Chronology of Data Breaches
Security Breaches 2005 - Present

Posted Date: April 20, 2005
Updated Date: December 31, 2013

Is this your first visit to our Chronology of Data Breaches?

  • Read our FAQ about what we define as a breached record, how we calculate the "total" records breached, our data sources, state breach notice laws, studies and other resources

  • Learn how to use our Chronology and take advantage of its sophisticated search and sort features

  • Get our RSS Feed to see when we add new breaches to the list

What would you like to do?

Chronology of Data Breaches

Custom Sort
Select your desired results. Then click "Go!"

Click or unclick the boxes then select go.


Select features, then click GO.



Help Guide

Can't find the sort feature you're looking for? Click here to download a CSV file of the data breach list as it exisits today.
Breach Total
815,842,526 RECORDS BREACHED
(Please see explanation about this total.)
from 4,489 DATA BREACHES made public since 2005
Date Made Public Name Entity Type
July 15, 2008 Weber Law Firm
Houston, Texas
BSO PHYS

Unknown

Sheriff's deputies uncovered hundreds of people's personal financial files that had been discarded in a dumpster in northwest Houston. Box after box of records including personal financial records, documents with Social Security numbers, people's medical files and more were found in the dumpster.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

June 3, 2010 Safe Harbor Med
Santa Cruz, California
MED PORT

Unknown

Burglars stole client records, a suitcase and two bags of cookies from a medicinal marijuana referral office. Burglars also stole a computer hard drive that contained a client database, including Social Security numbers, ID numbers and other sensitive information. The burglars apparently cut power to the building — so the alarm didn't go off — and shattered a window to get into the office.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

July 23, 2008 San Francisco Human Services Department
San Francisco, California
GOV PHYS

Unknown

Potentially thousands of files contaning personal information was exposed after a San Francisco agency left confidential files in unsecured curbside garbage and recycling bins. In some cases entire case files were discarded. Blown up copies of social security cards, driver's licenses, passports, bank statements and other sensitive personal information were all left in these unlocked bins.

 
Information Source:
Media
records from this breach used in our total: 0

July 25, 2008 Grady Memorial Hospital
Atlanta, Georgia
MED INSD

Unknown

Hospital records were stolen, although it remains unknown how many patient records were compromised, which patients were affected or how the records were stolen. The records pertained to recorded physician comments that Grady sent to a vendor to transcribe into medical notes. The records were stolen from a subcontractor employed by the vendor.

 
Information Source:
Media
records from this breach used in our total: 0

April 8, 2010 ManorCare Health Services
Wheaton, Maryland
MED INSD

Unknown

Montgomery County's Department of Health and Human Services is looking into how numerous Wheaton nursing home papers containing sensitive patient information have made their way into nearby neighbors' yards over the past few months. The county sent a nursing home inspector to investigate complaints from residents in the Wheaton Regional Park Civic Association who said they have found internal documents from the nearby ManorCare Health Services that contain patient conditions, names and Social Security numbers. The inspector cited ManorCare for inappropriate conduct.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

July 28, 2008 Facebook
Palo Alto, California
BSO DISC

Unknown 80 million Not added to total since the breach is not SSNs or financial account data.

Facebook accidentally publicly revealed personal information about its members, which could be useful to identity thieves. The full dates of birth of many of Facebook's 80 million active users were visible to others, even if the individual member had requested that the information remained confidential.

 
Information Source:
Media
records from this breach used in our total: 0

July 29, 2008 Anheuser-Busch
St. Louis, Missouri
BSR PORT

Unknown

 (800) 913-4502

A laptop containing personal information of current and former employees, including some from Hampton Roads, was stolen from a St. Louis-area Anheuser-Busch office. Information contained on the computer included employees' Social Security numbers, home addresses and marital status.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

August 1, 2008 Tennessee Valley Authority
Knoxville, Tennessee
GOV PORT

Unknown

A laptop stolen from TVA contained Social Security numbers and reflects generally inadequate policies and procedures for tracking computers at the agency. The laptop was one of approximately 26 computer and computer-related items stolen from TVA between May 26, 2006, and Nov. 30, 2007, according to the IG, although the report stated it was unclear whether sensitive information was present on any of the laptops or PCs stolen from TVA.

