Chronology of Data Breaches
Security Breaches 2005 - Present

Posted Date: April 20, 2005
Updated Date: December 31, 2013

Is this your first visit to our Chronology of Data Breaches?

  • Read our FAQ about what we define as a breached record, how we calculate the "total" records breached, our data sources, state breach notice laws, studies and other resources

  • Learn how to use our Chronology and take advantage of its sophisticated search and sort features

  • Get our RSS Feed to see when we add new breaches to the list

What would you like to do?

Chronology of Data Breaches

Custom Sort
Select your desired results. Then click "Go!"

Click or unclick the boxes then select go.


Select features, then click GO.



Help Guide

Can't find the sort feature you're looking for? Click here to download a CSV file of the data breach list as it exisits today.
Breach Total
815,842,526 RECORDS BREACHED
(Please see explanation about this total.)
from 4,488 DATA BREACHES made public since 2005

Save or Print PDF of Entire Breach List including introduction.Save or Print a PDF of Entire Breach List (including introductory FAQ)

Filter breach list before saving or printing PDF. Conduct a search of the Chronology using its sorting features, and Save or Print a PDF of your search results (Select filters)

If you do not have access to PDF, you can print the Chronology in landscape view.

Date Made Publicsort icon Name Entity Type
July 7, 2006 University of Tennessee
Knoxville, Tennessee
EDU HACK

36,000

(866) 748-1680, http://security.tennessee.edu.  Additional locations: Chattanooga, Martin, Tullahoma and Memphis, TN

Hacker broke into a UT computer containing names, addresses and SSNs of about 36,000 past and current employees. The intruder used the computer from Aug. '05 to May '06 to store and transmit movies.

 
Information Source:
Dataloss DB
records from this breach used in our total: 36,000

July 7, 2006 National Association of Securities Dealers (NASD)
Boca Raton, Florida
BSF PORT

73

Ten laptops were stolen on Feb. 25 '06 from NASD investigators. They included SSNs of securities dealers who were the subject of investigations involving possible misconduct. Inactive account numbers of about 1,000 consumers were also contained on laptops.

 
Information Source:
Dataloss DB
records from this breach used in our total: 73

July 7, 2006 Naval Safety Center, United States Navy
Norfolk, Virginia
GOV DISC

100,000

The SSNs and other personal information of more than 100,000 naval and Marine Corps aviators and air crew, both active and reserve, were exposed on the Center website and on 1,100 computer discs mailed to naval commands.

 
Information Source:
Dataloss DB
records from this breach used in our total: 100,000

July 7, 2006 Montana Public Health and Human Services Department
Helena, Montana
MED STAT

Unknown

A state government computer was stolen from the office of a drug dependency program during a 4th of July break-in. It was not known if sensitive information such as SSNs was compromised.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

July 7, 2006 City of Hattiesburg
Hattiesburg, Mississippi
GOV STAT

thousands of city workers and contractors (at least 2,000)

Video surveillance cameras caught 2 intruders stealing hard drives from 18 computers June 23. Data files contained names, addresses, and SSNs of current and former city employees and registered voters as well as bank account information for employees paid through direct deposit and water system customers who paid bills electronically.

 
Information Source:
Dataloss DB
records from this breach used in our total: 2,000

July 6, 2006 Automatic Data Processing (ADP)
Roseland, New Jersey
BSO UNKN

0

Payroll service company ADP gave scam-artist names, addresses, and number of shares held of investors, although apparently not SSNs or account numbers. The leak occurred from Nov. '05 to Feb. '06 and involved individual investors with 60 companies including Fidelity, UBS, Morgan Stanley, Bear Stearns, Citigroup, Merrill Lynch. Hundreds of thousands of investors may have been affected.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

July 5, 2006 Bisys Group Inc.
Roseland, New Jersey
BSF PORT

61,000

Personal details about 61,000 hedge fund investors were lost when an employee's truck carrying backup tapes was stolen. The data included SSNs of 35,000 individuals. The tapes were being moved from one Bisys facility to another on June 8 when the theft occurred.

 
Information Source:
Dataloss DB
records from this breach used in our total: 61,000

July 5, 2006 RBS National Bank, Asset Acceptance LLC
Bridgeport, Connecticut
BSF PORT

1,221

A laptop was stolen from an Asset Acceptance LLC employee's car on June 19.  The laptop contained information from RBS National Bank.  Customer names, addresses, Social Security numbers, phone numbers and loan information may have been accessed.

