Chronology of Data Breaches
Security Breaches 2005 - Present

Posted Date: April 20, 2005
Updated Date: December 31, 2013

Is this your first visit to our Chronology of Data Breaches?

  • Read our FAQ about what we define as a breached record, how we calculate the "total" records breached, our data sources, state breach notice laws, studies and other resources

  • Learn how to use our Chronology and take advantage of its sophisticated search and sort features

  • Get our RSS Feed to see when we add new breaches to the list

What would you like to do?

Chronology of Data Breaches

Custom Sort
Select your desired results. Then click "Go!"

Click or unclick the boxes then select go.


Select features, then click GO.



Help Guide

Can't find the sort feature you're looking for? Click here to download a CSV file of the data breach list as it exisits today.
Breach Total
815,842,526 RECORDS BREACHED
(Please see explanation about this total.)
from 4,489 DATA BREACHES made public since 2005

Save or Print PDF of Entire Breach List including introduction.Save or Print a PDF of Entire Breach List (including introductory FAQ)

Filter breach list before saving or printing PDF. Conduct a search of the Chronology using its sorting features, and Save or Print a PDF of your search results (Select filters)

If you do not have access to PDF, you can print the Chronology in landscape view.

Date Made Publicsort icon Name Entity Type
November 30, 2007 Prudential Financial
Fort Washington, Pennsylvania
BSF INSD

44,023

An employee who had authorized access to personal information was arrested and charged with stealing personal information and identity theft. The employee took client names, Social Security numbers, dates of birth, addresses and bank account information.

 
Information Source:
Dataloss DB
records from this breach used in our total: 44,023

November 29, 2007 American Red Cross
Dallas, Texas
NGO PHYS

Unknown

Six boxes were left unattended in a public hallway for more than six hours. The files contained personal information of current and former employees and were placed there by human resources. Names, addresses and social security numbers could have easily been stolen. The files also contained embarrassing information, including disciplinary actions, results from a drug test, a sexual harassment case even someone's criminal record from another state.

 
Information Source:
Media
records from this breach used in our total: 0

November 29, 2007 Ortho-Clinical Diagnostics Inc. (OCD)
Raritan, New Jersey
BSO DISC

4,285

An electronic folder that resided on a share drive at OCD was accessed by authorized users of the Johnson & Johnson computer system in North America for approximately six months.  The file should have only been accessed by authorized human resources personnel and included current and former employee Social Security numbers, addresses, phone numbers, pre-employment screening information, compensation information and other employment data.  The information in the folder dates back to January of 2002. 

 
Information Source:
Dataloss DB
records from this breach used in our total: 4,285

November 21, 2007 University of Florida
Gainesville, Florida
EDU DISC

415

Those who suspect their Social Security numbers were posted can search their names on the Web site www.ssnbreach.org.

More than 400 former UF students might have been put at risk for identity theft after their Social Security numbers were posted on UF's Computing & Networking Services Web site. A news release from the Liberty Coalition, a group that works to preserve the privacy of individuals, said 14 files on the Web site contained sensitive information of 534 former UF students, including 415 Social Security numbers.

 
Information Source:
Dataloss DB
records from this breach used in our total: 415

November 21, 2007 United Healthcare (UnitedHealthcare)
New York, New York
MED DISC

Unknown

UnitedHealthcare is headquartered in Minneapolis, Minnesota.

United Healthcare posted the Social Security numbers of doctors at Columbia University's faculty practice on a public Web site. United posted the taxpayer identification numbers, some of which were Social Security numbers, alongside the names of 993 providers at Columbia who participate in the insurer's network. The list was supposed to be accessible to Columbia employees during the current open enrollment period.

 
Information Source:
Media
records from this breach used in our total: 0

November 20, 2007 Beth Israel Deaconess Medical Center, Affiliated Physicians Group (APG)
Foxborough, Massachusetts
EDU PHYS

53

On October 20, a briefcase was stolen from the vehicle of a physician. The briefcase contained patient encounter forms with names, addresses, Social Security numbers, telephone numbers and insurance information.

