Chronology of Data Breaches
Security Breaches 2005 - Present

Posted Date: April 20, 2005
Updated Date: December 31, 2013

Is this your first visit to our Chronology of Data Breaches?

  • Read our FAQ about what we define as a breached record, how we calculate the "total" records breached, our data sources, state breach notice laws, studies and other resources

  • Learn how to use our Chronology and take advantage of its sophisticated search and sort features

  • Get our RSS Feed to see when we add new breaches to the list

What would you like to do?

Chronology of Data Breaches

Custom Sort
Select your desired results. Then click "Go!"

Click or unclick the boxes then select go.


Select features then click GO. To modify your search, check or uncheck the boxes and click GO.


Reset the checkboxes to the default "all selected."

Help Guide

Can't find the sort feature you're looking for? Click here to download a CSV file of the data breach list as it exisits today.

display_id:page_1

display_id:page_1

Breach Total
816,324,756 RECORDS BREACHED
(Please see explanation about this total.)
from 4,517 DATA BREACHES made public since 2005
Date Made Publicsort ascending Name Entity Type
November 3, 2007 Kimscrafts
Topsham, Maine
BSR HACK

4,500

KimsCrafts' on-line ordering system experienced a security breach or security breaches between August 13 and October 1.  Customers who placed orders anytime on or after June 25, 2001 may have had their names, addresses and credit card numbers accessed.  It is not clear whether the breach occurred because of an unauthorized user or because of an employee or contractor mistake.

 
Information Source:
Dataloss DB
records from this breach used in our total: 4,500
November 2, 2007 Montana State University
Bozeman, Montana
EDU PORT

216

(406) 994-6550 http://eu.montana.edu/security

MSU learned that an employee's laptop computer had been stolen somewhere off-campus. It contained the Social Security numbers of 216 students and employees who lived in on-campus housing from 1998 to 2007.

 
Information Source:
Dataloss DB
records from this breach used in our total: 216
November 2, 2007 Montana State University
Bozeman, Montana
EDU DISC

42

(406) 994-6550 http://eu.montana.edu/security

An independent security watchdog group informed MSU that an Excel spreadsheet with the names and Social Security numbers of 42 people, most of them hired in the summer of 2006, was publicly accessible on MSU's Web site.

 
Information Source:
Dataloss DB
records from this breach used in our total: 42
November 2, 2007 Montana State University
Bozeman, Montana
EDU DISC

13

   (406) 994-6550, http://eu.montana.edu/security

While investigating that breach, MSU data-security staff found another Excel spreadsheet accidentally posted on the MSU Web site since 2002. It contained the Social Security numbers of 13 people who got travel vouchers from the computer science department in the College of Engineering.

 
Information Source:
Dataloss DB
records from this breach used in our total: 13
November 1, 2007 City University of New York
New York, New York
EDU PORT

20,000

A broken laptop containing personal information was taken from the School's financial aid office.

 
Information Source:
Dataloss DB
records from this breach used in our total: 20,000
November 1, 2007 MeadWestvaco
Glen Allen, Virginia
BSR DISC

652

An employee accidentally posted an electronic file in a location that was accessible to most or all people with access to MeadWestvaco's internal computer network. The file was accessible for approximately 10 days. It contained names, Social Security numbers and home addresses of employees. At least 652 North Carolina residents were affected, but the total number of affected individuals nationwide was not reported.

 
Information Source:
Dataloss DB
records from this breach used in our total: 652
October 30, 2007 University of Nevada, Reno
Reno, Nevada
EDU PORT

16,000

A University of Nevada, Reno administrative employee has lost a flash drive that contained the names and Social Security numbers of 16,000 current and former students.

 
Information Source:
Dataloss DB
records from this breach used in our total: 16,000
October 30, 2007 Hartford Financial Services Group
Hartford, Connecticut
BSF PORT

230,000

Other locations: Ohio

Three backup tapes that contained personal information of 230,000 customers, including 9,200 Ohioans, mainly of the company's property lines, were misplaced.

 
Information Source:
Dataloss DB
records from this breach used in our total: 230,000
October 30, 2007 Pathology Group
Memphis, Tennessee
MED STAT

75,000

Someone broke into a locked office building, several computers with flat screen monitors were stolen. One of those computers had patient information on about 75,000 people. This information included names, addresses, Social Security number, even medical information

 
Information Source:
Dataloss DB
records from this breach used in our total: 75,000
October 29, 2007 United States Postal Service
Oahu, Hawaii
GOV PORT

3,000

Employees' names, Social Security numbers and other information were on a laptop computer that was stolen.