 
Information Source:
Dataloss DB
records from this breach used in our total: 1,221

July 5, 2006 Columbia University
New York, New York
EDU DISC

98

An emergency contact list from the Columbia University School of International and Public Affairs was posted on an unsecure website on August 2005.  Names, business and home phone numbers, addresses, emergency contact person and Social Security numbers were available.

 
Information Source:
Dataloss DB
records from this breach used in our total: 98

July 1, 2006 American Red Cross, Farmers Branch
Dallas, Texas
NGO PORT

Unknown

Sometime in May, three laptops were stolen, one of them containing encrypted personal information including names, SSNs, dates of birth, and medical information of all regional donors. They also report losing a laptop with encrypted donor information in June 2005.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

June 30, 2006 U.S. Department of Veteran Affairs
Washington, District Of Columbia
GOV PORT

16,500

A data tape disappeared from a VA facility in Indianapolis, IN that contained information on legal cases involving U.S. veterans and included veterans' Social Security numbers, dates of birth and legal documents.

UPDATE (10/11/06): The VA's Office of the General Counsel is offering identity theft protection services to those affected by the missing tape.

 
Information Source:
Dataloss DB
records from this breach used in our total: 16,500

June 30, 2006 National Institutes of Health Federal Credit Union
Rockville, Maryland
BSF UNKN

Very few of 41,000 members affected [not included in total]

NIHFCU and law enforcement are investigating the identity theft of some of its 41,000 members. No details were given on the type of information stolen, or how it was stolen.

 
Information Source:
Media
records from this breach used in our total: 41,000

June 30, 2006 Washington Regional Medical Center
Fayetteville, Arkansas
GOV PORT

5,000

A computer from the Human Resources Division of Washington Regional Medical Center was stolen on April 14. The computer was stolen from the employee's office during a 45 minute absence. Current and former employees may have had their personal information exposed.

 
Information Source:
Dataloss DB
records from this breach used in our total: 5,000

June 29, 2006 AllState Insurance Huntsville branch
Huntsville, Alabama
BSF STAT

27,000

Over Memorial Day weekend, a computer containing personal data including images of insurance policies, correspondence and Social Security numbers was stolen.

 
Information Source:
Dataloss DB
records from this breach used in our total: 27,000

June 29, 2006 Nebraska Treasurer's Office
Lincoln, Nebraska
GOV HACK

309,000

A hacker broke into a child-support computer system and may have obtained names, Social Security numbers and other information such as tax identification numbers for 9,000 businesses.

 
Information Source:
Dataloss DB
records from this breach used in our total: 309,000

June 29, 2006 Minnesota Department of Revenue
St. Paul, Minnesota
GOV PORT

50,400

http://www.taxes.state.mn.us/taxes/publications/press_releases/content/taxpayer_information.shtml

On May 16, a package containing a data tape used to back up the regional office's computers went missing during delivery. The tape contained personal information including individuals' names, addresses, and Social Security numbers.

UPDATE (7/20/06): The package was reported delivered 2 months later, but apparently had been temporarily lost by the U.S. Postal Service.

 
Information Source:
Dataloss DB
records from this breach used in our total: 50,400

June 27, 2006 Government Accountability Office (GAO)
Washington, District Of Columbia
GOV DISC

Fewer than 1,000 [1,000 used in total]

Data from audit reports on Defense Department travel vouchers from the 1970s were inadvertently posted online and included some service members' names, Social Security numbers and addresses. The agency has subsequently removed the information.

 
Information Source:
Dataloss DB
records from this breach used in our total: 1,000

June 27, 2006 Empire Beauty School Inc.
Brooklyn, New York
EDU PHYS

1,132

The June 20 theft of a briefcase from an administrative employee's vehicle caused reports with the names and Social Security numbers of former students to be lost. A laptop was also stolen during the burglary, but it is unlikely that it had personal information.

 
Information Source:
Dataloss DB
records from this breach used in our total: 1,132

June 27, 2006 University of Rochester
Rochester, New York
EDU DISC

286

Former students' names and Social Security numbers were accidentally placed on a publicly accessible web page. Names, Social Security numbers and some standardized test scores were posted. The information was removed after the discovery and it appears that the information on the web page was accessed only once, on June 12 2006.

