Chronology of Data Breaches
Security Breaches 2005 - Present

Posted Date: April 20, 2005
Updated Date: December 31, 2013

Is this your first visit to our Chronology of Data Breaches?

  • Read our FAQ about what we define as a breached record, how we calculate the "total" records breached, our data sources, state breach notice laws, studies and other resources

  • Learn how to use our Chronology and take advantage of its sophisticated search and sort features

  • Get our RSS Feed to see when we add new breaches to the list

What would you like to do?

Chronology of Data Breaches

Custom Sort
Select your desired results. Then click "Go!"

Click or unclick the boxes then select go.


Select features, then click GO.



Help Guide

Can't find the sort feature you're looking for? Click here to download a CSV file of the data breach list as it exisits today.
Breach Total
815,842,526 RECORDS BREACHED
(Please see explanation about this total.)
from 4,495 DATA BREACHES made public since 2005

Save or Print PDF of Entire Breach List including introduction.Save or Print a PDF of Entire Breach List (including introductory FAQ)

Filter breach list before saving or printing PDF. Conduct a search of the Chronology using its sorting features, and Save or Print a PDF of your search results (Select filters)

If you do not have access to PDF, you can print the Chronology in landscape view.

Date Made Public Name Entity Type
January 12, 2010 SouthTrust
Bossier, Louisiana
BSF PHYS

Unknown

The financial planning company left sensitive retirement information in a publicly accessible dumpster.  The information included account ID numbers, personal addresses, and Social Security numbers. Information about people living in Shreveport, Haughton, Minden, Monroe, Farmerville, Eros and Downsville, Louisiana was found.  Information from people living in Orange, Port Neches, Vidor and Deweyville, Texas was also found.

 
Information Source:
NAID
records from this breach used in our total: 0

August 29, 2005 Iowa Student Loan
Des Moines, Iowa
BSF PORT

Unknown

A CD-Rom including Social Security numbers, last name and state of residence was lost while in transit from an outside business partner.

 
Information Source:
Security Breach Letter
records from this breach used in our total: 0

October 3, 2006 Willamette Educational Service District (ESD)
Salem, Oregon
EDU STAT

4,500 Oregon high school students [not included in total because not thought to contain sensitive info. such as SSNs]

Seven computers stolen from a Willamette Educational Service District office were believed to contain personal information of 4,500 Oregon high school students. Backup tapes indicate the computers hold information about the students' school clubs but do not contain sensitive information.

 
Information Source:
Media
records from this breach used in our total: 0

October 3, 2006 Picatinny Arsenal
Rockaway, New Jersey
GOV UNKN

Unknown

 If you have tips, call (973) 989-0652

28 computers are missing from the Picatinny Arsenal, a Department of Defense Weapons Research Center. The computers were reported lost or stolen over the last two years. None of the computers was encrypted. Officials state the computers did not contain classified information.

 
Information Source:
Media
records from this breach used in our total: 0

April 22, 2010 JE Systems Inc.
Fort Smith, Arkansas
BSF HACK

Unknown

The company in Arkansas lost more than $110,000 this month when hackers stole the firm’s online banking credentials and drained its payroll account. On Wednesday, Apr. 7, Ft. Smith based JE Systems Inc. received a call from its bank stating that the company needed to move more money into its payroll account. Over the course of two days, someone had approved two batches of payroll payments — one for $45,000 and another for $67,000. A few days later, the First National Bank of Fort Smith sent JE Systems a letter saying the bank would not be responsible for the loss. It was their internet address that was used to process the payments, and their online banking user name and password.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

October 4, 2006 Orange County Controller
Orlando, Florida
GOV DISC

Unknown

A Florida woman discovered her marriage license was visible on the Orange County (FL) controller's Web site with no information blacked out, not even SSNs. She discovered the breach because someone had applied for a loan in her name. The Orange County Comptroller is reportedly paying a vendor $500,000 to black out all SSNs by January 2008.

 
Information Source:
Media
records from this breach used in our total: 0

October 5, 2006 San Juan Capistrano Unified School District (CA)
San Juan Capistrano, California
EDU STAT

Unknown

Five computers stolen from the HQ of San Juan Capistrano Unified School District likely contain the names, SSNs and dates of birth of district employees enrolled in an insurance program.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

October 12, 2006 U.S. Census Bureau
Washington, District Of Columbia
GOV PORT

Unknown

Additional location: Travis Co., TX

This spring, residents of Travis County, TX helped the Census Bureau test new equipment. When the test period ended, 15 devices were unaccounted for. The Census Bureau and the Commerce Department issued a press release saying the devices held names, addresses and birthdates, but not income or SSNs.

 
Information Source:
Media
records from this breach used in our total: 0

October 12, 2006 Congressional Budget Office
Washington, District Of Columbia
GOV HACK

Unknown

Hackers broke into the Congressional Budget Office's mailing list and sent a phishing e-mail that appeared to come from the CBO.