 
Information Source:
Dataloss DB
records from this breach used in our total: 3,000
October 29, 2007 ABC Phones, ACC Communications
Greenville, North Carolina
BSO PHYS

Unknown

Two men found a box in a dumpster. The cell phone business recently moved and threw away documents that contained personal information from customers. The information contained driver's license numbers, Social Security number, bank accophonesunt numbers, credit card numbers, work and home addresses.

 
Information Source:
Media
records from this breach used in our total: 0
October 29, 2007 The Horace Mann Companies
Springfield, Illinois
BSF PORT

737

A former Horace agent's computer was lost during shipping sometime around September 27. The computer contained names, Social Security numbers, addresses, phone numbers, driver's license numbers, bank account numbers and credit card numbers.

 
Information Source:
Dataloss DB
records from this breach used in our total: 737
October 29, 2007 New England School of Law
Boston, Massachusetts
EDU DISC

5,098

Personal information of alumni was available on the page of the School's website through a Google Internet search. The information included names, Social Security numbers, dates of birth, addresses and telephone numbers. The information was immediately removed from the website after the mid-October discovery.

 
Information Source:
Dataloss DB
records from this breach used in our total: 5,098
October 28, 2007 Art.com
Lockbourne, Ohio
BSR HACK

Unknown

Cyberspace criminals gained systems entry despite multiple security layers and accessed some credit card transactions. The retailer of posters, prints and framed art alerted customers that hackers had gotten into the website to access credit card accounts.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0
October 26, 2007 Scarborough & Tweed
Pleasantville, New York
BSR HACK

570

The breach occurred on a server located in Delaware.  The location listed is the headquarters of Scarborough & Tweed.

The Company became aware of suspicious activity on a web server. Someone may have attempted to access the system through use of an SQL injection and could have obtained personal information of customers. Customer names, addresses, phone numbers, account numbers and credit card numbers may have been exposed.

 
Information Source:
Dataloss DB
records from this breach used in our total: 570
October 25, 2007 University of Akron
Akron, Ohio
EDU PORT

1,200

A microfilm containing the personal information of alumni were missing. Names, previous addresses, phone numbers, birth dates and Social Security numbers was on the missing microfilm.

 
Information Source:
Dataloss DB
records from this breach used in our total: 1,200
October 25, 2007 Virgin Mobile
Palo Alto, California
BSR DISC

Unknown

Unauthorized third parties attempted to or succeeded in accessing customer account during May.  It appears that the third parties used techniques to gather access customer accounts through customer care telephone lines as opposed to Virgin's website.  It was determined that people were calling customer service and claiming to be a customer or relative of a customer, and obtaining account information.  Third parties may have also called customer service and guessed common surnames and common passwords or secret answers in order to access customer accounts.  After accessing an account via customer care telephone lines, the third parties may have transferred account balances and/or airtime minutes, converted account balances to Virgin merchandise, purchased Virgin airtime or merchandise with credit or debit cards linked to the account, changed account login or contact information, or deactivated the account.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0
October 24, 2007 Not Your Average Joe's
Dartmouth, Massachusetts
BSO HACK

Unknown

Massachusetts restaurants were targeted by an individual or individuals seeking to illegally obtain credit card data. The data that was compromised included credit card numbers, expiration date and name associated with the card.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0
October 23, 2007 West Virginia Public Employees Insurance Agency
Charleston, West Virginia
MED PORT

200,000

(800) 435-4351

West Virginia officials are alerting 200,000 past and current members of three health insurance programs that a computer tape containing full names, addresses, phone numbers, Social Security numbers and marital status was lost last week while being shipped via United Parcel Service.

 
Information Source:
Dataloss DB
records from this breach used in our total: 200,000
October 23, 2007 Blockbuster
Sarasota, Florida
BSR PHYS

Unknown

A Sarasota resident was fishing in a trash container for boxes when he found 400 documents. These documents included membership forms and employment applications with names, addresses, credit card numbers and Social Security numbers.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0
October 23, 2007 Dixie State College
St. George, Utah
EDU DISC

11,000

(866) 295-3033, idprotect@dixie.edu

An unauthorized person reportedly gained access to a computer system and confidential files, including Social Security numbers, birth date information and addresses for some 11,000 alumni and current DSC employees who graduated or worked at DSC from 1986 to 2005.

