Chronology of Data Breaches
Security Breaches 2005 - Present

Posted Date: April 20, 2005
Updated Date: December 31, 2013

Is this your first visit to our Chronology of Data Breaches?

  • Read our FAQ about what we define as a breached record, how we calculate the "total" records breached, our data sources, state breach notice laws, studies and other resources

  • Learn how to use our Chronology and take advantage of its sophisticated search and sort features

  • Get our RSS Feed to see when we add new breaches to the list

What would you like to do?

Chronology of Data Breaches

Custom Sort
Select your desired results. Then click "Go!"

Click or unclick the boxes then select go.


Select features then click GO. To modify your search, check or uncheck the boxes and click GO.


Reset the checkboxes to the default "all selected."

Help Guide

Can't find the sort feature you're looking for? Click here to download a CSV file of the data breach list as it exisits today.

display_id:page_1

display_id:page_1

Breach Total
816,324,756 RECORDS BREACHED
(Please see explanation about this total.)
from 4,517 DATA BREACHES made public since 2005
Date Made Public Name Entity Type
August 2, 2007 E.On - U.S.(energy services)
Louisville, Kentucky
BSO PORT

Unknown

A laptop with names, Social Security numbers and birth dates of most E.On U.S. employees and some retirees was stolen last month.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0
August 2, 2007 University of Toledo
Toledo, Ohio
EDU STAT

Unknown

(419) 530-4836, (419) 530-3661, (419) 530-1472

Two computers were stolen with hard drives containing student and staff Social Security numbers, names, and grade change information.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0
August 3, 2007 WorkCare Orem
Pleasant Grove, Utah
MED PHYS

Unknown

A truck driver found medical documents containing personal information in his truck and on the ground while he picked up a load at a garbage transfer station. The documents contained names, addresses, telephone numbers, Social Security numbers and birth dates.

 
Information Source:
Media
records from this breach used in our total: 0
August 3, 2007 Wabash Valley Correctional Facility
Indianapolis, Indiana
GOV DISC

Unknown

A database containing Social Security numbers, dates of birth and names of people employed at the facility between 1997 and 2002 was unintentionally moved from a secure private drive that was accessible only by the human resources department to a shared directory that could be accessed by other employees here.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0
August 4, 2007 Kellogg Community Federal Credit Union
Battle Creek, Michigan
BSF STAT

Unknown

A computer containing personal information on an undisclosed number members was stolen. A file containing some members' names, addresses, telephone numbers, birth dates, Social Security numbers and account numbers was on the computer's hard drive.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0
August 6, 2007 Verisign
Mountain View, California
BSO PORT

Unknown

A laptop containing extensive personal information on an undisclosed number of VeriSign employees was stolen from an employee's car. The information included names, addresses, Social Security numbers, dates of birth, telephone numbers, and salary records.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0
August 7, 2007 Electronic Data Systems
Montgomery, Alabama
BSO INSD

498

A former employee was arrested this week for allegedly trafficking in stolen identities she received through her work with the company. She obtained the names and identifying information of 498 Alabama Medicaid recipients and subsequently sold 50 of those identities.

 
Information Source:
Dataloss DB
records from this breach used in our total: 498
August 7, 2007 Merrill Lynch
Hopewell, New Jersey
BSF UNKN

33,000

A computer device apparently was stolen containing sensitive personal information, including Social Security numbers, about some 33,000 employees.

 
Information Source:
Dataloss DB
records from this breach used in our total: 33,000
August 7, 2007 Blue Cross Blue Shield North Carolina
Durham, North Carolina
BSF DISC

2,940

Letters were accidentally mailed with subscriber Social Security numbers visible through envelope windows.

 
Information Source:
Dataloss DB
records from this breach used in our total: 2,940
August 8, 2007 Yale University
New Haven, Connecticut
EDU STAT

10,200

Social Security numbers for over 10,000 current and former students, faculty and staff were compromised last month following the theft of two University computers

 
Information Source:
Dataloss DB
records from this breach used in our total: 10,200
August 9, 2007 Citigroup
Stamford, Connecticut
BSF PORT

519

A laptop was stolen from a third party vendor during an office burglary. The information on the laptop may have included customer names, Social Security numbers, addresses, telephone numbers and email addresses. The information was related to student loans, but did not include financial account information.