 
Information Source:
Dataloss DB
records from this breach used in our total: 53

November 19, 2007 General Cable Corporation
Marshall, Texas
BSO DISC

Unknown

An employee used the wrong email distribution list and sent an email to several unauthorized employees on November 1. The email included names and Social Security numbers of current and former employees, as well as third-party vendors. At least 19 Massachusetts residents and four residents of other states were affected, but the total number of affected individuals nationwide was not revealed.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

November 16, 2007 A.J. Falciani Realty Company
Vineland, New Jersey
BSO STAT

Unknown

Computers containing the personal information of between 500 to 1,000 clients of A.J. Falciani Realty Company were taken in a burglary. Many of the stolen computers stored the names, addresses, Social Security numbers, dates of birth, telephone numbers and other information on the company's clients.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

November 16, 2007 University of Wisconsin, Whitewater
Whitewater, Wisconsin
EDU DISC

Unknown

Officials were notified by one individual about his ability to access an online search feature for the school's website. The search feature could be used to see student names and Social Security numbers along with some other limited student information. Access to the feature was promptly disabled upon notification of the problem.

 
Information Source:
Media
records from this breach used in our total: 0

November 16, 2007 U.S. Department of Veteran Affairs
Washington, District Of Columbia
GOV INSD

185,000

Investigation from a man's home uncovered a computer that held about 1.8 million Social Security numbers from the U.S. Department of Veteran Affairs, where he had been employed as an auditor. Veterans Affairs' officials have said only 185,000 numbers are at risk because many were repeated in the file.

 
Information Source:
Dataloss DB
records from this breach used in our total: 185,000

November 16, 2007 Wake Technical Community College
Raleigh, North Carolina
EDU PORT 1,886
A flash drive that contained student names and Social Security numbers was lost and recovered. The flash drive was discovered missing on October 18 and was recovered within a month. The College stopped using Social Security numbers as student IDs shortly after this breach.  
Information Source:
Dataloss DB
records from this breach used in our total: 1,886

November 15, 2007 Roudebush Veteran's Administration Medical Center
Indianapolis, Indiana
MED STAT

12,000

Two personal computers and a laptop computer were allegedly stolen from an unsecured room. One of the stolen computers contained the names, Social Security numbers and dates of service of approximately 12,000 veterans.

UPDATE (3/19/08) : A 50 year old Indianapolis man was arrested Monday on one count of Class D felony theft after investigators identified him from surveillance video. A probable cause affidavit, a sworn police statement filed in support of the charge, identifies him as a former patient at the facility.The man has been charged in the disappearance of hospital computer equipment that contained the records of nearly 12,000 patients.

 
Information Source:
Dataloss DB
records from this breach used in our total: 12,000

November 14, 2007 Harvard University
Cambridge, Massachusetts
EDU PHYS

56

Folders containing information about students from the University's Division of Continuing Education were lost. The folders were from the previous year and included names, Social Security numbers, Harvard ID numbers, dates of birth, addresses, email addresses and phone numbers. Some of the folders contained additional information about the students and their dependents, spouses or parents. The information did not include credit card numbers. The University speculates that the folders were placed in a file cabinet that was later recycled.

 
Information Source:
Dataloss DB
records from this breach used in our total: 56

November 13, 2007 Commerce Bancorp
Philadelphia, Pennsylvania
BSF INSD

Unknown

A Commerce Bancorp Inc. employee gave out personal information on an unspecified number of the Cherry Hill bank's customers. The Bank discovered the breach through an internal investigation and sent letters to affected customers. The bank does not know if the information included account numbers and Social Security numbers.  It is unclear if this incident is related to or the same as the January 5 insider breach that involved a Commerce Bank employee.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

November 13, 2007 Youth Women's Christian Association (YWCA)
New York, New York
NGO STAT

13,000

Staff discovered that a computer had been stolen from the office sometime around October 1.  It contained the names and Social Security numbers of active participants in the YWCA Retirement Fund.  Individuals who participated between January 1, 2002 and September 28 were affected.

 
Information Source:
Dataloss DB
records from this breach used in our total: 13,000

November 12, 2007 The Horace Mann Companies
Springfield, Illinois
BSF PORT

209

A Horace agent's laptop was stolen on October 31.  It contained names, addresses, phone numbers and Social Security numbers.  A security breach letter from Horace claims that no business files were lost or compromised.