 
Information Source:
Media
records from this breach used in our total: 0

August 3, 2008 Oakland School District
Oakland, California
EDU STAT

Unknown

Thieves stole 10 desktop computers containing employees' personal information from the Oakland school district's main office. District officials are still determining what information was on each computer, but the machines may contain personal information provided to the district when employees were hired. It is unknown how many employees' records were on the computers.

 
Information Source:
Media
records from this breach used in our total: 0

June 7, 2010 New York City Department of Education
New York, New York
EDU HACK

Unknown

The New York City’s Special Commissioner Office revealed a hacker stole more than $640,000 from the Department of Education’s petty cash account at JP Morgan Chase and distributed the codes to others to use to pay for student loans, gas bills and other purchases. The hacker allowed individuals to pay personal bills through EFTs and, in turn, he was given cash. The scam was discovered when an unidentified woman informed Chase someone was trying to pay bills using the account.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

August 12, 2008 Child Protective Services
San Antonio, Texas
GOV PHYS

Unknown

Hundreds of private, personal records were discarded with the trash, including records detailing medical histories of clients with diseases and drug addictions. Documents showing sexual abuse and information that could be used for identity theft, such as Social Security numbers, were also found in the trash.

 
Information Source:
Media
records from this breach used in our total: 0

August 18, 2008 The Princeton Review
New York, New York
EDU DISC

108,000 (No SSNs or financial information reported)

The test-preparatory firm accidentally published the personal data and standardized test scores of tens of thousands of Florida students on its Web site. One file on the site contained information on about 34,000 students in the public schools in Sarasota, Fl. Another folder contained dozens of files with names and birth dates for 74,000 students in the school system of Fairfax County, Va.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

August 19, 2008 Kingston Tax Service
Kingston, Washington
BSO PORT

Unknown

Office computers were stolen from the business. On each of the computers is information which can be used by identity thieves including credit card information and Social Security numbers.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

August 22, 2008 Liberty McDonald's Restaurant
Liberty, Kentucky
BSR INSD

Unknown

An employee at a Liberty McDonald's restaurant, took credit or debit cards from drive-through customers and used a device she had hidden near the window to swipe the cards to record their numbers. The information on the device then was downloaded and used to make new cards either in the names of the persons to which the original cards belonged or in the names of the perpetrators.

 
Information Source:
Media
records from this breach used in our total: 0

August 27, 2008 YMCA
Champaign, Illinois
NGO UNKN

Unknown

Customers who paid for items at a YMCA fund-raiser with checks or credit cards are being warned about a burglary at which credit and debit card numbers were taken.

 
Information Source:
Media
records from this breach used in our total: 0

August 29, 2008 Wachovia Bank
Cape Coral, Florida
BSF CARD

Unknown

It was confirmed that several customers of the Camelot branch, at Cape Coral Parkway and Chiquita Boulevard, who used their debit cards have had their accounts fraudulently charged because someone placed a skimming device on the ATM. The device collected each person's card information, including personal identification numbers, and allowed different debit cards to be created with that information.

 
Information Source:
Media
records from this breach used in our total: 0

September 4, 2010 Essex Youth Commision Summer Program
Essex, Massachusetts
GOV PHYS

Unknown

Paper records and digital files with personal health and personally identifiable information from youth participants, parents and staff were reported missing.

 
Information Source:
PHIPrivacy.net
records from this breach used in our total: 0

June 8, 2010 Bank of America
Sun City, Florida
BSF INSD

Unknown

An employee in one of Bank of America's customer call centers has admitted he stole sensitive account information and tried to sell it for cash. The man met with two individuals whom he later learned were undercover FBI agents and offered to sell them names, dates of birth, telephonic passwords, and other details for Bank of America customers, according to court records. He was looking for accomplices who knew how to milk the accounts by establishing phony credit cards in the customers' names or through other means.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

August 30, 2008 Southwest Medical Association
Las Vegas, Nevada
MED PHYS

Unknown

Thousands of medical charts were found in an abandoned storage unit that was purchaced for $25.