 
Information Source:
Dataloss DB
records from this breach used in our total: 519
August 9, 2007 Penson Worldwide
Dallas, Texas
BSF HACK

11

A person or persons breached Penson's computer network security systems on July 30.  User logins, passwords, email addresses, security questions and answers were compromised.

 
Information Source:
Dataloss DB
records from this breach used in our total: 11
August 10, 2007 Loyola University
Chicago, Illinois
EDU STAT

5,800

A computer with the Social Security numbers of 58 hundred students was discarded before its hard drive was erased, forcing the school to warn students about potential identify theft.

 
Information Source:
Dataloss DB
records from this breach used in our total: 5,800
August 10, 2007 Legacy Health System
Portland, Oregon
MED INSD

747

(503) 445-9533

A primary care physician practice has discovered the theft of $13,000 in cash and personal data for patients. Patient receipts, credit card transaction slips and checks are also missing, in addition to Social Security numbers and dates of birth for patients.  The investigation indicated it was a dishonest insider.

 
Information Source:
Dataloss DB
records from this breach used in our total: 747
August 11, 2007 Providence Alaska Medical Center
Anhorage, Alaska
MED PORT

250

(888) 387-3392

A laptop computer that contains the personal information of patients is missing. On the laptop there maybe names, medical record numbers, dates of birth, patient diagnoses, Social Security numbers and addresses.

 
Information Source:
Dataloss DB
records from this breach used in our total: 250
August 13, 2007 Pfizer, Axia Ltd.
New York, New York
BSO PORT

950

 (866) 274-3891

Axia Ltd. had notified Pfizer on June 14 of an incident in which two Pfizer laptops were stolen from a locked car. The laptops, which disappeared May 31 in Boston, included the names and Social Security numbers of health-care professionals who were providing or considering providing contract services for Pfizer, according to the letter.

 
Information Source:
Dataloss DB
records from this breach used in our total: 950
August 15, 2007 Idaho Army National Guard
Boise, Idaho
GOV PORT

3,400

http://www.idahoarmyguard.org/, or call the Idaho National Guard Joint Operations Center

A small computer drive containing Social Security numbers and other personal information about every Army National Guard soldier in Idaho has been stolen.

 
Information Source:
Dataloss DB
records from this breach used in our total: 3,400
August 15, 2007 Greater Detroit Hospital
Detroit, Michigan
MED PHYS

Unknown

It's a repeat of a problem that emerged late last year at the Greater Detroit Hospital where metal thieves stripped everything from copper piping to windows, exposing rows of abandoned patient files. Neighbors said there are hundreds of boxes of patient files and payroll records inside, full of credit card and Social Security numbers.

 
Information Source:
Media
records from this breach used in our total: 0
August 15, 2007 Sky Lakes Medical Center, Verus Inc.
Klamath Falls, Oregon
MED DISC

30,000

The company that maintained the hospital's online bill payment system, transferred patient information from one server to another to perform maintenance but didn't take security measures, leaving information such as names, addresses and Social Security numbers exposed.

 
Information Source:
Dataloss DB
records from this breach used in our total: 30,000
August 16, 2007 Utica Title and Escrow
Bixby, Oklahoma
BSF PHYS

Unknown

Boxes belonging to Utica Title and Escrow had been stored at a storage unit in Bixby. When Utica quit paying rent the storage company went through the legal process to be able to sell everything left behind. No one wanted to buy the boxes of paper so the boxes were thrown out. The boxes contained private information, including Social Security numbers, bank accounts and pay stubs.

 
Information Source:
Media
records from this breach used in our total: 0
August 16, 2007 Nationwide Mutual Insurance
Woodbury, New York
BSF PORT

140

A laptop was stolen from the car of a claims representative.  It contained the names, Social Security numbers and driver's license numbers of clients.  

