Chronology of Data Breaches
Security Breaches 2005 - Present

Posted Date: April 20, 2005
Updated Date: December 31, 2013

Is this your first visit to our Chronology of Data Breaches?

  • Read our FAQ about what we define as a breached record, how we calculate the "total" records breached, our data sources, state breach notice laws, studies and other resources

  • Learn how to use our Chronology and take advantage of its sophisticated search and sort features

  • Get our RSS Feed to see when we add new breaches to the list

What would you like to do?

Chronology of Data Breaches

Custom Sort
Select your desired results. Then click "Go!"

Click or unclick the boxes then select go.


Select features, then click GO.



Help Guide

Can't find the sort feature you're looking for? Click here to download a CSV file of the data breach list as it exisits today.
Breach Total
815,842,526 RECORDS BREACHED
(Please see explanation about this total.)
from 4,495 DATA BREACHES made public since 2005

Save or Print PDF of Entire Breach List including introduction.Save or Print a PDF of Entire Breach List (including introductory FAQ)

Filter breach list before saving or printing PDF. Conduct a search of the Chronology using its sorting features, and Save or Print a PDF of your search results (Select filters)

If you do not have access to PDF, you can print the Chronology in landscape view.

Date Made Publicsort icon Name Entity Type
June 9, 2007 Verus Inc., Concord Hospital
,
MED DISC

9,297

Patient names, addresses, Social Security numbers and dates of birth were unprotected on the Internet. A subcontractor named Verus that handles Concord's online billing was responsible for the breach.

 
Information Source:
Dataloss DB
records from this breach used in our total: 9,297

June 8, 2007 University of Virginia
Charlottesville, Virginia
EDU HACK

5,735

http://www.virginia.edu/uvatoday/newsRelease.php?id=2217, identity-assistance@virginia.edu, (866) 621-5948

A breach in one of the computer applications resulted in exposure of sensitive information belonging to current and former U.Va. faculty members. The information included names, Social Security numbers and dates of birth. The investigation has revealed that on 54 separate days between May 20, 2005, and April 19, 2007, hackers tapped into the records of 5,735 faculty members.

 
Information Source:
Dataloss DB
records from this breach used in our total: 5,735

June 8, 2007 University of Iowa
Iowa City, Iowa
EDU HACK

1,100

Social Security numbers of faculty, students and prospective students were stored on the Web database program that was compromised.

 
Information Source:
Dataloss DB
records from this breach used in our total: 1,100

June 6, 2007 Cedarburg High School
Cedarburg, Wisconsin
EDU DISC

Unknown

Students obtained names, addresses and Social Security numbers and might have accessed personal bank account information of current and former district employees.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

June 6, 2007 Dearfield Medical Building
Greenwich, Connecticut
MED PHYS

Unknown

A box was discovered at inside a trash bin in May and contains information about lab tests and insurance approvals as well as other medical issues, documents are not medical charts, but do contain patient names and contact information.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

June 5, 2007 vFinance Investments Inc.
Boca Raton, Florida
BSF HACK

29,000

A database that contained customer information was accessed through the www.vfinance.com website by an unauthorized person. The goal of the attack seems to have been to deface the website.  

 
Information Source:
Dataloss DB
records from this breach used in our total: 29,000

June 4, 2007 Stevens Hospital
Edmonds, Washington
MED DISC

550

 (425) 673-3745

Personal information including names, addresses, and Social Security numbers were exposed online due to a lapse in the data security procedures by a subcontractor. An Internet search engine was able to access the information while the subcontractor's laptop was unsecured.

 
Information Source:
Dataloss DB
records from this breach used in our total: 550

June 4, 2007 GFK NOP LLC
New York, New York
BSO PORT

Unknown

An employee's laptop was stolen from her car on May 29.  A payroll-related Excel file that contained the names, Social Security numbers, dates of birth, state of residence and base rate of pay for employees.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

June 3, 2007 Gadsden State Community College
College Gadsden, Alabama
EDU PHYS

400

Students who took an Art Appreciation class at the Ayers Campus between 2005 and 2006 had their names, grades and Social Security numbers scattered across a local business' driveway.

 
Information Source:
Dataloss DB
records from this breach used in our total: 400

June 1, 2007 Fresno County, Refined Technologies Inc., DHL
Fresno, California
GOV HACK

10,000

A missing computer disk contains names, addresses and Social Security numbers. The County sent it by courier to a software vendor's office in San Jose to determine workers' eligibility for health care benefits. The software company, Refined Technologies Inc., said they never received the disk. The courier service, DHL, told County officials that the file was delivered May 10, though the County didn't require anyone to sign for the delivery.