 
Information Source:
Media
records from this breach used in our total: 0

September 9, 2008 University of Pittsburgh
Pittsburgh, Pennsylvania
EDU PORT

Unknown

A laptop containing personal information including names and Social Security numbers was stolen. The laptop, stolen from Mervis Hall was being used by an employee to conduct surveys of alumni that are used in college rankings.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

September 10, 2008 Ivy Tech Community College
Bloomington, Indiana
EDU DISC

Unknown

http://www.ivytech.edu/about/security/

An employee of the college used an internal file sharing system to send a file that consisted of students enrolled in the spring 2008 semester for distance education courses. The employee intended to share the file with a single employee of the college. Instead, due to a clerical error, the invitation to view the file was sent to a list of all Indianapolis region employees.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

June 10, 2010 City of Springfield
Springfield, Illinois
GOV DISC

Unknown

The city of Springfield put documents online that contained sensitive information such as Social Security numbers, driver’s license numbers, home and work telephone numbers, bank account numbers and the name of someone who called the state anonymously to report suspected child abuse. The documents were posted on the city’s website in response to Freedom of Information Act requests as part of an initiative to make public information available to anyone with a computer. But personal information such as home phone numbers, Social Security numbers and driver’s license numbers are exempt from disclosure under state law.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

June 9, 2010 Apple Inc., AT&T
Cupertino, California
BSR HACK

120,000 (No SSNs or financial information involved)

A security breach has exposed iPad owner information. Dozens of CEOs, military officials, and top politicians may have been affected. They—and every other buyer of the cellular-enabled tablet—could be vulnerable to spam marketing and malicious hacking. The breach exposed the most exclusive email list on the planet, a collection of early-adopter iPad 3G subscribers that includes thousands of A-listers in finance, politics and media, from New York Times Co. CEO Janet Robinson to Diane Sawyer of ABC News to film mogul Harvey Weinstein to Mayor Michael Bloomberg. It even appears that White House Chief of Staff Rahm Emanuel's information was compromised. It doesn't stop there. According to the data given by the web security group that exploited vulnerabilities on the AT&T network, 114,000 user accounts have been compromised, although it's possible that confidential information about every iPad 3G owner in the U.S. has been exposed.

UPDATE (01/18/2011): Chat logs of the accused iPad hackers were turned over to investigators.  It appears that two men used an "account slurper" to conduct a "brute force" attack that lasted five days and extracted data from iPad users who accessed the Internet through AT&T's 3G network.  Each of the two men were charged with one count of conspiracy to access a computer without authorization and one count of fraud.

UPDATE (06/23/2011): One of the people responsible for writing the malicious code used to breach AT&T's computer servers pleaded guilty to his part in the attack.

UPDATE (11/20/2012): The second person responsible for discovering and exploiting a security weakness was found guilty.  AT&T iPad subscribers had their emails exposed because of the security issue.

UPDATE (03/19/2013): One of the conspirators was sentenced to 41 months in prison for identity theft and conspiracy to gain unauthorized access to computers.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

May 20, 2010 Strong Memorial Hospital
Rochester, New York
MED DISC

1250 (0 SSNs and credit cards involved)

Around half of all patient medical bills were sent to the wrong address. The billing statements included patient names, name and address of the person responsible for paying the bill, description of services received and the dates of services, dollar amount owed, health insurance plan and subscriber number. Around 1,250 patients were affected.

 
Information Source:
Databreaches.net
records from this breach used in our total: 0

October 1, 2008 Foothills Parks and Recreation District
Littleton, Colorado
GOV HACK

Unknown

The district noticed unusual activity last week which they believe was caused by a virus introduced to cover up the actions of an intruder. Some customer information, including credit card information, may have been compromised.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

May 22, 2010 Staff Jennings Boats
Portland, Oregon
BSR DISC

Unknown

Sales documents dating back 20 years were found in a dumpster. The personal financial information of customers included Social Security numbers and information on purchases. Staff Jennings went out of business in April of 2010.

 
Information Source:
Databreaches.net
records from this breach used in our total: 0

October 27, 2008 Shell Oil Co.
Houston, Texas
BSR INSD

Unknown

An IT contractor used the personal data of four Shell workers as part of an unemployment insurance claims scam. Employees of a third-party contractor misused information stored in a corporate database. The database includes records for a majority of current and former Shell employees. Misused data included names, dates of birth and Social Security numbers.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

November 3, 2008 Genesee Intermediate School District
Mundy Township, Michigan
EDU PORT

6,000 Not included in total.