 
Information Source:
Dataloss DB
records from this breach used in our total: 140
August 17, 2007 Mercury Interactive, Hewlett-Packard
Atlanta, Georgia
BSO PORT

1,425

A laptop belonging to an HP director was lost during a business trip to Atlanta, GA. The breach occurred in late July and involved the names, Social Security numbers, addresses, dates of birth, citizenship status and compensation information of Mercury Interactive employees.  Mercury Interactive was acquired by HP in November of 2006.

 
Information Source:
Dataloss DB
records from this breach used in our total: 1,425
August 17, 2007 University of New Hampshire
Durham, New Hampshire
EDU DISC

29

An MS Excel spreadsheet containing names and Social Security numbers of graduate students at the University was posted within the University's website on or around April 17, 2007.  Specifically, the spreadsheet contained the credit hour and tuition information associated with "inter-college" graduate programs.  In addition to the credit hour and tuition information that were visible at the top of the spreadsheet, the bottom of the report also included the names and Social Security numbers of students. A staff member recognized the mistake on July 27.

 
Information Source:
Dataloss DB
records from this breach used in our total: 29
August 19, 2007 Applera
Norwalk, Connecticut
BSO PORT

Unknown

A laptop was stolen from the car of an employee while it was in a parking lot on August 9. The laptop contained full names and Social Security numbers of employees. It is not clear if all 5,530 of Applera's employees were affected by the incident. At least 24 New Hampshire residents were affected.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0
August 20, 2007 University of Toledo
Toledo, Ohio
EDU PORT

Unknown

A laptop computer has been stolen from an office in the Student Recreation Center that contained some student and employee names and Social Security numbers.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0
August 20, 2007 Celgene Corporation
Summit, New Jersey
BSR PORT

1,951

Four external computer hard drives used to back up information were discovered missing from a locked information technology workroom. The hard drives contained personal information about Celgene's current and former employees. Names, Social Security numbers, addresses, phone numbers, dates of birth, bank and financial accounts, compensation information and some driver's license numbers were on the hard drives.

 
Information Source:
Dataloss DB
records from this breach used in our total: 1,951
August 21, 2007 Walter Reed Army Institute of Research
Silver Spring, Maryland
GOV PHYS

Unknown

Boxes of documents containing personal information were supposed to be shredded but instead turned up last week in an off-base trash bin. Police do not believe anyone had access to the information other than the person who found the records. An investigation is under way to determine precisely what information they held and why they appeared off base.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0
August 21, 2007 West Virginia Board of Barbers and Cosmetologists
Charleston, West Virginia
BSO UNKN

Unknown

Every barber and cosmetologist licensed in the state of West Virginia since 1986 could now potentially be a victim of identity theft. Someone broke into the second floor office of the Board of Barbers and Cosmetologists and stole a safe. The director of the agency says the safe contains the personal information of thousands of hair dressers.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0
August 22, 2007 California Public Employees' Retirement System (CalPERS)
Sacramento, California
GOV DISC

445,000

Roughly 445,000 retirees in California received brochures announcing an upcoming election to fill a rare vacancy on the board of the California Public Employees' Retirement System. All or a portion of each person's Social Security number appeared without hyphens on the address panel.

 
Information Source:
Dataloss DB
records from this breach used in our total: 445,000
August 22, 2007 PrintPack Inc.
Atlanta, Georgia
BSR PORT

Unknown

Five laptops were stolen from Printpack's corporate headquarters during a nighttime burglary on or around August 16.  One laptop was taken from the finance department and had human resources information from current and former employees.  Names, Social Security numbers, dates of birth, marital status, addresses and other information may have been exposed.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0
August 23, 2007 New York City Financial nformation Services Agency
New York, New York
GOV PORT

280,000 Not added to total. It is not clear that SSNs or financial account numbers were exposed.

A laptop loaded with financial information on as many as 280,000 city retirees was stolen from a consultant who took the computer to a restaurant.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0
August 23, 2007 Loomis Chaffee School
Windsor, Connecticut
EDU UNKN

Unknown

Valuable computer equipment, including two large storage devices were stolen during a night time burglary from the locked IT facility on campus. The stolen storage devices contained information about some recent graduates of the school, including their names, Social Security numbers, and contact information from their days as students at the school.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0
August 23, 2007 Monster.com
Maynard, Massachusetts
BSO HACK

Unknown

http://help.monster.com/besafe/

Monster announced that the details of some 1.6 million job seekers had been stolen. Fewer than 5,000 of those 1.6 million users affected are based outside the United States. The information stolen was limited to names, addresses, phone numbers and email addresses, and no other details including bank account numbers were uploaded.