 
Information Source:
Media
records from this breach used in our total: 0

October 13, 2006 Ohio Ethics Commission
Columbus, Ohio
GOV PHYS

Unknown

Papers belonging to the Ohio Ethics Commission were found floating on the wind in an alley. The documents are related to state employees' finances and contained SSNs and financial statements. They were supposed to be in the possession of the state archives.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

April 23, 2010 Blippy.com
Palo Alto, California
BSO DISC

Unknown

Blippy is a social Web service that lets users share with the world all their credit card transactions. One big problem though: Blippy appears to have inadvertently published some of its users' credit card numbers. Google search resulted in viewing of some of the credit card numbers.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

March 17, 2010 Private Medical Practice
Lake Mary, Florida
MED PHYS

Unknown

Police were looking for evidence of another crime when they found personal documents in the dumpster outside of a doctor's office. The doctor specializes in treating the ear, nose, and throat and claims there was nothing about patients in the documents. The doctor agreed to shred the documents while the police investigated whether or not patient information was compromised.

 
Information Source:
NAID
records from this breach used in our total: 0

October 16, 2006 Germanton Elementary School
Germanton, North Carolina
EDU STAT

Unknown

A computer stolen from Germanton Elementary school holds students' SSNs. The data on the computer are encrypted.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

October 16, 2006 VISA, FirstBank (1st Bank)
Lakewood, Colorado
BSF UNKN

Unknown

FirstBank sent a letter to an unknown number of customers informing them their FirstTeller Visa Check Card numbers were compromised when someone accessed “a merchant card processor's transaction database.” The FirstBank letter said customers would receive new cards by October 27.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

January 28, 2010 University Medical Clinics
Port St. Lucie, Florida
MED PHYS

Unknown

Files containing Social Security numbers, phone numbers, patient names, and addresses were found in a trash bin outside of the clinic. A woman found the files and notified police after receiving an anonymous tip.

 
Information Source:
NAID
records from this breach used in our total: 0

October 24, 2006 Jacobs Neurological Institute
Buffalo, New York
MED PORT

Unknown

The laptop of a research doctor was stolen from her locked office at the Institute. It included records of patients and her research data.

 
Information Source:
Media
records from this breach used in our total: 0

October 25, 2006 Tuscarawas County and Warren County
Tuscarawas County, Ohio
GOV DISC

Unknown

Additional location: Warren County, OH

The Social Security numbers of some Tuscarawas and Warren County voters were available on the LexisNexis Internet database service. Local boards of elections may be the source of the information. 

UPDATE (11/1/06): LexisNexis says it has now removed the SSNs.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

October 26, 2006 Empire Equity Group
Charlotte, North Carolina
BSF PHYS

Unknown

Mortgage files that included personal financial details about loan applicants were found in a dumpster. Empire Equity will pay $12,500 to the State of NC.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

October 27, 2006 Hancock Askew & Co.
Savannah, Georgia
BSO PORT

Unknown

On October 5, 2006, a laptop computer containing 401(k) information for employees of at least one company (Atlantic Plastics, Inc.) was stolen from accounting firm Hancock Askew.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

November 11, 2006 Hertz Global Holdings, Inc.
Oklahoma City, Oklahoma
BSO INSD

Unknown

1-888-222-8086

The names and Social Security numbers of Hertz employees dating back to 2002 were discovered on the home computer of a former employee.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

November 10, 2005 State of California - Department of Corrections and Rehabilitations (CDCR) Parole Outpatient Clinic
Sacramento, California
MED PORT

Unknown

On or around June 18, 2005 a laptop computer was stolen with information on parolees. It was unclear from the letter we recieved whether Social Security numbers were involved. 

 
Information Source:
Security Breach Letter
records from this breach used in our total: 0

March 15, 2008 Starling Insurance and Associates
Colorado Springs, Colorado
BSF PHYS

Unknown

A server stolen from the locked offices contained names, addresses and Social Security numbers, dates of birth, driver's license numbers and/or account information for an unspecified number of customers.

 
Information Source:
Media
records from this breach used in our total: 0

September 1, 2012 New Hampshire Department of Corrections
Concord, New Hampshire
GOV HACK

Unknown

A staff member found that a cable line hooked to the computers used by inmates had been connected to a line connecting to the entire Concord prison computer system.  This may have allowed one or more prisoners to view, steal, or change sensitive records. The network is used to track invoiced and billing for Correctional Industries contracts. Information from the offender management database system "Corrections Offender Records and Information System" may have been compromised as well.