 
Information Source:
Dataloss DB
records from this breach used in our total: 209

November 11, 2007 Oracle Corporation, Lodestar
Suwanee, Georgia
BSR STAT

132

A computer that contained employee and contractor information was misplaced during a move.  Employees and contractors of Lodestar may have had their names, Social Security numbers, addresses, earning information and expense information exposed.

 
Information Source:
Dataloss DB
records from this breach used in our total: 132

November 11, 2007 State of Nevada
Carson City, Nevada
GOV PORT

Unknown

The Nevada State Personnel Director said that hundreds of CDs containing payroll information about state employees had been lost.  Thirteen thousand CDs had been sent to 80 agencies over the last three years and 470 were missing as of November.  The Personnel Director plans to implement a new system to decrease data loss.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

November 7, 2007 University of Connecticut Foundation, Convio
Storrs, Connecticut
NGO HACK

Unknown

(800) 269-9965, security@foundation.uconn.edu

UConn was notified of a security breach by an outside party on the network of Convio, Inc., a vendor used by The University of Connecticut Foundation, Inc. for processing online gift transactions and communicating by e-mail. This breach affected 92 of Convio's clients nationwide, including the UConn Foundation. User names and passwords for Convio account preferences were compromised in this breach.

 
Information Source:
Media
records from this breach used in our total: 0

November 7, 2007 Carolinas Medical Center, NorthEast
Concord, North Carolina
MED PORT

28,000

A paramedic left a computer on the back bumper of an ambulance and then drove away. The laptop contains names, addresses, phone numbers and Social Security numbers of approximately 28,000 people who have been cared for by the Cabarrus County EMS over the last four years.

 
Information Source:
Dataloss DB
records from this breach used in our total: 28,000

November 7, 2007 UBS FInancial Services
Weehawken, New Jersey
BSF PORT

3,212

A hard drive was discovered missing from a computer in the employee fitness center on August 28. Technicians had been working on a computer during the previous day and may have misplaced its hard drive. The hard drive contained full names, Social Security numbers, dates of birth, genders, addresses, telephone numbers, emergency contact information, physician addresses and fitness center membership information of current and former employees.

 
Information Source:
Dataloss DB
records from this breach used in our total: 3,212

November 7, 2007 Frost Bank
San Antonio, Texas
BSF UNKN

500

Around five hundred credit or debit card numbers were obtained via unknown means.  Around one hundred were used to make approximately $3000 in contributions to Ron Paul's presidential campaign. It is possible that the identity thieves were testing the cards to see if they were valid.

 
Information Source:
Dataloss DB
records from this breach used in our total: 500

November 6, 2007 Butte Community Bank
Chico, California
BSF PORT

Unknown

(866) 488-8588

A laptop with customers' personal information including names, addresses, Social Security numbers and bank account numbers was stolen from Butte Community Bank.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

November 5, 2007 Alabama Department of Public Health
Montgomery, Alabama
GOV DISC

1,554 (at least 1,554 people)

The personal information, including the names, ages and Social Security numbers of families enrolled in the state's ALL Kids health care coverage program, were accidentally sent to the wrong families last week. 1,554 affected families were alerted that some of their confidential information might have been released.

 
Information Source:
Dataloss DB
records from this breach used in our total: 1,554

November 3, 2007 Kimscrafts
Topsham, Maine
BSR HACK

4,500

KimsCrafts' on-line ordering system experienced a security breach or security breaches between August 13 and October 1.  Customers who placed orders anytime on or after June 25, 2001 may have had their names, addresses and credit card numbers accessed.  It is not clear whether the breach occurred because of an unauthorized user or because of an employee or contractor mistake.

 
Information Source:
Dataloss DB
records from this breach used in our total: 4,500

November 2, 2007 Montana State University
Bozeman, Montana
EDU PORT

216

(406) 994-6550 http://eu.montana.edu/security

MSU learned that an employee's laptop computer had been stolen somewhere off-campus. It contained the Social Security numbers of 216 students and employees who lived in on-campus housing from 1998 to 2007.

 
Information Source:
Dataloss DB
records from this breach used in our total: 216

November 2, 2007 Montana State University
Bozeman, Montana
EDU DISC

42

(406) 994-6550 http://eu.montana.edu/security

An independent security watchdog group informed MSU that an Excel spreadsheet with the names and Social Security numbers of 42 people, most of them hired in the summer of 2006, was publicly accessible on MSU's Web site.