UPDATE (8/29/07) : Hackers have stolen the names, e-mail addresses and telephone numbers of about 146,000 subscribers to USAJOBS.gov. The hackers accessed the information from the resume database run by Monster.com, which provides the technology for USAJOBS.gov. Monster Worldwide told OPM that no Social Security numbers were compromised.

 
Information Source:
Media
records from this breach used in our total: 0
August 26, 2007 American Ex-Prisoners of War
, Texas
NGO UNKN

35,000

Personal records including addresses and Social Security numbers of more than 35,000 veterans and their families were stolen this month from the offices of a POW support organization in Texas. Digital and paper records included information on the group's entire membership, including addresses, dates of birth, Social Security numbers and VA claims data.

 
Information Source:
Dataloss DB
records from this breach used in our total: 35,000
August 27, 2007 University of Illinois
Champaign-Urbana, Illinois
EDU DISC

5,247 Not added to total. It does not appear that SSNs or financial account numbers were exposed.

An e-mail sent Aug. 24 to about 700 University of Illinois engineering students contained a spreadsheet listing personal information, including addresses and grade point averages, of thousands of students. The spreadsheet attached to the mass mail did not contain Social Security numbers or the students' university identification numbers. But, the person who sent the mass e-mail attached a spreadsheet containing information on all 5,247 students in the College of Engineering. The spreadsheet included each student's name, e-mail address, major, gender, race and ethnicity, class, date admitted, spring 2007 grade point average, cumulative GPA, plus local address and phone number.

 
Information Source:
Media
records from this breach used in our total: 0
August 28, 2007 Connecticut Department of Revenue Services
Hartford, Connecticut
GOV PORT

106,000

A computer laptop with the names and Social Security numbers of more than 100,000 Connecticut taxpayers has been stolen. The Department of Revenue Services intends to launch a web page soon that residents can search to determine whether their personal information was stored on the laptop.

UPDATE (9/14/07): More than 2 dozen state laptops have gone missing since July 2006.

UPDATE (10/19/07): A supervisor at the state Department of Revenue Services was suspended without pay. His computer was stolen from his car in August at a hotel in New York. Police say it was possible the vehicle was not locked because there were no signs of a break-in.

 
Information Source:
Dataloss DB
records from this breach used in our total: 106,000
August 30, 2007 Maryland Department of the Environment
Annapolis, Maryland
GOV PORT

Unknown

A laptop computer containing personal information on people with state licenses has been stolen from a vehicle. It contains four databases that include personal information related to licenses issued by four state boards.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0
August 30, 2007 AT&T
San Antonio, Texas
BSO PORT

Unknown

A laptop containing unencrypted personal data on current and former employees of the former AT&T Corp. was stolen recently from the car of an employee of a professional services firm doing work for the company. That theft prompted the company to notify an unspecified number of individuals about the potential compromise of their Social Security numbers, names and other personal details.

 
Information Source:
Media
records from this breach used in our total: 0
August 31, 2007 Option One Mortgage
Irvine, California
BSF HACK

10,000

A computer server that contained customer service information was hacked.  People who visited the customer service website between August 9 and 14 may have had their names, Social Security numbers, addresses, phone numbers, loan information and payment histories exposed.  The hacker was able to change the website so that a virus was installed on the computers of visitors.  

 
Information Source:
Dataloss DB
records from this breach used in our total: 10,000
August 31, 2007 AW Direct Inc.
Berlin, Connecticut
BSR HACK

Unknown

An unauthorized person accessed AW Direct's website. Customer order information that included full names, addresses and credit card information was exposed.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0
August 31, 2007 Voxant
Reston, Virginia
BSO HACK

4,500

A hacker accessed the website and obtained personal information of customers.