 
Information Source:
Dataloss DB
records from this breach used in our total: 286

June 27, 2006 Maimonides Medical Center, Vision Financial Corp.
Harrison, New York
MED PORT

560

On June 9, an employee of Maimonides' contractor Vision Financial was robbed of personal belongings and a laptop that contained client information. Names, Social Security numbers, addresses, birth dates and amount owed to the Maimonides may have been exposed.

 
Information Source:
Dataloss DB
records from this breach used in our total: 560

June 26, 2006 AAAAA Rent-A-Space
Colma, California
BSO DISC

13,000

Customer's account information including name, address, credit card, and Social Security number was easily accessible due to a security gap in AAAAA's online payment system.

 
Information Source:
Dataloss DB
records from this breach used in our total: 13,000

June 26, 2006 King County Elections
Seattle, Washington
GOV DISC

Unknown

Public election records with Social Security numbers were made available online. Like in other counties, individuals can request that their specific information be removed by submitting a written request.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

June 24, 2006 Catawba County Schools
Newton, North Carolina
EDU UNKN

619

On June 22, it was discovered that a web site posted names, Social Security numbers, and test scores of students who had taken a keyboarding and computer applications placement test during the 2001-02 school year.

UPDATE:The web site containing the data has been removed.

 
Information Source:
Dataloss DB
records from this breach used in our total: 619

June 24, 2006 Social Security Administration
Atlanta, Georgia
GOV PORT

228

People in Roanoke, Salem, Blacksburg, Christianburg, Radford, Rocky Mount, Buchanan, Wytheville, Pulaski, Pearisburg and Fincastle were affected.

A lawyer working for the Social Security Administration broke a work-at-home agreement and brought a laptop with sensitive information to a conference in Atlanta.  The laptop was stolen there.  Social Security numbers, names and possibly medical information would have been on the laptop.  

 
Information Source:
Dataloss DB
records from this breach used in our total: 228

June 23, 2006 San Francisco State University
San Francisco, California
EDU PORT

3,000

www.sfsu.edu/%7Eadmisrec/reg/idtheft.html

A faculty member's laptop was stolen from a car on June 1 that contained personal information of former and current students including Social Security numbers, and names and ins some instance, phone numbers and grade point averages.

 
Information Source:
Dataloss DB
records from this breach used in our total: 3,000

June 23, 2006 U.S. Navy
Washington, District Of Columbia
GOV UNKN

28,000

Navy personnel were notified on June 22 that a civilian website contained files with personal information of Navy members and dependents including names, birth dates and Social Security numbers.

 
Information Source:
Dataloss DB
records from this breach used in our total: 28,000

June 23, 2006 CBCInnovis Inc., Andover Bank
Conneaut, Ohio
BSF UNKN

1,122

Names, Social Security numbers, addresses, names of creditors, account numbers, payment histories and public records of financial judgments may have been accessed without proper authorization at Andover Bank.

 
Information Source:
Dataloss DB
records from this breach used in our total: 1,122

June 22, 2006 Ohio University
Athens, Ohio
EDU HACK

2,480

http://www.ohio.edu/datasecurity

A breach was discovered on a computer that housed IRS 1099 forms for vendors and independent contractors for calendar years 2004 and 2005.

 
Information Source:
Media
records from this breach used in our total: 2,480

June 22, 2006 Ohio University
Athens, Ohio
EDU HACK

Unknown

http://www.ohio.edu/datasecurity/

A computer was compromised that hosted a variety of Web-based forms, including some that processed online business transactions. Although this computer was not set up to store personal information, investigators did discover files that contained fragments of personal information, including Social Security numbers. The data is fragmentary and it is not certain if the compromised information can be traced to individuals. Also found on the computer were 12 credit card numbers that were used for event registration.

 
Information Source:
Media
records from this breach used in our total: 0

June 22, 2006 University of Kentucky
Lexington, Kentucky
EDU PORT

6,500

The personal data of current and former students including classroom rosters names, grades and Social Security numbers was reported stolen on May 26 following the theft of a professor's flash drive.