 
Information Source:
Dataloss DB
records from this breach used in our total: 11,000
October 23, 2007 Bates College
Lewiston, Maine
EDU DISC

500

Two publicly accessible documents that contained the records of nearly 500 recipients of the federal Perkins Loan, along with each recipient's address, date of birth, Social Security number, legal name and loan amount, were accessible on the Bates network.

 
Information Source:
Dataloss DB
records from this breach used in our total: 500
October 23, 2007 American Academy of Pediatrics
Elk Grove Village, Illinois
MED PORT

Unknown

A laptop that may have contained names, Social Security numbers and addresses was lost during a move. The research department of the AAP misplaced a file cabinet and a laptop during the process of moving offices.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0
October 23, 2007 Longs Drug Stores California Inc.
La Jolla, California
BSR PORT

Unknown

A data storage tape containing backup data relating to pharmacy transactions was stolen during a store burglary. It contained customer names, prescription information and insurance plan membership information. Some membership numbers were or contained Social Security numbers.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0
October 19, 2007 Blockbuster Inc.
Lantana, Florida
BSR PORT

Unknown

A computer was stolen from a Blockbuster office during a September 5 burglary. Customer names, addresses, telephone numbers, Blockbuster account numbers, driver's license numbers, credit card numbers and credit card types, and email addresses were on the computer's hard drive.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0
October 18, 2007 University of Cincinnati
Cincinnati, Ohio
EDU PORT

7,000

The personal information of thousands of University of Cincinnati students and graduates has been stolen. A flash drive was taken from a UC employee last month. It contained the Social Security numbers and other data for more than 7,000 people.

 
Information Source:
Dataloss DB
records from this breach used in our total: 7,000
October 18, 2007 First Banks Inc, iWire Inc
Jericho, New York
BSF HACK

5,234

iWire's Payroll Passport/IC Settlement database was breached on September 29.  A database of cardholder account records was accessed.  It contained Social Security numbers.

 
Information Source:
Dataloss DB
records from this breach used in our total: 5,234
October 17, 2007 Home Depot
Boston, Massachusetts
BSR PORT

10,000

A laptop computer containing about 10,000 employees' personal data was stolen from a regional manager's car. The computer, which was password protected, didn't contain any customer information. The laptop contained names, home addresses and Social Security numbers of certain Home Depot employees.

 
Information Source:
Dataloss DB
records from this breach used in our total: 10,000
October 17, 2007 Louisiana Office of Student Financial Assistance, Iron Mountain
Baton Rouge, Louisiana
EDU PORT

Unknown

http://www.osfa.state.la.us/notice.htm

Sensitive data for virtually all Louisiana college applicants and their parents over the past nine years were in a case lost last month during a move. The data included Social Security numbers for applicants and their parents. The bank account information for START account holders also was involved.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0
October 16, 2007 Administaff Inc.
Houston, Texas
BSO PORT

159,000

Current and former workers personal data may be compromised because of a stolen laptop. The data wasn't encrypted when it was stored on the portable computer, which is password-protected. Data stored on the laptop included names, addresses and Social Security numbers for most employees paid by Administaff in 2006.

 
Information Source:
Dataloss DB
records from this breach used in our total: 159,000
October 15, 2007 Transportation Security Administration
Arlington, Virginia
GOV PORT

3,930

Two laptop computers with detailed personal information about commercial drivers across the country who transport hazardous materials are missing and considered stolen. The laptops contained the names, addresses, birthdays, commercial driver's license numbers and, in some cases, Social Security numbers of 3,930 people.

 
Information Source:
Dataloss DB
records from this breach used in our total: 3,930
October 13, 2007 Montana State University
Bozeman, Montana
EDU HACK

1,400

(406) 994-6550, http://eu.montana.edu/security/

An unknown hacker remotely accessed a computer server that housed records containing credit card numbers and Social Security numbers of students who enrolled online for MSU Extended University courses during the last two years. The data in question was encrypted, and there is no evidence that personal information was stolen.

