Chronology of Data Breaches
Security Breaches 2005 - Present

Posted Date: April 20, 2005
Updated Date: December 31, 2013

Is this your first visit to our Chronology of Data Breaches?

  • Read our FAQ about what we define as a breached record, how we calculate the "total" records breached, our data sources, state breach notice laws, studies and other resources

  • Learn how to use our Chronology and take advantage of its sophisticated search and sort features

  • Get our RSS Feed to see when we add new breaches to the list

What would you like to do?

Chronology of Data Breaches

Custom Sort
Select your desired results. Then click "Go!"

Click or unclick the boxes then select go.


Select features, then click GO.



Help Guide

Can't find the sort feature you're looking for? Click here to download a CSV file of the data breach list as it exisits today.
Breach Total
867,188,052 RECORDS BREACHED
(Please see explanation about this total.)
from 4,253 DATA BREACHES made public since 2005

Save or Print PDF of Entire Breach List including introduction.Save or Print a PDF of Entire Breach List (including introductory FAQ)

Filter breach list before saving or printing PDF. Conduct a search of the Chronology using its sorting features, and Save or Print a PDF of your search results (Select filters)

If you do not have access to PDF, you can print the Chronology in landscape view.

Date Made Public Name Entity Type
September 10, 2008 Ivy Tech Community College
Bloomington, Indiana
EDU DISC

Unknown

http://www.ivytech.edu/about/security/

An employee of the college used an internal file sharing system to send a file that consisted of students enrolled in the spring 2008 semester for distance education courses. The employee intended to share the file with a single employee of the college. Instead, due to a clerical error, the invitation to view the file was sent to a list of all Indianapolis region employees.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

October 1, 2008 Foothills Parks and Recreation District
Littleton, Colorado
GOV HACK

Unknown

The district noticed unusual activity last week which they believe was caused by a virus introduced to cover up the actions of an intruder. Some customer information, including credit card information, may have been compromised.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

October 27, 2008 Shell Oil Co.
Houston, Texas
BSR INSD

Unknown

An IT contractor used the personal data of four Shell workers as part of an unemployment insurance claims scam. Employees of a third-party contractor misused information stored in a corporate database. The database includes records for a majority of current and former Shell employees. Misused data included names, dates of birth and Social Security numbers.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

November 3, 2008 Genesee Intermediate School District
Mundy Township, Michigan
EDU PORT

6,000 Not included in total.

A laptop stolen had been used for background checks on school workers and included their fingerprints and some personal information such as their names, addresses, birthdates and race. The laptop did not have Social Security numbers and the data was stored in files that require a password to be opened.

 
Information Source:
Media
records from this breach used in our total: 0

November 5, 2008 North Carolina Dept. of Health and Human Services
Raleigh, North Carolina
GOV PORT

Unknown

A laptop computer belonging to a Division of Aging and Adult Services employee was stolen. The computer contained information about people receiving home and community services.

 
Information Source:
Media
records from this breach used in our total: 0

November 7, 2008 Christus Health Care
Houston, Texas
MED PORT

Unknown

 (800) 877-9056

Two computer back-up tapes were stolen. Someone broke into a car in a Houston parking lot and took the tapes. The information on the tapes included patient names, Social Security numbers, demographic information, and in some cases, diagnosis codes.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

November 12, 2008 Pinellas County and Florida state agency offices
Pinellas County, Florida
GOV PHYS

Unknown

Documents with Social Security numbers, medical information and other legally protected data were found in trash containers at government buildings. Also found were hundreds of improperly discarded records were found that included medical data, privileged communications between attorneys and clients, juvenile defendant records and child abuse materials.

 
Information Source:
Media
records from this breach used in our total: 0

December 3, 2008 Central California Appellate Program
Sacramento, California
NGO PORT

Unknown

A backup computer disk was in a safe taken by thieves who broke into a storage facility. Besides Social Security numbers, the disk contained tax identification numbers, addresses, telephone numbers and e-mail addresses.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

December 14, 2008 Zyacorp Entertainment Cinemagic Stadium
Merrimack, New Hampshire
BSR HACK

Unknown

Hackers broke into a Merrimack movie theater's servers and stole customers' credit card information.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

December 15, 2008 University of North Carolina
Greensboro, North Carolina
EDU HACK

Unknown

A breach of the accounting computer systems at UNC-Greensboro may have exposed personal employee information to intruders. The breach was detected on a computer in the Accounting Services office, in the form of a virus that may have allowed unauthorized access.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

