Chronology of Data Breaches
Security Breaches 2005 - Present

Posted Date: April 20, 2005
Updated Date: Current

Is this your first visit to our Chronology of Data Breaches?

  • Read our FAQ about what we define as a breached record, how we calculate the "total" records breached, our data sources, state breach notice laws, studies and other resources
  • Learn how to use our Chronology and take advantage of its sophisticated search and sort features
  • Get our RSS Feed to see when we add new breaches to the list
  • Scroll down to view the Chronology and/or to use our sort feature
  • Download a CSV file showing ALL breaches (A CSV file is a type of Excel spreadsheet that enables you to sort and analyze the breach listings in numerous ways)

If you have questions or need help with our Chronology of Data Breaches, please email admin@privacyrights.org

Chronology of Data Breaches

Custom Sort
Select your desired results. Then click "Go!"

Click or unclick the boxes then select go.


Select features then click GO. To modify your search, check or uncheck the boxes and click GO.


Reset the checkboxes to the default "all selected."

Help Guide

display_id:page_1

display_id:page_1

Breach Total
898,584,384 RECORDS BREACHED
(Please see explanation about this total.)
from 4,827 DATA BREACHES made public since 2005
Date Made Public Name Entity Type
Academy of Art University
,
 
Information Source:
records from this breach used in our total: 0
1-800-Flowers
,
 
Information Source:
records from this breach used in our total: 0
1-800-Flowers
,
 
Information Source:
records from this breach used in our total: 0
University of Central Florida
,
 
Information Source:
records from this breach used in our total: 0
Tax Act
,
 
Information Source:
records from this breach used in our total: 0
Earbits.com
,
 
Information Source:
records from this breach used in our total: 0
Juniper Network
,
 
Information Source:
records from this breach used in our total: 0
Livestream
,
 
Information Source:
records from this breach used in our total: 0
Juniper Network
,
 
Information Source:
records from this breach used in our total: 0
Livestream
,
 
Information Source:
records from this breach used in our total: 0
Livestream
,
 
Information Source:
records from this breach used in our total: 0
Livestream
,
 
Information Source:
records from this breach used in our total: 0
Livestream
,
 
Information Source:
records from this breach used in our total: 0
Alliance Health
,
 
Information Source:
records from this breach used in our total: 0
Thomas Nelsom Community College
,
 
Information Source:
records from this breach used in our total: 0
Matson Navigation Company (Horizon Lines)
,
 
Information Source:
records from this breach used in our total: 0
Dungarees
,
 
Information Source:
records from this breach used in our total: 0
CBC Restaurant Corporation (Corner Bakery Cafe)
,
 
Information Source:
records from this breach used in our total: 0
CBC Restaurant Corporation (Corner Bakery Cafe)
,
 
Information Source:
records from this breach used in our total: 0
Sorrento Pacific Financial LLC
,
 
Information Source:
records from this breach used in our total: 0
Word Press
,
 
Information Source:
records from this breach used in our total: 0
Blue Cross Blue Shield of Nebraska
,
 
Information Source:
records from this breach used in our total: 0
W.W Grainger Inc.
,
 
Information Source:
records from this breach used in our total: 0
W.W Grainger Inc.
,
 
Information Source:
records from this breach used in our total: 0
Comcast
,
 
Information Source:
records from this breach used in our total: 0
Comcast
,
 
Information Source:
records from this breach used in our total: 0
Cox Communications
,
 
Information Source:
records from this breach used in our total: 0
LoopPay
,
 
Information Source:
records from this breach used in our total: 0
Humana
,
 
Information Source:
records from this breach used in our total: 0
PNI Digital Media
,
 
Information Source:
records from this breach used in our total: 0
United Airlines
,
 
Information Source:
records from this breach used in our total: 0
ADP, LLC.
,
 
Information Source:
records from this breach used in our total: 0
Harvard University
,
 
Information Source:
records from this breach used in our total: 0
Harvard University
,
 
Information Source:
records from this breach used in our total: 0
Summit Financial Group
,
 
Information Source:
records from this breach used in our total: 0
Summit Financial Group
,
 
Information Source:
records from this breach used in our total: 0
Summit Financial Group
,
 
Information Source:
records from this breach used in our total: 0
Hilton/Hilton Honors Program
,
 
Information Source:
records from this breach used in our total: 0
Hilton/Hilton Honors Program
,
 
Information Source:
records from this breach used in our total: 0
January 10, 2005 George Mason University
Fairfax, Virginia
EDU HACK

32,000

Names, photos, and Social Security numbers of 32,000 students and staff were compromised because of a hacker attack on the University's main ID server.

 
Information Source:
Dataloss DB
records from this breach used in our total: 32,000
January 18, 2005 University of California, San Diego
San Diego, California
EDU HACK

3,500

A hacker breached the security of two University computers that stored the Social Security numbers and names of students and alumni of UCSD Extension.

