents and the length of time the employee worked at the store have not been reported.

 
Information Source:
Databreaches.net
records from this breach used in our total: 0

December 13, 2010 Liberty Tax Service
Portsmouth, Virginia
BSF PHYS

Unknown

Personal tax documents were left exposed in a dumpster. The tax documents had Social Security numbers, addresses and financial information. The company did not reveal how the documents may have found their way into the dumpster, but said that it was against company policy to leave them exposed and intact. At least one person had their tax information from 2008 exposed.  The number of documents was described as "mounds".

 
Information Source:
Databreaches.net
records from this breach used in our total: 0

December 10, 2010 Walgreens
Deerfield, Illinois
BSR HACK

Unknown

A hacker managed to obtain Walgreens' email marketing list.  People on the list were sent realistic-looking phishing emails that directed them to a web page under hacker control.  The only information that was stolen during the hack was the email list.  People who fell victim to the phishing scam may have entered other personal information into the phony web page.

 
Information Source:
Databreaches.net
records from this breach used in our total: 0

October 14, 2006 CBA Information Solutions, Washington Savings Bank
Bowle, Maryland
BSF UNKN

Unknown

An unauthorized user gained access to the log in information of Washington Savings Bank. The unauthorized user could have accessed customer and non-customer names, Social Security numbers, addresses and credit histories. The breach occurred between September 15 and September 21. At least 20 New York residents were affected, but the nationwide total was not reported.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

October 12, 2006 Sears Holding Corporation
Winter Park, Florida
BSF PORT

Unknown

A laptop was stolen from the office on September 28. Certain customers had their information on an access database file that was on the laptop. Names, telephone numbers, addresses, account number, account types and account expiration dates were exposed.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

December 12, 2010 Gawker
New York, New York
BSO HACK

1,300,000 (No SSNs or financial information reported)

Hackers gained access to the Site's database.  Staff and user emails and passwords, the site code and staff messages were made accessible to anyone.  The group claiming responsibility calls themselves Gnosis.  Gawker encouraged users to change their passwords after their information was exposed.  This may also mean changing passwords for other sites where users have similar screen names and passwords.  Gnosis claims they had access to the site for a long time and exposed Gawker's information "because of their outright arrogance."

 
Information Source:
Databreaches.net
records from this breach used in our total: 0

December 11, 2010 Kaplan University
Chicago, Illinois
EDU INSD

Unknown

The former dean of law and legal studies was convicted of making threats to students, staff and executives via email.  The former University employee hacked into a colleague's email account and sent threats about identity theft and more to people during 2007.  The former employee claims he was framed after threatening to expose the University's misconduct.  

 
Information Source:
Databreaches.net
records from this breach used in our total: 0

November 20, 2006 Bank of Jena, Experian
Jena, Louisiana
BSF HACK

Unknown

An unauthorized user was able to access Experian consumer information through the Bank of Jena. Names, Social Security numbers, addresses, dates of birth and account numbers could have been accessed. At least 29 New York residents were affected, but the total number of residents affected nationwide was not revealed.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

December 15, 2010 California Department of Public Health
West Covina, California
MED PORT

2,550 (Unknown number of SSNs)

A magnetic tape was lost during shipping between West Covina and Sacremento on or around September 27. The health care facility staff and residents who were determined to have been affected were notified on November 23.  Employee emails, employee background reports, investigative reports, names and diagnosis information on health care facility residents and Social Security numbers for CDPH workers were on the tape. 

 
Information Source:
PHIPrivacy.net
records from this breach used in our total: 0

December 14, 2010 Department of Education Federal Student Aid (FSA) Division
Dolton, Illinois
GOV INSD

Unknown

A former FSA employee repeatedly accessed the National Student Loan Database System (NSLDS) during her employment. The employee searched and viewed confidential student loan records of several hundred people without reason between April of 2006 and May of 2009. The former employee pleaded guilty and is scheduled to be sentenced on February 22 of 2011.

 
Information Source:
Media
records from this breach used in our total: 0

December 1, 2006 First Banks Inc
Louisville, Kentucky
BSF PORT

Unknown

A laptop was stolen from the locked office of an employee during a nighttime burglary on November 20. Loan applications, financial statements and credit reports with client names, addresses and Social Security numbers were on the laptop. At least two New York residents were affected, but the total number of affected clients nationwide was not revealed.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

December 7, 2006 CIGNA HealthCare Corp
Pittsburgh, Pennsylvania
MED INSD

Unknown

A former employee used customer credit card information.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

January 3, 2007 Academic Magnet High School
North Charleston, South Carolina
EDU PORT

500 (No SSNs or financial information reported)

A recent burglary makes it the third time that computers were stolen during campus burglaries. Two other incidents occurred in November. Student information was on the laptop stolen in the recent burglary. School officials felt that risk of identity theft was extremely low because the information was password protected and encrypted.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

Breach Total
815,842,526 RECORDS BREACHED
(Please see explanation about this total.)
from 4,489 DATA BREACHES made public since 2005
Showing 651-700 of 4489 results


X

Sign In!

Loading