January 2, 2009 Merrill Lynch
New York, New York
BSF STAT

Unknown

A third-party consulting services firm working on behalf of Merrill Lynch reported, one of their employees was burglarized. The burglars took various items, including a computer, which had on it the names and Social Security numbers of current and former Financial Advisors and some applicants for employment.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

January 2, 2009 Pepsi Bottling Group
Somers, New York
BSR PORT

Unknown

For More Info Contact: David Yawman David.Yawman@pepsi.com (914) 767-7620 or (866) 578-5410

A portable data storage device, which contained personal information, including the names and Social Security numbers of employees in the US is missing or stolen.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

January 7, 2009 Genica, Geeks.com
Oceanside, California
BSO HACK

Unknown

 (888) 529-6261 http://www1.ftc.gov/opa/2009/02/compgeeks.shtm

Genica dba Geeks.com (Genica) recently discovered that customer information, including Visa credit card information, may have been compromised. In particular, it is possible that an unauthorized person may be in possession of your names, addresses, telephone numbers, email addresses, credit card numbers, expiration dates, and card verification numbers. They are still investigating the details of this incident, but it appears that an unauthorized individual may have accessed this information by hacking the eCommerce website.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

January 13, 2009 University of Oregon
Eugene, Oregon
EDU PORT

Unknown

(541) 346-2510

A laptop computer containing data files for Youth Transition Program (YTP) participants was stolen. Those files contained names and social security numbers.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

January 13, 2009 Innodata Isogen, Inc.
Hackensack, New Jersey
BSO PORT

Unknown

Laptop stolen from an employee's car contained names, addresses, Social Security numbers of current and former employees.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

January 14, 2009 Occidental Petroleum Corporation
Dallas, Texas
BSO INSD

Unknown

(800) 733-0085

A former employee emailed himself (to personal email account) a spreadsheet of employee names, addresses, empolyee identification numbers, birth dates, starting dates, retirement dates and Social Security numbers.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

January 21, 2009 First Interstate Mortgage Corporation (FIM), Nevada One Corporation (Nevada One)
, Nevada
BSF PHYS

Unknown

http://www.ftc.gov/opa/2009/01/navone.sht

These mortgage brokers have discarding consumers' tax returns, credit reports, and other sensitive personal and financial information in an unsecured dumpster in December of 2006. Approximately 40 boxes containing consumer records were found in a publicly-accessible dumpster. The records included tax returns, mortgage applications, bank statements, photocopies of credit cards, drivers' licenses, and at least 230 credit reports. The defendant, who has owned numerous companies that handle sensitive consumer information, kept the documents in an insecure manner in his garage before improperly disposing of them.

UPDATE (1/20/10): The mortgage broker paid a $35,000 civil penalty to settle FTC charges. The mortgage broker will also have to hire an independent security professional to review the security process every year for 10 years. 

 
Information Source:
NAID
records from this breach used in our total: 0

January 21, 2009 Missouri State University
Springfield, Missouri
EDU DISC

565 Not included in total -- not known how many students have SSNs.

Personal information, including Social Security numbers for 565 foreign students at MSU was leaked this month when a university office sent an e-mail message soliciting their help with language tutoring. The email message they got had a spreadsheet attachment that contained names and Social Security numbers for international students.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

January 23, 2009 Monster.com
Maynard, Massachusetts
BSO HACK

Unknown

http://help.monster.com/besafe/, http://help.monster.com/besafe/jobseeker/index.asp

Their database was illegally accessed and user IDs, passwords, names, e-mail addresses, birth dates, gender, ethnicity, and in some cases, users' states of residence were stolen.

 
Information Source:
Media
records from this breach used in our total: 0

January 27, 2009 U.S. Consulate
,
GOV PHYS

Unknown

Hundreds of files - with Social Security numbers, bank account numbers and other sensitive U.S. government information - were found in a filing cabinet purchased from the U.S. consulate in Jerusalem through a local auction.