 
Information Source:
Dataloss DB
records from this breach used in our total: 3,500
January 22, 2005 University of Northern Colorado
Greeley, Colorado
EDU PORT

15,790 (15,790 employees and an unknown number of employee beneficiaries)

A hard drive was lost or stolen. It contained information on current and former University employees and their beneficiaries and dates back to April of 1997.  Names, dates of birth, SSNs, addresses, bank account numbers and routing numbers may have been accessed.

 
Information Source:
Dataloss DB
records from this breach used in our total: 15,790
February 12, 2005 Science Applications International Corp. (SAIC)
San Diego, California
BSO STAT

45,000 employees

On January 25 thieves broke into a SAIC facility and stole computers containing personal information of past and current employees. Stolen information included names, Social Security numbers, addresses, phone numbers and records of financial transactions.

 
Information Source:
Dataloss DB
records from this breach used in our total: 45,000
February 15, 2005 ChoicePoint
Alpharetta, Georgia
BSO INSD

163,000

Fraudsters who presented themselves as legitimate ChoicePoint customers purchased data profiles from ChoicePoint on individuals and used that data to commit identity theft. The initial number of affected records was estimated at 145,000 but was later revised to 163,000.

UPDATE(1/26/06): ChoicePoint settled with the Federal Trade Commission for $10 million in civil penalties and $5 million for consumer redress.

UPDATE (12/06/06): The FTC announced that victims of identity theft as a result of the data breach who had out-of-pocket expenses can now be reimbursed. The claims deadline is Feb. 4, 2007.

UPDATE (06/24/07): Starting Dec. 2006, the FTC began mailing claims forms to victims of the breach. Its Web site provides information about the claims process. Deadline is Aug. 18, 2007. Victims can be reimbursed for out-of-pocket expenses resulting from identity theft connected to the breach. Call (888) 884-8772, or email cpredress@ftc.gov.

UPDATE (11/04/07): Since its 2005 data security incident, ChoicePoint has implemented enhancements to its privacy and information security framework including the establishment of an Office of Privacy, Ethics and Compliance to reinforce the responsible use and protection of information at ChoicePoint through policies and procedures, audit and compliance, and outreach and education. Visit www.privacyatchoicepoint.com.

UPDATE (1/27/08): Has agreed to pay $10 million to settle a class action lawsuit

 
Information Source:
Security Breach Letter
records from this breach used in our total: 163,000
February 18, 2005 University of Chicago Hospital
Chicago, Illinois
MED INSD

85

The FBI launched an investigation into possible fraud by at least one hospital employee. As many as 85 patients may have been affected.  The hospital contacted all affected patients.

 
Information Source:
Dataloss DB
records from this breach used in our total: 85
February 25, 2005 Bank of America Corp.
Charlotte, North Carolina
BSF PORT

1,200,000

Computer tapes with credit card information, Social Security numbers, addresses and account numbers were lost.  Bank of America began monitoring the customer accounts on the lost tapes and said it would contact cardholders if unusual activity was detected.  Around 900,000 of the account holders affected were Defense Department employees.

 
Information Source:
Dataloss DB
records from this breach used in our total: 1,200,000
February 25, 2005 PayMaxx
Miramar, Florida
BSF DISC

100,000

A software glitch at PayMaxx Inc., a Franklin, Tenn., payroll processing company, accidentally revealed personal financial information on as many as 100,000 individuals, including Social Security numbers. The problem arose in a PayMaxx feature that enabled employees to use the Internet to get their W-2 forms, the standard tax information form issued by companies to their employees.

 
Information Source:
Dataloss DB
records from this breach used in our total: 100,000
March 8, 2005 DSW Shoe Warehouse, Retail Ventures
Columbus, Ohio
BSR HACK

1,400,000

Credit card information from customers in 25 states was compromised.

UPDATE (04/19/2005): An additional 1,300,000 customers were added to the initial estimate of 100,000.

UPDATE (08/23/2012): DSW was locked in a dispute with National Union over insurance coverage.  A federal appellate court ruled that DSW was entitled to insurance coverage of more than $6.8 million in stipulated losses and prejudgment interest.

 
Information Source:
Dataloss DB
records from this breach used in our total: 1,400,000
March 10, 2005 LexisNexis
Dayton, Ohio
BSO INSD

310000

Unauthorized individuals used IDs and passwords of legitimate customers to obtain consumers' Social Security numbers, driver's license numbers, and names and addresses. Most of the breaches were at the company's subsidiary Seisint Inc., based in Florida.

UPDATE (4/12/05) An internal investigation at LexisNexis has uncovered evidence that an additional 280,000 records may have been involved in this breach, increasing the total from 30,000 to 310,000.

UPDATE (06/30/06): Five men were arrested in connection with this breach.

 
Information Source:
Dataloss DB
records from this breach used in our total: 310,000
March 11, 2005 University of California, Berkeley
Berkeley, California
EDU PORT

98,400

A laptop containing the Social Security numbers of doctoral degree recipients from 1976 to 1999, graduate students enrolled between 1989 and 2003, and graduate school applicants between fall 2001 and spring of 2004 was stolen.  Birth dates and addresses for about one-third of the affected people were also on the laptop.

 
Information Source:
Dataloss DB
records from this breach used in our total: 98,369

Pages

Showing 1-50 of 4827 results