 
Information Source:
Dataloss DB
records from this breach used in our total: 1,400
October 12, 2007 King County Transportation Department
Seattle, Washington
GOV PORT

1,400

A laptop computer containing personal information about current and former employees has been stolen. Workers' names, addresses and Social Security numbers were on the password-protected laptop, which was stolen during a Sept. 28 home burglary. The information was not encrypted.

 
Information Source:
Dataloss DB
records from this breach used in our total: 1,400
October 12, 2007 Track Data Securities Corp.
New York, New York
BSF HACK

276

Track Data learned that the security of its computer system was compromised.  Customer names,  Social Security numbers, addresses and credit card numbers may have been illegally accessed.  At least 276 New Hampshire residents were affected, but the total number of affected customers nationwide was not reported.

 
Information Source:
Dataloss DB
records from this breach used in our total: 276
October 12, 2007 LPL Financial
San Diego, California
BSF HACK

40

Unauthorized individuals accessed LPL's trading and operation system data by obtaining passwords of eight financial advisors.  LPL discovered the breach on July 17 and immediately informed law enforcement officials.  It appears that the purchases were made to increase the volume of trading and affect prices of certain stocks.  The trades were rejected once it was determined that they were fraudulent.  Client names, Social Security numbers, dates of birth, addresses, phone numbers and account numbers may have been exposed.

 
Information Source:
Dataloss DB
records from this breach used in our total: 40
October 10, 2007 Wheels Inc., Pfizer
Des Plaines, Illinois
BSO DISC

1,800 + 23 Not included in Total because it is not clear if SSNs were exposed.

The spouses and domestic partners of about 1,800 Pfizer employees, including 23 from Connecticut, learned late last month about a data breach at Wheels Inc., which provides cars to the company, mostly for use by its sales force. The breach at Wheels, first reported by the Pharmalot Web site, released onto the Internet names, addresses, birth dates and driver's license numbers, but not Social Security numbers, according to the company.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0
October 10, 2007 Commerce Bank
Wichita, Kansas
BSF HACK

20

A hacker gained access to a database with about 3,000 customer records and accessed data belonging to 20 of them. The bank is contacting those who may have been affected. The hacking was quickly detected and stopped, according to Commerce Bank, which then notified law enforcement.

 
Information Source:
Dataloss DB
records from this breach used in our total: 20
October 9, 2007 Pembroke Schools
Pembroke, Massachusetts
EDU DISC

Unknown

(781) 829-1178

Personal information on anyone who worked or volunteered for the Pembroke schools in the last four years was accessible via the Internet because of a weakness in the district's computer system. The information included names, birth dates and Social Security numbers.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0
October 8, 2007 University of Iowa
Iowa City, Iowa
EDU PORT

184

http://www.uiowa.edu/~phil/SSN.shtml

A laptop computer was stolen from a former teaching assistant. The theft of the computer, which occurred last month in a break-in of the instructor's home, contained class records such as attendance, test scores, and grades of students who took his philosophy courses at the UI between 2002 and 2006. Social Security numbers were also present in 100 of the records.

 
Information Source:
Dataloss DB
records from this breach used in our total: 184
October 8, 2007 Carnegie Mellon University
Pittsburgh, Pennsylvania
EDU PORT

Unknown

Two laptops were stolen from the office of a computer science professor. Both of the computers were believed to have contained significant personal identifying data, such as Social Security numbers.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0
October 8, 2007 Semtech
Camarillo, California
BSO PORT

Unknown

A laptop computer and other personal belongings were stolen from one of Semtech's vendors. The computer was not stolen from a Semtech facility, but may have contained computerized data relating to Semtech employees. Semtech declined to provide further details of the incident, such as what personal employee data may have been put at risk, when the theft happened or how long it took the company to inform its workers of the potential breach.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0
October 8, 2007 National Financial Partners (NFP)
New York, New York
BSF PORT

Unknown

A laptop was stolen from an employee during travel. The information on the laptop included names, tax ID numbers, Social Security numbers and other personal information of NFP's vendors.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0
October 4, 2007 Massachusetts Division of Professional Licensure
Boston, Massachusetts
GOV DISC

450,000

http://www.mass.gov/dpl or call (617) 973-8100

Social Security numbers of about 450,000 licensed professionals were inadvertently released. The information was mailed last month to agencies that submitted a public records request for the names and addresses of professionals licensed by the division. The division mailed 28 computer disks to 23 agencies that use the information as a marketing or promotional tool. The disks would normally contain only the names and addresses of individuals licensed through the Division of Professional Licensure and the Division of Health Professions Licensure. However, the disks also included Social Security numbers.