 
Information Source:
Dataloss DB
records from this breach used in our total: 10,000

June 1, 2007 Jax Federal Credit Union
Jacksonville, Florida
BSF DISC

7,766

Social Security numbers and account numbers of clients were accidentally posted on the Internet, then indexed by Google. JFCU was transmitting information to a printer for a preapproved auto loan mailing when the information was picked up by Google from the printer's Web site. JFCU normally transmits information on an encrypted disk delivered by courier, but when the printer couldn't open the disk, the information was sent again, but wasn't encrypted and included Social Security numbers and account numbers.

 
Information Source:
Dataloss DB
records from this breach used in our total: 7,766

June 1, 2007 Northwestern University
Evanston, Illinois
BSO DISC

4,000

c-loebbaka@northwestern.edu

Files containing personal information of students and applicants were available online.

 
Information Source:
Dataloss DB
records from this breach used in our total: 4,000

June 1, 2007 JAX Federal Credit Union
Jacksonville, Florida
BSF DISC

7,500

Auto loan mailing list information that was being transmitted to a printer was picked up by Google through the printer's website. Social Security numbers and account numbers were exposed. The information was supposed to be encrypted.

 
Information Source:
Dataloss DB
records from this breach used in our total: 7,500

May 31, 2007 Priority One Credit Union
South Pasadena, California
BSF DISC

Unknown

Priority One Credit Union sent out election ballots to members with Social Security numbers and account numbers printed on the outside of the envelopes

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

May 30, 2007 OfficeTeam
Manchester, New Hampshire
BSO DISC

237

A staffing professional from OfficeTeam sent an email to individuals. The email included the email addresses and Social Security numbers of all the recipients of the email. At least 237 New Hampshire residents were affected by the incident, but the total number of individuals affected nationwide was not reported.

 
Information Source:
Dataloss DB
records from this breach used in our total: 237

May 29, 2007 Mytreo.net
Sunnyvale, California
BSR UNKN

679

The location listed is the headquarters of Palm Inc. Mytreo.com is a division of Palm.

Mytreo.net store customers may have had their personal information compromised. An individual may have viewed names, Social Security numbers, addresses and encrypted credit card information. The criminal had not been caught at the time of the report, and their method for accessing customer information was not revealed.

 
Information Source:
Dataloss DB
records from this breach used in our total: 679

May 26, 2007 Cover Tennessee
Nashville, Tennessee
MED DISC

279

A computer error at the Cover Tennessee health insurance program caused small business owners who chose not to print out their forms from the Web site to have their personal information including Social Security numbers added to the next user's printout request.

 
Information Source:
Dataloss DB
records from this breach used in our total: 279

May 25, 2007 North Carolina Department of Transportation
Raleigh, North Carolina
GOV UNKN

25,000

https://apps.dot.state.nc.us/pio/releases/details.aspx?r=1179

A computer server used to back up employee identification badge records that included the names and Social Security numbers of NCDOT employees, contractors and other state employees was compromised.

 
Information Source:
Dataloss DB
records from this breach used in our total: 25,000

May 25, 2007 Booker T. Washington Community Center
Auburn, New York
NGO PORT

Unknown

A laptop computer with personal information of individuals who applied for Family Health Plus or Child Health Plus state health insurance program benefits was recovered when a woman tried to sell it at a pawn shop.

 
Information Source:
Media
records from this breach used in our total: 0

May 24, 2007 Beacon Medical Services
Aurora, Colorado
MED DISC

5,000

Private medical and financial information including patient records from at least 10 Colorado clinics and hospitals, and one hospital in Peoria, Illinois that should have been only accessible through VPN access were inadvertently available on the Internet.

 
Information Source:
Dataloss DB
records from this breach used in our total: 5,000

May 24, 2007 Home Depot
Atlanta, Georgia
BSR PORT

204

A consultant's laptop was stolen. It contained the names and Social Security numbers of Home Depot associates.

 
Information Source:
Dataloss DB
records from this breach used in our total: 204

May 23, 2007 Mountain Xpress (Greenline Media Inc.)
Asheville, North Carolina
BSO HACK

6,540

Someone launched a dictionary attack on the email server. The hacker obtained a user name and password that allowed access to an internal database that stored credit card numbers.

 
Information Source:
Dataloss DB
records from this breach used in our total: 6,540

May 23, 2007 Waco Independent School District
Waco, Texas
EDU HACK

17,400

Two high school seniors recently hacked into the district's computer network potentially compromising the personal information including Social Security numbers of students and employees.

 
Information Source:
Dataloss DB
records from this breach used in our total: 17,400

May 23, 2007 Check into Cash
Champaign, Illinois
BSF PHYS

Unknown

Consumer loan documents and related reports were found in a trash bin behind the shopping center where Check into Cash is located. Documents contained Social Security numbers, addresses, copies of driver's licenses and other personal information of the company's customers.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

May 22, 2007 University of Pittsburgh Medical Center
Pittsburgh, Pennsylvania
MED DISC

6,000

UPMC mailed a fundraising letter to 6,000 former patients on May 7. The donor response cards inadvertently included each individual's SSN in the tracking code, visible through the envelope window.