A laptop stolen had been used for background checks on school workers and included their fingerprints and some personal information such as their names, addresses, birthdates and race. The laptop did not have Social Security numbers and the data was stored in files that require a password to be opened.

 
Information Source:
Media
records from this breach used in our total: 0

May 24, 2010 Cheesecake Factory
Washington, District Of Columbia
BSR INSD

Unknown

Three servers from a Cheesecake Factory restaurant were charged with using skimming devices to make over $117,000 in fraudulent charges to customer credit card accounts.

 
Information Source:
Databreaches.net
records from this breach used in our total: 0

May 25, 2010 Local Coffee
San Antonio, Texas
BSR HACK

Unknown

Hackers may have gained access to credit and debit card information by exploiting Aloha software weaknesses. After a purchase at Local Coffee, a customer's debit card was canceled. This prompted Local Coffee to temporarily stop using Aloha.  Another San Antonio eating establishment, Aldaco, also encountered hacking problems while using Aloha software.

 
Information Source:
Databreaches.net
records from this breach used in our total: 0

November 5, 2008 North Carolina Dept. of Health and Human Services
Raleigh, North Carolina
GOV PORT

Unknown

A laptop computer belonging to a Division of Aging and Adult Services employee was stolen. The computer contained information about people receiving home and community services.

 
Information Source:
Media
records from this breach used in our total: 0

May 21, 2010 Aldaco's Mexican Cuisine
San Antonio, Texas
BSR HACK

Unknown

Aldaco's Mexican Cuisine at Stone Oak had a data security breach.  Customers were notified of fraudulent charges; some were from places outside of the U.S. Aldaco urged customers who had used their credit cards at the restaurant to cancel them.

 
Information Source:
Databreaches.net
records from this breach used in our total: 0

November 7, 2008 Christus Health Care
Houston, Texas
MED PORT

Unknown

 (800) 877-9056

Two computer back-up tapes were stolen. Someone broke into a car in a Houston parking lot and took the tapes. The information on the tapes included patient names, Social Security numbers, demographic information, and in some cases, diagnosis codes.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

May 14, 2010 Principal Financial Group
Des Moines, Iowa
BSF HACK

Unknown

An unauthorized person using a valid employer password and user name accessed group contract number, member name, Social Security number, age and employment status of certain individuals with a connection to Principal Life Insurance.

 
Information Source:
Databreaches.net
records from this breach used in our total: 0

November 12, 2008 Pinellas County and Florida state agency offices
Pinellas County, Florida
GOV PHYS

Unknown

Documents with Social Security numbers, medical information and other legally protected data were found in trash containers at government buildings. Also found were hundreds of improperly discarded records were found that included medical data, privileged communications between attorneys and clients, juvenile defendant records and child abuse materials.

 
Information Source:
Media
records from this breach used in our total: 0

May 18, 2010 Capitol One
McLean, Virginia
BSF UNKN

Unknown

A fraud ring may have accessed customer information. The information included names, addresses, Social Security numbers, and other personal information. It is not known how the information was obtained or how many customers were affected. The information may have been accessed sometime between December of 2009 and February of 2010.

 
Information Source:
Databreaches.net
records from this breach used in our total: 0

December 3, 2008 Central California Appellate Program
Sacramento, California
NGO PORT

Unknown

A backup computer disk was in a safe taken by thieves who broke into a storage facility. Besides Social Security numbers, the disk contained tax identification numbers, addresses, telephone numbers and e-mail addresses.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

December 14, 2008 Zyacorp Entertainment Cinemagic Stadium
Merrimack, New Hampshire
BSR HACK

Unknown

Hackers broke into a Merrimack movie theater's servers and stole customers' credit card information.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

May 25, 2010 Lincoln Financial Group
Radnor, Pennsylvania
BSF DISC

1,286 (0 SSNs reported)

In 2002, 2008, and 2010 records of correspondence between agents and clients were misplaced. Technical errors caused the names, addresses, policies or contract numbers, account values, trade and transaction activities, and dates of birth of the clients to be accessible.