 
Information Source:
Databreaches.net
records from this breach used in our total: 0

November 2, 2006 Greater Media, Inc.
Philadelphia, Pennsylvania
BSO PORT

Unknown

A laptop computer containing the Social Security numbers of the radio broadcasting company's current and former employees was stolen from their Philadelphia offices.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

November 3, 2006 Wesco
Muskegon, Michigan
BSR CARD

Unknown

Wesco gas stations experienced a breach in credit card transactions from July 25-Sept. 7 resulting in inaccurate charges to customer accounts.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

November 3, 2006 Several Joliet area motels
Joliet, Illinois
BSO INSD

Unknown

Motel owners and employees allegedly stole and sold customers' credit card numbers.

 
Information Source:
Media
records from this breach used in our total: 0

November 16, 2006 American Cancer Society (ACS)
Louisville, Kentucky
NGO PORT

Unknown

Headquarters in Atlanta, GA.  If you have tips, call (502) 574-5673

An unspecified number of laptop computers were stolen from the Louisville offices of the American Cancer Society. It is not clear what personal information was exposed, if any.

 
Information Source:
Media
records from this breach used in our total: 0

October 31, 2006 Avaya
Maitland, Florida
BSO PORT Unknown
Additional location: Basking Ridge, NJ A laptop stolen from an Avaya employee on October 16 in Florida contained personally identifiable information, including names, addresses, W-2 tax form information and SSNs.  
Information Source:
Dataloss DB
records from this breach used in our total: 0

November 20, 2006 Administration for Children's Services
New York, New York
GOV PHYS

200 (No reports of SSNs or financial information)

More than 200 case files from the Emergency Children's Services Unit of ACS were found on the street in a plastic garbage bag. The files contain sensitive information of families, social workers and police officers.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

May 25, 2010 AT&T/Ferrell Communication
Jacksonville, Florida
BSO DISC

Unknown

A woman got quite a surprise when she looked in her recycle bin. Someone had dumped hundreds of files of people's personal information. The manila folders that were found contained personal information of AT&T cell phone customers, including credit card numbers, driver's licenses and Social Security numbers. It appears the information was collected by another company called Ferrell Communication, which was located in a strip mall. It's no longer there, and the phone number listed isn't valid. The information is contracts for AT&T wireless service customers dating back to 1999 or 2000. The information is old, but could still be valid.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

November 28, 2006 Kaiser Permanente Colorado-- Skyline and Southwest offices
Denver, Colorado
MED PORT

38,000 (No SSNs or financial information reported)

 For members who have questions: (866) 529-0813

A laptop was stolen from the personal car of a Kaiser employee in California on Oct. 4. It contained names, Kaiser ID number, date of birth, gender, and physician information. The data did not include SSNs.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

August 30, 2012 BMO Harris Bank
Milwaukee, Wisconsin
BSF PORT

Unknown

The laptop of an employee who works for a BMO Harris Bank vendor was stolen.  It contained customer names, addresses, and dates of birth. BMO learned of the breach on June 20.

 
Information Source:
Databreaches.net
records from this breach used in our total: 0

November 29, 2006 Gundersen Lutheran Medical Center
LaCrosse, Wisconsin
MED INSD

unknown

A Medical Center employee used patient information, including SSNs and dates of birth, to apply for credit cards in their names. As patient liaison, her duties included insurance coverage, registration, and scheduling appointments. She was arrested for 37 counts of identity theft, and was convicted of identity theft and uttering forged writing, according to the criminal complaint.

 
Information Source:
Media
records from this breach used in our total: 0

December 5, 2006 Army National Guard 130th Airlift Wing
Charleston, West Virginia
GOV PORT

Unknown

A laptop was stolen from a member of the unit while he was attending a training course. It contained names, SSNs, and birth dates of everyone in the 130th Airlift Wing.

 
Information Source:
Media
records from this breach used in our total: 0

December 22, 2005 H&R Block
Kansas City, Missouri
BSO DISC

Unknown

Many past and present customers received unsolicited copies of the program TaxCut that displayed their Social Security numbers on the outside, embedded in a lengthy string of code.

 
Information Source:
Security Breach Letter
records from this breach used in our total: 0

December 6, 2007 S&K Famous Brands, Inc.
Richmond, Virginia
BSR HACK

Unknown

On October 24, S&K was notified of a suspicious email addressed to customers. It was determined that the email had been sent from a fictitious S&K email address and was a phishing attempt. The email contained a real or fictitious S&K order number and the last four digits of the credit card number used by the customer to whom it was addressed. The email requested that the customer provide a credit card identification number. The online store was disconnected and remote access to S&K's network was disabled within 30 minutes of the discovery. Customers of S&K Menswear may have had their names, addresses, credit card numbers and expiration dates may have been accessed.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

December 14, 2006 Bank of America
Charlotte, North Carolina
BSF INSD

Unknown

A former contractor for Bank of America unauthorizedly accessed the personal information (name, address, phone number, Social Security number) of an undisclosed number of customers, for the purpose of committing fraud.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

December 20, 2006 Lakeland Library Cooperative
Grand Rapids, Michigan
GOV DISC

15,000 (No SSNs or financial information reported)

Lakeland Library Cooperative serves 80 libraries in eight counties.