 
Information Source:
Dataloss DB
records from this breach used in our total: 6,000

May 22, 2007 University of Colorado, Boulder
Boulder, Colorado
EDU HACK

45,000

 Hotline: (303) 492-1655

A hacker launched a worm that attacked a University computer server used by the College of Arts and Sciences. Information for 45,000 students enrolled at UC-B from 2002 to the present was exposed, including SSNs. The breach was discovered May 12. Apparently anti-virus software had not been properly configured.

 
Information Source:
Dataloss DB
records from this breach used in our total: 45,000

May 21, 2007 Columbia Bank
Fair Lawn, New Jersey
BSF HACK

Unknown

Columbia Bank notified its online banking customers of a hacking incident. Names and SSNs were accessed, but account numbers and passwords were not.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

May 20, 2007 Northwestern University
Chicago, Illinois
EDU PORT

Unknown

A laptop belonging to the financial aid office was stolen. It contained SSNs and other information of some alumni.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

May 19, 2007 Texas Commission on Law Enforcement Standards and Education
Austin, Texas
GOV PORT

230,000

A laptop computer was stolen from the state agency that licenses police officers. It contained information on every licensed peace officer in Texas, including SSNs, driver's license numbers, and birth dates.

 
Information Source:
Dataloss DB
records from this breach used in our total: 230,000

May 19, 2007 Illinois Dept. of Financial and Professional Regulation
Chicago, Illinois
GOV HACK

300,000

For information about breach www.idfpr.com

A computer server in the office of the Illinois Dept. of Financial and Professional Regulation was breached earlier this year. SSNs, tax numbers, and addresses of banking and real estate licensees and applicants were exposed. The hacking incident was discovered May 3.

 
Information Source:
Dataloss DB
records from this breach used in our total: 300,000

May 19, 2007 Stony Brook University
Stony Brook, New York
EDU DISC

90,000

http://www.stonybrook.edu/sb/disclosure/, Call Center, (866) 645-5830 (available until July 15, 2007)

SSNs and university ID numbers of faculty, staff, students, alumni, and other community members were visible via the Google search engine after they were posted to a Health Sciences Library Web server April 11. It was discovered and removed 2 weeks later.

 
Information Source:
Dataloss DB
records from this breach used in our total: 90,000

May 18, 2007 Alcatel-Lucent
Murray Hill, New Jersey
BSO PORT

Unknown

The telecom and networking equipment maker notified employees that a computer disk containing personal information was lost in transit to Aon Corp., another vendor. It contained names, addresses, SSNs, birth dates, and salary information of current and former employees.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

May 18, 2007 Yuma Elementary School District No. 1
Yuma, Arizona
EDU PHYS

91

SSNs of 91 substitute teachers were stolen May 7 when a district employee's car was broken into and a brief case was taken containing payroll reports. The reports did not include bank account information..

 
Information Source:
Dataloss DB
records from this breach used in our total: 91

May 18, 2007 Indianapolis Public Schools
Indianapolis, Indiana
EDU DISC

7,500 (No SSNs or financial information reported)

A local newspaper reporter discovered that sensitive personal information was accessible online, including employee performance reviews, student grade books, student special education needs, and essays.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

May 17, 2007 Georgia Division of Public Health
Atlanta, Georgia
GOV HACK

140,000

The GA Dept. of Human Resources notified parents of infants born between 4/1/06 and 3/16/07 that paper records containing parents' SSNs and medical histories -- but not names or addresses -- were discarded without shredding.

 
Information Source:
Dataloss DB
records from this breach used in our total: 140,000

May 15, 2007 IBM
Armonk, New York
BSO PORT

2226

An unnamed IBM vendor lost computer tapes containing information on IBM employees -- mostly ex-workers -- including SSNs, dates of birth, and addresses. They went missing in transit frm a contractor's vehicle. At least 1468 New Hampshire and 758 Maine residents were affected, but the total number of affected individuals nationwide was not revealed.

 
Information Source:
Dataloss DB
records from this breach used in our total: 2,226

May 14, 2007 Community College of Southern Nevada
North Las Vegas, Nevada
EDU HACK

197,000

A virus attacked a computer server and could have allowed a hacker to access students' personal information including names, Social Security numbers and dates of birth, but the school is not certain whether anything was actually stolen from the school's computer system.