 
Information Source:
Dataloss DB
records from this breach used in our total: 42

November 2, 2007 Montana State University
Bozeman, Montana
EDU DISC

13

   (406) 994-6550, http://eu.montana.edu/security

While investigating that breach, MSU data-security staff found another Excel spreadsheet accidentally posted on the MSU Web site since 2002. It contained the Social Security numbers of 13 people who got travel vouchers from the computer science department in the College of Engineering.

 
Information Source:
Dataloss DB
records from this breach used in our total: 13

November 1, 2007 City University of New York
New York, New York
EDU PORT

20,000

A broken laptop containing personal information was taken from the School's financial aid office.

 
Information Source:
Dataloss DB
records from this breach used in our total: 20,000

November 1, 2007 MeadWestvaco
Glen Allen, Virginia
BSR DISC

652

An employee accidentally posted an electronic file in a location that was accessible to most or all people with access to MeadWestvaco's internal computer network. The file was accessible for approximately 10 days. It contained names, Social Security numbers and home addresses of employees. At least 652 North Carolina residents were affected, but the total number of affected individuals nationwide was not reported.

 
Information Source:
Dataloss DB
records from this breach used in our total: 652

October 30, 2007 University of Nevada, Reno
Reno, Nevada
EDU PORT

16,000

A University of Nevada, Reno administrative employee has lost a flash drive that contained the names and Social Security numbers of 16,000 current and former students.

 
Information Source:
Dataloss DB
records from this breach used in our total: 16,000

October 30, 2007 Hartford Financial Services Group
Hartford, Connecticut
BSF PORT

230,000

Other locations: Ohio

Three backup tapes that contained personal information of 230,000 customers, including 9,200 Ohioans, mainly of the company's property lines, were misplaced.

 
Information Source:
Dataloss DB
records from this breach used in our total: 230,000

October 30, 2007 Pathology Group
Memphis, Tennessee
MED STAT

75,000

Someone broke into a locked office building, several computers with flat screen monitors were stolen. One of those computers had patient information on about 75,000 people. This information included names, addresses, Social Security number, even medical information

 
Information Source:
Dataloss DB
records from this breach used in our total: 75,000

October 29, 2007 United States Postal Service
Oahu, Hawaii
GOV PORT

3,000

Employees' names, Social Security numbers and other information were on a laptop computer that was stolen.

 
Information Source:
Dataloss DB
records from this breach used in our total: 3,000

October 29, 2007 ABC Phones, ACC Communications
Greenville, North Carolina
BSO PHYS

Unknown

Two men found a box in a dumpster. The cell phone business recently moved and threw away documents that contained personal information from customers. The information contained driver's license numbers, Social Security number, bank accophonesunt numbers, credit card numbers, work and home addresses.

 
Information Source:
Media
records from this breach used in our total: 0

October 29, 2007 The Horace Mann Companies
Springfield, Illinois
BSF PORT

737

A former Horace agent's computer was lost during shipping sometime around September 27. The computer contained names, Social Security numbers, addresses, phone numbers, driver's license numbers, bank account numbers and credit card numbers.

 
Information Source:
Dataloss DB
records from this breach used in our total: 737

October 29, 2007 New England School of Law
Boston, Massachusetts
EDU DISC

5,098

Personal information of alumni was available on the page of the School's website through a Google Internet search. The information included names, Social Security numbers, dates of birth, addresses and telephone numbers. The information was immediately removed from the website after the mid-October discovery.

 
Information Source:
Dataloss DB
records from this breach used in our total: 5,098

October 28, 2007 Art.com
Lockbourne, Ohio
BSR HACK

Unknown

Cyberspace criminals gained systems entry despite multiple security layers and accessed some credit card transactions. The retailer of posters, prints and framed art alerted customers that hackers had gotten into the website to access credit card accounts.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

October 26, 2007 Scarborough & Tweed
Pleasantville, New York
BSR HACK

570

The breach occurred on a server located in Delaware.  The location listed is the headquarters of Scarborough & Tweed.

The Company became aware of suspicious activity on a web server. Someone may have attempted to access the system through use of an SQL injection and could have obtained personal information of customers. Customer names, addresses, phone numbers, account numbers and credit card numbers may have been exposed.