 
Information Source:
Dataloss DB
records from this breach used in our total: 450,000
October 3, 2007 Nationwide Mutual Insurance
Wesley Chapel, Florida
BSF PORT

246

A laptop was stolen from the car of a claims representative. It contained the names, Social Security numbers and driver's license numbers of clients.

 
Information Source:
Dataloss DB
records from this breach used in our total: 246
October 2, 2007 The Nature Conservancy
Arlington, Virginia
NGO HACK

14,000

Additional locations: Little Rock, Fayetteville, Arkadelphia, Batesville and Ponca, (Arkansas)

A hacker illegally gained access to a computer of The Nature Conservancy containing personal information on current and former employees and their dependents. The stolen information included the names, home addresses, Social Security numbers and birth dates. It also included direct deposit bank account numbers for employees who were on the payroll between 2000 and 2004, as well as the Social Security numbers of those employees' dependents. When employees accessed a particular Web site, the site planted a program on the employees' computers that copied the contents of the hard drives and sent the information to the hacker.

 
Information Source:
Dataloss DB
records from this breach used in our total: 14,000
October 2, 2007 Athens Regional Health Services
Athens, Georgia
MED STAT

1,400 only 85 people were affected by SSN

 (706) 475-4369

A computer missing from a Regional First Care clinic in Watkinsville held the personal information of more than 1,400 people, according to Athens Regional Health Services. Workers first noticed on Sept. 24 that the computer was missing. The computer held Social Security numbers for 85 people, some health information for 545 people and the name, address and/or telephone numbers of 811 people. No credit card or other financial information was stored on the computer, which was a backup server for the Watkinsville clinic.

 
Information Source:
Dataloss DB
records from this breach used in our total: 85
October 1, 2007 PFPC Inc., AFBA
Alexandria, Virginia
BSF PORT

60

On July 17, a laptop was stolen from the vehicle of a contractor working on an information technology project. A file on the laptop contained AFBA 5 Star Fund shareholder information. Names, Social Security numbers and addresses were exposed. At least 60 Maine residents were affected, but the total number of affected individuals nationwide was not revealed.

 
Information Source:
Dataloss DB
records from this breach used in our total: 60
September 28, 2007 Gap Inc.
San Francisco, California
BSR PORT

800,000

 (866) 237-4007, http://gapinc.com/securityassistance/

A laptop containing the personal information of certain job applicants was recently stolen from the offices of an experienced third-party vendor that manages job applicant data for Gap Inc. Personal data for approximately 800,000 people who applied online or by phone for store positions at one of Gap Inc.'s brands between July 2006 and June 2007 was contained on the stolen laptop. Social Security numbers were included in the information on the laptop.

 

UPDATE (5/28/10): A man whose Social Security number and other personal information were compromised by a company that processed his job application for The Gap Inc. has no legal claims against the company because no actual damage resulted from the privacy breach (a laptop stolen from Vangent), ruled the Ninth Circuit Court of Appeals. Ruiz v. Gap, Inc. 09-15971 (9th Circ. May 28, 2010), http://www.ca9.uscourts.gov/datastore/memoranda/2010/05/28/09-15971.pdf .

 
Information Source:
Dataloss DB
records from this breach used in our total: 800,000
September 28, 2007 Pfizer
New York, New York
MED INSD

90

An employee wrongfully arranged to have copies made of confidential information in electronic format and did not return the information upon termination.  The information included names and Social Security numbers of current and former Pfizer associates.  The incident occurred on July 17 and was discovered on August 18.  The company said it would notify affected individuals by October 15.

 
Information Source:
Dataloss DB
records from this breach used in our total: 90
September 28, 2007 Wal-Mart Stores Inc.
Bentonville, Arkansas
BSR INSD

48,686

A Wal-Mart associate took confidential information relating to a group of associates. The former associate was not authorized to retain the information after ending his employment with Wal-Mart. Associate names, Social Security numbers, Wal-Mart job codes and compensation information were exposed. The incident occurred on August 15.

 
Information Source:
Dataloss DB
records from this breach used in our total: 48,686
Breach Total
816,324,756 RECORDS BREACHED
(Please see explanation about this total.)
from 4,517 DATA BREACHES made public since 2005

Pages

Showing 3501-3550 of 4517 results