 
Information Source:
Media
records from this breach used in our total: 0

January 27, 2009 Citi Habitats
New York, New York
BSO PHYS

Unknown

During a refurbishing of their office, paper that should have been shredded was improperly placed as trash. Information found blowing in the street included bank statements, 401k statements, credit reports, tax returns, driver's licenses, names, phone numbers and Social Security numbers.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

January 31, 2009 HoneyBaked Ham
Indianapolis, Indiana
BSR PHYS

Unknown

A computer server stocked with credit-card information was stolen from a store. Customers might be at risk.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

February 2, 2009 Southern Satellite
Orange City, Florida
BSO PHYS

Unknown

Hundreds of folders containing names, addresses, Social Security numbers and credit card information were found in a dumpster.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

February 3, 2009 Baystate Medical Center
Springfield, Massachusetts
MED PORT

Unknown

(413 )794-4722

Several laptops were stolen from Baystate Medical Center's Pediatrics department. Some of those computers had patient information on them. All of the information is password protected and the computers had no financial or Social Security information on them.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

February 3, 2009 SRA International
Fairfax, Virginia
BSO HACK

Unknown

Malicious software may have allowed hackers to get access to data maintained by SRA, including employee names, addresses, Social Security numbers, dates of birth and healthcare provider information.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

February 3, 2009 Georgia State Board of Pardons and Paroles
Atlanta, Georgia
GOV STAT

Unknown

The offices of a state contractor in Roswell were burglarized and a computer was stolen. Information regarding current and past parolees that was lost in a burglary includes names, dates of birth and Social Security numbers.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

February 4, 2009 Womancare Inc.
Lathrup Village, Michigan
MED PHYS

unknown

Medical records were improperly disposed of. Pro-Life Society found the records in a dumpster behind the office.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

February 5, 2009 Mooresville's Dry Cleaning Station
Mooresville, North Carolina
BSO INSD

Unknown

A Mooresville dry cleaner skipped town, taking her clients' clothes and credit card numbers with her.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

February 5, 2009 phpBB.com
Bellevue, Washington
BSO HACK

400,000 Not added to total; SSNs were not accessed.

A popular bulletin board software package has been taken offline following a security breach that gave an attacker full access to a database containing names, email, address, and hashed passwords for its entire user base. The attacker gained access through an unpatched security bug in PHPlist, a third-party email application.

 
Information Source:
Media
records from this breach used in our total: 0

February 8, 2009 Kaspersky
Woburn, Massachusetts
BSO HACK

Unknown

An unidentified hacker gained access to databases used by the usa.kaspersky.com Web site, allowing access to users' accounts, activation codes and possibly personal data about Kaspersky customers. Kaspersky Lab is a security software company.

 
Information Source:
Media
records from this breach used in our total: 0

February 9, 2009 U.S. Postal Service Santee
Santee, California
GOV INSD

Unknown

A mail carrier in San Diego County is accused of stealing dozens of gift cards, debit cards and Social Security documents sent through the mail. Deputies found 30 gift cards, stolen mail, debit cards and money when the carrier was arrested after he finished his route. Detectives also found Social Security documents and W-2 wage and tax statements at carrier's home.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

February 11, 2009 Los Alamos National Laboratory
Los Alamos, New Mexico
GOV STAT

Unknown

The Los Alamos nuclear weapons laboratory in New Mexico is missing 69 computers, including at least a dozen that were stolen last year. The computers are a cybersecurity issue because they may contain personal information like names and addresses. But Los Alamos claims they did not contain classified information. Also missing are three computers that were taken from a scientist's home and a BlackBerry belonging to another employee that was lost in a foreign country considered sensitive.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

February 18, 2009 CVS Pharmacies
Woonsocket, Rhode Island
MED PHYS

Unknown

http://www.hhs.gov/ocr/privacy/hipaa/enforcement/examples/cvsresolutionagreement.html

The CVS Pharmacy chain, the largest in the country with 6,300 outlets, has agreed to a $2.25 million settlement with the U.S. Dept. of Health and Human Services. Indianapolis TV station WTHR engaged in an extensive investigation beginning in 2006 of local CVS Pharmacies and their pharmacies in other cities nationwide including Boston, Chicago, Cleveland, Detroit, Dallas, Louisville, Miami, New Haven (Conn.), Philadelphia, Phoenix, and CVS headquarters in Woonsocket, RI. They found that CVS pharmacies were disposing of documents, such as labels from prescription bottles and old prescriptions, in unsecured dumpsters. The HHS's Office of Civil Rights charged that CVS failed to implement adequate policies and procedures to reasonably and appropriately safeguard protected health information during the disposal process failed to adequately train employees on how to dispose of such information properly and did not maintain and implement a sanctions policy for members of its workforce who failed to comply with its disposal policies and procedures. In a coordinated action, CVS Caremark Corporation, the parent company of the chain, also signed a consent order with the Federal Trade Commission to settle potential violations of the FTC Act.