 
Information Source:
Dataloss DB
records from this breach used in our total: 6,500

June 22, 2006 U.S. Department of Agriculture (USDA)
Washington, District Of Columbia
GOV HACK

26,000

http://www.firstgov.gov/usdainfo.shtml

During the first week in June, a hacker broke into the Department's computer system and may have obtained names, Social Security numbers and photos of current and former employees and contractors.

 
Information Source:
Dataloss DB
records from this breach used in our total: 26,000

June 22, 2006 Federal Trade Commission (FTC)
Washington, District Of Columbia
GOV PORT

110

Two laptop computers containing personal and financial data were stolen from an employee's vehicle. The data included names, addresses, Social Security numbers, dates of birth, and in some instances, financial account numbers gathered in law enforcement investigations.

 
Information Source:
Dataloss DB
records from this breach used in our total: 110

June 21, 2006 Cumberland County Emergency Medical Service
Fayetteville, North Carolina
MED PORT

24,350

Portable computer containing personal information of more than 24,000 people was stolen from ambulance of Cumberland Co. Emergency Medical Services on June 8th. It contained information on people treated by the EMS, including names, addresses, and birthdates, plus SSNs of 84% of those listed.

 
Information Source:
Dataloss DB
records from this breach used in our total: 24,350

June 21, 2006 Lancaster General Hospital
Lancaster, Pennsylvania
EDU STAT

Hundreds (at least 200)

Date of letter sent to doctors: June 21, 2006 Date of news story: July 28, 2006

A desktop computer with personal information of hundreds of doctors was stolen from a locked office June 10. The unencrypted data included names, practice addresses, and SSNS of physicians on medical and dental staff.

 
Information Source:
Security Breach Letter
records from this breach used in our total: 200

June 20, 2006 Equifax
Atlanta, Georgia
BSF PORT

2,500

On May 29, a company laptop containing employee names and partial and full Social Security numbers was stolen from an employee.

 
Information Source:
Dataloss DB
records from this breach used in our total: 2,500

June 20, 2006 University of Alabama
Birmingham, Alabama
EDU STAT

9,800

In February a computer was stolen from a locked office of the kidney transplant program at the University of Alabama at Birmingham that contained confidential information of donors, organ recipients and potential recipients including names, Social Security numbers and medical information.

 
Information Source:
Dataloss DB
records from this breach used in our total: 9,800

June 20, 2006 New Jersey Department of Labor and Workforce Development
Jersey City, New Jersey
GOV DISC

498

Customers are being notified that their personal information may have been unintentionally mailed to other customers. A malfunction in the mail processing equipment meant that personal information of unemployment insurance claimants was included with the information of other people. Names, addresses and Social Security numbers were exposed.

 
Information Source:
Dataloss DB
records from this breach used in our total: 498

June 18, 2006 ING U.S. Financial Services, Jackson Health System
Miami, Florida
BSF PORT

13,000

Two ING laptops that carried sensitive data affecting Jackson Health System hospital workers were stolen in December 2005. The computers, belonging to financial services provider ING, contained information gathered during a voluntary life insurance enrollment drive in December and included names, birth dates and Social Security numbers.

 
Information Source:
Dataloss DB
records from this breach used in our total: 13,000

June 18, 2006 ING U.S. Financial Services
Washington, District Of Columbia
BSF PORT

13,000

A laptop was stolen from an employee's home.  It contained retirement plan information including Social Security numbers of D.C. city employees.

 
Information Source:
Dataloss DB
records from this breach used in our total: 13,000

June 18, 2006 Ulster County Community College
Stone Ridge, New York
EDU PORT

18

A laptop that contained student information was stolen from a professor's office on or around June 28. The information included names and Social Security numbers.

 
Information Source:
Dataloss DB
records from this breach used in our total: 18

June 17, 2006 Western Illinios University
Macomb, Illinois
EDU HACK

180,000

http://www.wiu.edu/securityalert/

On June 5th, a hacker compromised a University server that contained names, addresses, credit card numbers and Social Security numbers of people connected to the University.

UPDATE (7/5/06): Number affected reduced from 240,000.

 
Information Source:
Dataloss DB
records from this breach used in our total: 180,000

June 17, 2006 Automatic Data Processing (ADP)
Roseland, New Jersey
BSO DISC

80

Personal and payroll information of workers were intended to be faxed between ADP offices and were mistakenly sent to a third party.