 
Information Source:
Dataloss DB
records from this breach used in our total: 4,500
September 1, 2007 Johns Hopkins Hospital
Baltimore, Maryland
MED STAT

5,783

A desktop computer containing the personal information of 5,783 Johns Hopkins Hospital patients was stolen. The computer included patients' names, Social Security numbers, birth dates and medical histories.

 
Information Source:
Dataloss DB
records from this breach used in our total: 5,783
September 4, 2007 Pfizer
New York, New York
BSO INSD

34,000

(866) 274-3891

A security breach may have caused employees' names, Social Security numbers, addresses, dates of birth, phone numbers, bank account numbers, credit card information, signatures and other personal information to be publicly exposed. The breach occurred late last year when a Pfizer employee removed copies of confidential information from a Pfizer computer system without the company's knowledge or approval. Pfizer didn't become aware of the breach until July 10.

 
Information Source:
Dataloss DB
records from this breach used in our total: 34,000
September 4, 2007 Brevard Public Schools
Viera, Florida
EDU UNKN

61

A missing piece of luggage belonging to a state auditor contains the personal information of 61 Brevard Public Schools employees and had district personnel scrambling before the holiday weekend began to notify people that their names and Social Security numbers might be compromised.

UPDATE (9/21/07): Melbourne International Airport police arrested a 44-year-old defense subcontractor from California on charges of stealing luggage. He is in the Brevard County Jail, facing at least two charges of grand theft.

 
Information Source:
Media
records from this breach used in our total: 61
September 5, 2007 Affiliated Computer Services (ACS), Kraft Foods
Northfield, Illinois
BSR PORT

1446

A computer tape with the names and Social Security numbers of current and former Kraft employees was lost by ACS.  ACS administers Kraft's prescription drug benefits program.  ACS believes it accidentally destroyed the tape.  Kraft reported the number of affected residents in North Carolina, New Hampshire, Maine and New York, but the total number nationwide was not reported and is likely to exceed 1446.

 
Information Source:
Dataloss DB
records from this breach used in our total: 1,446
September 6, 2007 University of South Carolina
Columbia, South Carolina
EDU DISC

1,482

A number of files containing Social Security numbers, test scores and course grades were exposed online. It appears the person responsible for the breach may not have known enough about computers to realize the information could be accessed outside the university system.

 
Information Source:
Dataloss DB
records from this breach used in our total: 1,482
September 9, 2007 De Anza College
Cupertino, California
EDU PORT

4,375

(408) 864-8292

Thousands of former students might be at risk for identity fraud after an instructor's laptop computer, containing students' personal information, was stolen last month. The computer contained the students' names, addresses, grades and in many cases Social Security numbers.

 
Information Source:
Dataloss DB
records from this breach used in our total: 4,375
September 9, 2007 McKesson Specialty, AstraZeneca
Scottsdale, Arizona
MED STAT

68,779

 (866) 554-6366

McKesson Health-care services company, is alerting thousands of its patients that their personal information is at risk after two of its computers were stolen from an office.

 
Information Source:
Dataloss DB
records from this breach used in our total: 68,779
September 10, 2007 Purdue University
West Lafayette, Indiana
EDU DISC

111

www.purdue.edu/news/coa0709.html, (866) 275-1181

The university is warning those who were students in the fall of 2004 that information about them was inadvertently posted on the Internet. The information was in a document that contained the names and Social Security numbers of students in the Animal Sciences 102 class. The page was no longer in use but was on a computer server connected to the Internet. The document was found recently through an internal search and reported to the chief information security officer at Purdue.

 
Information Source:
Dataloss DB
records from this breach used in our total: 111
September 10, 2007 Larson Allen LLP, FirstHealth of the Carolinas Inc
Pinehurst, North Carolina
BSF PORT

3913

A laptop was stolen from a Larson Allen employee.  It contained a spreadsheet with the personal information of FirstHealth's employees.  The information included the names, Social Security numbers dates of birth, addresses and employment information of people on payroll during August.

 
Information Source:
Dataloss DB
records from this breach used in our total: 3,913
Breach Total
816,324,756 RECORDS BREACHED
(Please see explanation about this total.)
from 4,517 DATA BREACHES made public since 2005

Pages

Showing 901-950 of 4517 results