Personal information of 15,000 library users in West Michigan was displayed on the Cooperative's Web site due to a technical problem. Information exposed included names, phone numbers, e-mail addresses, street addresses, and library card numbers. Children's names were also listed along with their parents' names on a spreadsheet document. The information has since been removed.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

December 20, 2006 Deb Shops, Inc.
Philadelphia, Pennsylvania
BSR HACK

Unknown

(800) 460-9704

A hacker illegally accessed company Web pages and a related data base used for Internet-based purchases. The intruder may have accessed customers' credit card information including names on cards and credit card numbers.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

October 13, 2012 City of Burlington, Washington
Burlington, Washington
GOV HACK

Unknown

A hacker or hackers managed to transfer $400,000 in city funds to accounts across the country. The cyber attack occurred sometime between Tuesday night and Wednesday morning.  City employees may have also had their direct deposit bank account information compromised.

 
Information Source:
Databreaches.net
records from this breach used in our total: 0

January 2, 2007 Notre Dame University
Notre Dame, Indiana
EDU PORT

Unknown

Additional location: South Bend, IN

A University Director's laptop was stolen before Christmas. It contained personal information of employees, including names, SSNs, and salary information.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

January 2, 2007 News accounts are not clear as to source, but thought to be a realty office
Las Vegas, Nevada
BSO PHYS

Unknown

About 40 boxes of financial paperwork, thought to be from loan applications, was found in a dumpster. One of the boxes visible to news reporters was said to contain paperwork with bank account details, photocopies of driver's licenses, SSNs and other private information.

 
Information Source:
Media
records from this breach used in our total: 0

January 5, 2007 Dr. Baceski's office, internal medicine
Somerset, Pennsylvania
MED PORT

hundreds of patients

A hard drive was stolen containing personal information on hundreds of patients.

 
Information Source:
Media
records from this breach used in our total: 0

January 10, 2007 University of Arizona
Tucson, Arizona
EDU UNKN

Unknown

Breaches occurred in November and December 2006 that affected services with UA Student Unions, University Library, and UA Procurement and Contracting Services. Some services were shut down for several days.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

February 13, 2008 Los Angeles Department of Water and Power
Los Angeles, California
GOV PHYS

Unknown

A computer was stolen from a contractor on February 11, 2008. Compromised information included name, Social Security number, date of birth, employee identification number, salary, work location, deferred compensation balances, insurance plan coverage and health care benefits selection for all active employees who were members of the DWP Retirement Plan during 2006 and 2007.

UPDATE (2/15/08): The contractor has been identified as Systematic Automation Inc.  Nineteen organizations were affected by the breach.

 
Information Source:
Security Breach Letter
records from this breach used in our total: 0

January 16, 2007 University of New Mexico
Albuquerque, New Mexico
EDU STAT

Unknown

At least 3 computers and 4 monitors were stolen from the associate provost's office overnight between Jan. 2 and 3. They may have included faculty members' names and SSNs.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

January 19, 2007 U.S. Internal Revenue Service via City of Kansas City
Kansas City, Missouri
GOV PORT

Unknown

26 IRS computer tapes containing taxpayer information were reported missing after they were delivered to City Hall. They potentially contain taxpayers' names, SSNs, bank account numbers, or employer information. The 26 tapes were the entire shipment received by the City last August. The disappearance was noticed late December 2006.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

January 22, 2007 U.S. Department of Veterans Affairs
Seattle, Washington
GOV PHYS

Unknown

Folders of veterans' personal information were stolen from a locked car in Bremerton, WA. News stories are not clear on the type of information contained in the folders.

 
Information Source:
Media
records from this breach used in our total: 0

January 25, 2007 Clay High School
Oregon, Ohio
EDU HACK

Unknown

A former high school student obtained sensitive staff and student information through an apparent security breach. The data was copied onto an iPod and included names, birth dates, SSNs, addresses, and phone numbers.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

January 29, 2007 Mendoza College of Business, Notre Dame University
Notre Dame, Indiana
EDU DISC

Unknown

Additional location: South Bend, Indiana

A file of individuals who took the GMAT test (Graduate Management Admissions Test) was mistakenly left on a computer that was decommissioned. The computer was later reactivated and plugged into the Internet. Its files were available through a file-sharing program. Data included names, scores, SSNs and demographic information from 2001.

 
Information Source:
Media
records from this breach used in our total: 0

Breach Total
815,842,526 RECORDS BREACHED
(Please see explanation about this total.)
from 4,495 DATA BREACHES made public since 2005
Showing 101-150 of 4495 results


X

Sign In!

Loading