 
Information Source:
Dataloss DB
records from this breach used in our total: 80

June 17, 2006 California Department of Health Services (CDHS)
Sacramento, California
GOV PHYS

1,550

http://www.applications.dhs.ca.gov/pressreleases/store/PressReleases/06-41.html

On June 12, a box of Medi-Cal forms from December 2005 were found in the cubicle of a California Dept. of Health Services employee. The claim forms contained the names, addresses, Social Security numbers and prescriptions for beneficiaries or their family members.

 
Information Source:
Dataloss DB
records from this breach used in our total: 1,550

June 16, 2006 Union Pacific
Omaha, Nebraska
BSO PORT

30,000

On April 29th, an employee's laptop was stolen that contained data for current and former Union Pacific employees, including names, birth dates and Social Security numbers.

 
Information Source:
Dataloss DB
records from this breach used in our total: 30,000

June 16, 2006 New York State Controller's Office
Albany, New York
GOV PORT

1,300

A state controller data cartridge containing payroll data of employees who work for a variety of state agencies was lost during shipment. The data contained names, salaries, Social Security numbers and home addresses.

 
Information Source:
Dataloss DB
records from this breach used in our total: 1,300

June 16, 2006 California Department of Health Services (CDHS)
Sacramento, California
GOV PHYS

1,550

http://www.applications.dhs.ca.gov/pressreleases/store/PressReleases/06-41.html

CDHS documents were inappropriately emptied from an employee's cubicle on June 5 and 9 rather than shredded. The documents contained state employees and other individuals applying for employment with the state including names, addresses, Social Security numbers and home and work telephone numbers. They were mostly expired state employment certification lists, but also included requests for personnel action, copies of e-mail messages and handwritten notes.

 
Information Source:
Dataloss DB
records from this breach used in our total: 1,550

June 14, 2006 American International Group (AIG), Indiana Office of Medical Excess, LLC
New York, New York
BSF STAT

930,000

The computer server was stolen on March 31 containing personal information including names, Social Security numbers, birth dates, and some medical and disability information.

UPDATE (1/12/2010) A 28-year-old Indianapolis man was sentenced today to two years in state prison for trying to extort $208,00 from an insurance company after stealing a computer server. In March 2006, the man burglarized the Indianapolis office of AIG Medical Excess, threatening to release clients' personal data on the Internet. The server contained the names of more than 900,000 insured persons, as well as their personal identifying information, and confidential medical information and e-mail communications. At the time of the burglary, the man was an employee of a private security firm that provided security services to the insurance company. On July 23, 2008, Stewart delivered a package to the insurance company. The package included a letter stating that he possessed the stolen server and its confidential data. He asked for $1,000 a week for four years, but the FBI and others intervened. The Indiana State Police, the Indiana Department of Natural Resources, Indianapolis Metropolitan Police Department, and Attorney General also were part of the investigation.

 
Information Source:
Dataloss DB
records from this breach used in our total: 930,000

June 14, 2006 Law Finance Group Holdings, LLC
Reno, Nevada
BSF STAT

1,237

On April 7, the organization discovered that a computer server had been stolen from its office.  The equipment stored information on customers, employees, and prospects.  The information included names, Social Security numbers and addresses.

 
Information Source:
Dataloss DB
records from this breach used in our total: 1,237

June 13, 2006 Minnesota State Auditor
St. Paul, Minnesota
GOV PORT

493

Three laptops possibly containing Social Security numbers of employees and recipients of housing and welfare benefits along with other personal information of local governments the auditor oversees have gone missing.

 
Information Source:
Dataloss DB
records from this breach used in our total: 493

June 13, 2006 Oregon Department of Revenue
Salem, Oregon
GOV HACK

2,200

Electronic files containing personal data of Oregon taxpayers may have been compromised by an ex-employee who downloaded a contaminated file from a porn site. The trojan attached to the file may have sent taxpayer information back to the source when the computer was turned on.

 
Information Source:
Dataloss DB
records from this breach used in our total: 2,200

Breach Total
815,842,526 RECORDS BREACHED
(Please see explanation about this total.)
from 4,488 DATA BREACHES made public since 2005
Showing 4151-4200 of 4488 results


X

Sign In!

Loading