 
Information Source:
Dataloss DB
records from this breach used in our total: 197,000

May 12, 2007 Goshen College
Goshen, Indiana
EDU HACK

7,300

http://www.goshen.edu/news/pressarchive/05-11-07-security.html, info@goshen.edu, (866) 877-3055  

A hacker accessed a college computer that contained the names, addresses, birth dates, Social Security numbers and phone numbers of students and information on some parents with the suspected motivation of using the system to send spam e-mails.

 
Information Source:
Dataloss DB
records from this breach used in our total: 7,300

May 11, 2007 University of California, Irvine Medical Center
Irvine, California
MED PHYS

287

About 1,600 file boxes stored in an off-site university warehouse were discovered missing. Some of the files included patients' names, addresses, Social Security numbers and medical record numbers.

 
Information Source:
Media
records from this breach used in our total: 287

May 11, 2007 Highland Hospital (Rochester, NY)
Rochester, New York
MED PORT

13,000

HighlandHospitalAdmin@urmc.rochester.edu

Two laptop computers, one containing patient information including Social Security numbers, were stolen from a business office. The computers were sold on eBay, and the one containing personal information was recovered.

 
Information Source:
Dataloss DB
records from this breach used in our total: 13,000

May 11, 2007 Student Loan Funding Resources, The Art Institute of California
San Diego, California
BSF HACK

Unknown

A breach on the Student Loan Funding's eCounselor website may have exposed names and Social Security numbers.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

May 8, 2007 University of Missouri
Columbia, Missouri
EDU HACK

22,396

(866) 241-5619

A hacker accessed a computer database containing the names and Social Security numbers of employees of any campus within the University system in 2004 who were also current or former students of the Columbia campus.

 
Information Source:
Dataloss DB
records from this breach used in our total: 22,396

May 8, 2007 EZCORP, EZPAWN
San Antonio, Texas
BSF PHYS Unknown
Several EZPAWN stores in the San Antonio area exposed customers' personal information by discarding business records in easily accessible trash cans behind stores. The Texas Attorney General decided to take legal action against EZCORP Inc. and its subsidiary EZPAWN. Customer records included promissory notes and bank statements that contained names, addresses, Social Security numbers, driver's license numbers and checking account information.  
Information Source:
Dataloss DB
records from this breach used in our total: 0

May 8, 2007 Jones Beauty College
Dallas, Texas
EDU PHYS

Unknown

The Texas Attorney General filed an enforcement action against the College in March.  Student financial aid forms with Social Security numbers and other personal information had been improperly discarded.  

 
Information Source:
Media
records from this breach used in our total: 0

May 8, 2007 Carus Publishing Company
Petersborough, New Hampshire
BSO HACK

Unknown

Hackers obtained access to customer information located on the Company's website. The breach occurred sometime between April and May. Customer names, addresses, credit card numbers and types of credit cards were downloaded by the hackers.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

May 7, 2007 Indiana Department of Administration
Indianapolis, Indiana
GOV DISC

Unknown

An employee uploaded a list of certified women and minority business enterprises to the department's Web site and inadvertently included their tax identification numbers, which for some businesses and sole proprietor-ships is the owner's Social Security number. Reports indicate that the number of people affected was no more than a couple hundred.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

May 7, 2007 Private Tax Practice
Southold, New York
BSF PORT

60

A laptop with client information was stolen on April 27.  Tax return files were on the laptop, though it was encrypted. Client information also included names, addresses and Social Security numbers.

 
Information Source:
Dataloss DB
records from this breach used in our total: 60

May 7, 2007 Arteis
Palo Alto, California
BSO HACK

Unknown

The location listed is Hewlett-Packard Company's headquarters. Hewlett-Packard acquired Arteis in May of 2007.

In January, Arteis discovered that an unauthorized person had accessed certain files. Customer names, addresses and credit card numbers may have been exposed.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

May 5, 2007 Transportation Security Administration (TSA)
Crystal City, Virginia
GOV PORT

100,000

A computer hard drive containing payroll data from January 2002 to August 2005 including employee names, Social Security numbers, birth dates, bank account and routing information of current and former workers including airport security officers and federal air marshals was stolen.

UPDATE (5/14/07) The American Federation of Government Employees is suing the TSA for the loss of the hard drive. It calls the breach a violation of the Privacy Act.

 
Information Source:
Dataloss DB
records from this breach used in our total: 100,000

May 3, 2007 Maryland Department of Natural Resources
Annapolis, Maryland
GOV PORT

1,433

Personal information of current and retired employees including names and Social Security numbers was downloaded to a thumb drive by an employee who wanted to work at home but was lost en route.

 
Information Source:
Dataloss DB
records from this breach used in our total: 1,433

Breach Total
815,842,526 RECORDS BREACHED
(Please see explanation about this total.)
from 4,495 DATA BREACHES made public since 2005
Showing 3651-3700 of 4495 results


X

Sign In!

Loading