UPDATE (7/16/09): A state board has given final approval to settlements with Indiana's two largest drugstore chains for leaving patient information in the trash. CVS has paid a $2.25 million fine to settle a probe by the U.S. Office of Civil Rights. Also CVS will donate $1,000 to charity as part of the state settlement.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

February 23, 2009 Seaview Financial
Corona Del Mar, California
BSF PHYS

Unknown

Folders with personal information for numerous clients of a local mortgage broker sat for days at a public recycling site. The files contained bank account statements, completed tax forms, credit reports and Social Security numbers.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

March 7, 2009 Google
Mountain View, California
BSO DISC

(Not added to total. It does not appear that SSNs or financial account numbers were exposed.)

http://googledocs.blogspot.com/2009/03/on-yesterdays-email.html

Google contacted some of its users to let them know about a situation that affected its Google Docs users. They believe the problem affected less than 0.05% of all documents. Google identified and fixed a bug where a small percentage of users shared some of their documents inadvertently. The bug occurred when the document owner, or a collaborator with sharing rights, selected multiple documents and presentations from the documents list and then changed the sharing permissions. The bug did not affect spreadsheets.

 
Information Source:
Media
records from this breach used in our total: 0

March 7, 2009 Oklahoma Department of Human Services
Shawnee, Oklahoma
GOV PHYS

Unknown

The state Department of Human Services is investigating how a child welfare worker's records ended up with a local TV station. The files, which included names, Social Security numbers, contact information and details on child abuse investigations, reportedly were left behind when a DHS worker was evicted from a rent house in Guthrie.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

March 11, 2009 Sprint
Overland Park, Kansas
BSO INSD

Unknown (It does not appear that SSNs or financial account numbers were exposed.)

(800) 300-6868

Sprint is warning several thousand customers that a former employee sold or otherwise provided their account data without permission. It appears this employee may have provided customer information to a third party in violation of Sprint policy and state law. They have terminated this employee. The information that may have been compromised includes name, address, wireless phone number, Sprint account number, security question answer, and the name of the authorized point of contact for account.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

March 12, 2009 US Army
Washington, District Of Columbia
GOV HACK

1,600 (Not added to total. It does not appear that SSNs or financial account numbers were exposed.)

An Army database that contains personal information about nearly 1,600 soldiers may have been penetrated by unauthorized users. The information that may have been breached includes the service members' names, e-mail messages, phone numbers, home addresses, awards received, ranks, gender, ethnicity, and dates the soldiers deployed and returned from their deployment.

 
Information Source:
Media
records from this breach used in our total: 0

March 16, 2009 Comcast
Philadelphia, Pennsylvania
BSO DISC

4,000 Not added to total. SSNs and financial account numbers were not accessed.

A list of over 8,000 Comcast user names and passwords were available to the public via Scribd for two months, before a Wilkes University professor discovered it over the weekend after doing a search for his identity online. Comcast is saying it looks like the result of a phishing scam and isn't an inside job, and that there are so many duplicate entries on the list that it's closer to 4,000 customers who were exposed.

 
Information Source:
Media
records from this breach used in our total: 0

March 18, 2009 New York City Housing Authority
New York, New York
GOV PHYS

Unknown

Dozens of confidential files with city public housing residents' birth dates, Social Security numbers, and eviction notices were dumped on an East New York street. City Housing Authority officials are investigating to determine how the files ended up scattered along Atlantic Ave. near Pennsylvania Ave.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

March 24, 2009 Massachusetts General Hospital
Boston, Massachusetts
MED PHYS

192 (No SSNs or financial information reported)

Massachusetts General Hospital has put dozens of patients on notice that it has lost some of their confidential medical records, which were left on an MBTA Red Line train by a hospital employee. The MGH employee left the hospital, taking the records with her to do billing work on them over the weekend. The records belonged to at least 66 patients and included private information such as the patients' diagnoses, their names, birth dates and billing information.

UPDATE (2/24/2011): Massachusetts General Hospital agreed to pay one million dollars to settle violation of privacy charges. http://www.hhs.gov/ocr/privacy/hipaa/news/mghnews.html

UPDATE (6/08/2012): The lost documents consisted of a patient schedule with names and medical record numbers for 192 patients.  There were also billing encounter forms with names, dates of birth, medical record numbers, health insurer and policy numbers, diagnoses, and provider names for 66 of those patients.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

March 27, 2009 Pacific University
Forest Grove, Oregon
EDU PORT

Unknown

Student Life (503) 352-2212,  Faculty and staff (503) 352-1511,  Legal Affairs (503) 352-2236

A University-owned laptop was stolen from a staff member's residence. The stolen laptop was password protected and there is no factual evidence that any private information was stored on the laptop. The computer contained names and some personal information. It does not appear that any Social Security numbers were stored on the system.