 
Information Source:
Databreaches.net
records from this breach used in our total: 0

December 15, 2008 University of North Carolina
Greensboro, North Carolina
EDU HACK

Unknown

A breach of the accounting computer systems at UNC-Greensboro may have exposed personal employee information to intruders. The breach was detected on a computer in the Accounting Services office, in the form of a virus that may have allowed unauthorized access.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

May 24, 2010 Lake Ridge Middle School
Woodbridge, Virginia
EDU PORT

1,200 (0 SSNs reported)

A USB drive containing student names, identification numbers, phone numbers, and medical information was stolen from the unlocked car of a school administrator at the employee's home. Over 1,200 students were affected.

 
Information Source:
Databreaches.net
records from this breach used in our total: 0

August 23, 2010 Wachovia Bank
Atlanta, Georgia
BSF INSD

Unknown

A former employee was sentenced to prison after being convicted of identity theft and bank fraud. While working at Wachovia's bank fraud detection department in 2007, the employee sold credit card and bank account numbers to an outside accomplice. The former employee was ordered to pay $91,104 in restitution and serve a four and a half years federal prison sentence.

 
Information Source:
Databreaches.net
records from this breach used in our total: 0

May 28, 2010 Cincinnati Children's Hospital Medical Center
Cincinnati, Ohio
MED PORT

61,000 (0 SSNs and financial information reported)

A laptop containing the names, medical record numbers, and medical services provided of patients was stolen from an employee's car while it was parked at his or her home. As a precaution, no additional laptops will be allowed outside the hospital unless they are encrypted.

 
Information Source:
Databreaches.net
records from this breach used in our total: 0

January 2, 2009 Merrill Lynch
New York, New York
BSF STAT

Unknown

A third-party consulting services firm working on behalf of Merrill Lynch reported, one of their employees was burglarized. The burglars took various items, including a computer, which had on it the names and Social Security numbers of current and former Financial Advisors and some applicants for employment.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

January 2, 2009 Pepsi Bottling Group
Somers, New York
BSR PORT

Unknown

For More Info Contact: David Yawman David.Yawman@pepsi.com (914) 767-7620 or (866) 578-5410

A portable data storage device, which contained personal information, including the names and Social Security numbers of employees in the US is missing or stolen.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

June 5, 2010 National Highway Traffic Safety Administration (NHTSA)
Washington, District Of Columbia
GOV DISC

Unknown

A limited search of NHTSA's public complaint database uncovered Social Security numbers, names, birth dates, addresses, VINs, and drivers' license numbers. Public access to the database of 792,000 complaint cases was temporarily ended.

 
Information Source:
Databreaches.net
records from this breach used in our total: 0

January 7, 2009 Genica, Geeks.com
Oceanside, California
BSO HACK

Unknown

 (888) 529-6261 http://www1.ftc.gov/opa/2009/02/compgeeks.shtm

Genica dba Geeks.com (Genica) recently discovered that customer information, including Visa credit card information, may have been compromised. In particular, it is possible that an unauthorized person may be in possession of your names, addresses, telephone numbers, email addresses, credit card numbers, expiration dates, and card verification numbers. They are still investigating the details of this incident, but it appears that an unauthorized individual may have accessed this information by hacking the eCommerce website.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

January 13, 2009 University of Oregon
Eugene, Oregon
EDU PORT

Unknown

(541) 346-2510

A laptop computer containing data files for Youth Transition Program (YTP) participants was stolen. Those files contained names and social security numbers.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

January 13, 2009 Innodata Isogen, Inc.
Hackensack, New Jersey
BSO PORT

Unknown

Laptop stolen from an employee's car contained names, addresses, Social Security numbers of current and former employees.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

January 14, 2009 Occidental Petroleum Corporation
Dallas, Texas
BSO INSD

Unknown

(800) 733-0085

A former employee emailed himself (to personal email account) a spreadsheet of employee names, addresses, empolyee identification numbers, birth dates, starting dates, retirement dates and Social Security numbers.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

Showing 351-400 of 4489 results


X

Sign In!

Loading