 
Information Source:
Dataloss DB
records from this breach used in our total: 570

October 25, 2007 University of Akron
Akron, Ohio
EDU PORT

1,200

A microfilm containing the personal information of alumni were missing. Names, previous addresses, phone numbers, birth dates and Social Security numbers was on the missing microfilm.

 
Information Source:
Dataloss DB
records from this breach used in our total: 1,200

October 25, 2007 Virgin Mobile
Palo Alto, California
BSR DISC

Unknown

Unauthorized third parties attempted to or succeeded in accessing customer account during May.  It appears that the third parties used techniques to gather access customer accounts through customer care telephone lines as opposed to Virgin's website.  It was determined that people were calling customer service and claiming to be a customer or relative of a customer, and obtaining account information.  Third parties may have also called customer service and guessed common surnames and common passwords or secret answers in order to access customer accounts.  After accessing an account via customer care telephone lines, the third parties may have transferred account balances and/or airtime minutes, converted account balances to Virgin merchandise, purchased Virgin airtime or merchandise with credit or debit cards linked to the account, changed account login or contact information, or deactivated the account.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

October 24, 2007 Not Your Average Joe's
Dartmouth, Massachusetts
BSO HACK

Unknown

Massachusetts restaurants were targeted by an individual or individuals seeking to illegally obtain credit card data. The data that was compromised included credit card numbers, expiration date and name associated with the card.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

October 23, 2007 West Virginia Public Employees Insurance Agency
Charleston, West Virginia
MED PORT

200,000

(800) 435-4351

West Virginia officials are alerting 200,000 past and current members of three health insurance programs that a computer tape containing full names, addresses, phone numbers, Social Security numbers and marital status was lost last week while being shipped via United Parcel Service.

 
Information Source:
Dataloss DB
records from this breach used in our total: 200,000

October 23, 2007 Blockbuster
Sarasota, Florida
BSR PHYS

Unknown

A Sarasota resident was fishing in a trash container for boxes when he found 400 documents. These documents included membership forms and employment applications with names, addresses, credit card numbers and Social Security numbers.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

October 23, 2007 Dixie State College
St. George, Utah
EDU DISC

11,000

(866) 295-3033, idprotect@dixie.edu

An unauthorized person reportedly gained access to a computer system and confidential files, including Social Security numbers, birth date information and addresses for some 11,000 alumni and current DSC employees who graduated or worked at DSC from 1986 to 2005.

 
Information Source:
Dataloss DB
records from this breach used in our total: 11,000

October 23, 2007 Bates College
Lewiston, Maine
EDU DISC

500

Two publicly accessible documents that contained the records of nearly 500 recipients of the federal Perkins Loan, along with each recipient's address, date of birth, Social Security number, legal name and loan amount, were accessible on the Bates network.

 
Information Source:
Dataloss DB
records from this breach used in our total: 500

October 23, 2007 American Academy of Pediatrics
Elk Grove Village, Illinois
MED PORT

Unknown

A laptop that may have contained names, Social Security numbers and addresses was lost during a move. The research department of the AAP misplaced a file cabinet and a laptop during the process of moving offices.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

October 23, 2007 Longs Drug Stores California Inc.
La Jolla, California
BSR PORT

Unknown

A data storage tape containing backup data relating to pharmacy transactions was stolen during a store burglary. It contained customer names, prescription information and insurance plan membership information. Some membership numbers were or contained Social Security numbers.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

October 19, 2007 Blockbuster Inc.
Lantana, Florida
BSR PORT

Unknown

A computer was stolen from a Blockbuster office during a September 5 burglary. Customer names, addresses, telephone numbers, Blockbuster account numbers, driver's license numbers, credit card numbers and credit card types, and email addresses were on the computer's hard drive.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

October 18, 2007 University of Cincinnati
Cincinnati, Ohio
EDU PORT

7,000

The personal information of thousands of University of Cincinnati students and graduates has been stolen. A flash drive was taken from a UC employee last month. It contained the Social Security numbers and other data for more than 7,000 people.

 
Information Source:
Dataloss DB
records from this breach used in our total: 7,000

Breach Total
815,842,526 RECORDS BREACHED
(Please see explanation about this total.)
from 4,489 DATA BREACHES made public since 2005
Showing 3451-3500 of 4489 results


X

Sign In!

Loading