 
Information Source:
Media
records from this breach used in our total: 0

April 10, 2009 Borrego Springs Bank, Vavrinek, Trine, Day and Co.
Borrego Springs, California
BSF PORT

Unknown

The theft of seven laptop computers from an auditing firm has led the Borrego Springs Bank to send warning letters to all of its customers saying their personal financial information may be in the hands of criminals. The bank would not comment on the name of the accounting firm that was auditing the records or how or where the thefts occurred. The computer files contain sensitive personal financial information including account name, number and balance.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

April 12, 2009 CBIZ Medical Management Professionals
Chattanooga, Tennessee
MED STAT

Unknown

The office of CBIZ Medical was broken into on Feb. 23. Among the items stolen was a computer belonging to the hospital with stored radiology reports related to some patients. Patients between December 2007 and Feb. 23, 2009, may have had records saved on the stolen computer.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

April 16, 2009 MySpace
Los Angeles, California
BSO INSD

Unknown

(877) 369-1369

Confidential employee information, including at least name, Social Security numbers and compensation, was taken by an employee in the company's benefit's department without authorization, beginning in June 2008 or earlier. The information was used to annoy selected individuals and the now former employee was arrested and is being prosecuted by the High Tech Crimes Division of the Los Angeles County District Attorneys Office.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

April 27, 2009 Federal Reserve Bank of New York
New York, New York
BSF INSD

Unknown

A former employee at the Federal Reserve Bank of New York and his brother were arrested on suspicion of obtaining loans using stolen identities. The former employee previously worked as an IT analyst at the bank and had access to sensitive employee information, including names, birthdates, Social Security numbers and photographs. A thumb drive attached to his computer had applications for $73,000 in student loans using two stolen identities. They also found a fake drivers license with the photo of a bank employee who wasn't the person identified in the license.

 
Information Source:
Media
records from this breach used in our total: 0

April 28, 2009 West Virginia State Bar
Charleston, West Virginia
NGO HACK

Unknown

The West Virginia State Bar has hired forensic computer experts in hopes of finding those responsible for hacking into the group's website and internal computer network. Information about the State Bar's current and former members may have been compromised. The hacker was able to access the group's internal database server where there was information concerning lawyer identification numbers, names, mailing addresses, email addresses and some Social Security numbers.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

April 29, 2009 Orleans Parish Public Schools
New Orleans, Louisiana
EDU PHYS

Unknown

The confidential records of Orleans Parish public-school employees have been discovered in an abandoned and unsecured warehouse in New Orleans. Personnel files, payroll records, and other documents with private data were uncovered. Inside were countless boxes filled with confidential information, not to mention stacks of other documents lying on the ground, listing payroll information, worker evaluations, notices of personnel action, and investigations into employee discrimination. Also found were full names, home addresses, and Social Security numbers on document after document.

 
Information Source:
Media
records from this breach used in our total: 0

May 5, 2009 Spencer House Apartment Complex
Beaverton, Oregon
BSO PHYS

Unknown

Residents at an apartment complex blamed apartment management Monday for leaving their personal information out in the open. The documents were found in an unlocked public container that was sitting off a side street in their apartment complex. The documents included Social Security numbers, addresses, phone numbers, immigration numbers and names.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

May 11, 2009 Multiple financial institutions
New York, New York
BSF CARD

Unknown

A band of brazen thieves ripped off hundreds of New Yorkers by rigging ATMs to steal account and password information from bank customers. The first - a skimmer - went over the slot where customers insert their ATM cards. The skimmer read, and stored, the personal information kept in the magnetic strip on the back of the bank card. The second device was a tiny camera hidden in the lighted signs over the ATM. The pinhole camera lens pointed directly onto the ATM keypad and filmed victims typing in their supposedly secret PIN codes. The thieves would then create their own phony ATM cards and use their victims' PINs to access accounts.

 
Information Source:
Media
records from this breach used in our total: 0

Breach Total
867,188,052 RECORDS BREACHED
(Please see explanation about this total.)
from 4,253 DATA BREACHES made public since 2005
Showing 251-300 of 4253 results


X

Sign In!

Loading