Chronology of Data Breaches
Security Breaches 2005 - Present

Posted Date: April 20, 2005
Updated Date: December 31, 2013

Is this your first visit to our Chronology of Data Breaches?

  • Read our FAQ about what we define as a breached record, how we calculate the "total" records breached, our data sources, state breach notice laws, studies and other resources

  • Learn how to use our Chronology and take advantage of its sophisticated search and sort features

  • Get our RSS Feed to see when we add new breaches to the list

What would you like to do?

Chronology of Data Breaches

Custom Sort
Select your desired results. Then click "Go!"

Click or unclick the boxes then select go.


Select features then click GO. To modify your search, check or uncheck the boxes and click GO.


Reset the checkboxes to the default "all selected."

Help Guide

Can't find the sort feature you're looking for? Click here to download a CSV file of the data breach list as it exisits today.

display_id:page_1

display_id:page_1

Breach Total
816,324,756 RECORDS BREACHED
(Please see explanation about this total.)
from 4,517 DATA BREACHES made public since 2005
Date Made Publicsort ascending Name Entity Type
September 27, 2007 Kelley Drye and Warren LLP
Washington, District Of Columbia
NGO PORT

Unknown

A laptop was stolen from an external pension auditor on September 12. It contained information related to Kelley's Retirement Savings Plan. This information included names, Social Security numbers, dates of birth, addresses, and/or date of employment.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0
September 25, 2007 Merlin Information Services
Kalispell, Montana
BSO HACK

2,297

The login information of a legitimate customer was compromised and an unauthorized individual may have accessed names, Social Security numbers and addresses of certain persons.

 
Information Source:
Dataloss DB
records from this breach used in our total: 2,297
September 24, 2007 Utah Department of Workforce Services
American Fork, Utah
GOV PORT

2,000

A laptop computer containing a spreadsheet with the the Social Security numbers and other personal information of about 2,000 people was reported stolen.

 
Information Source:
Dataloss DB
records from this breach used in our total: 2,000
September 24, 2007 Fidelity National Information Services, Fidelity National Financial
Jacksonville, Florida
BSR PORT

111

A laptop was stolen from an employee on August 28. The laptop contained payroll information such as name, Social Security number, address, email address and date of birth. At least 74 Maine and 37 New Hampshire residents were affected, but the total number of individuals affected nationwide was not revealed.

 
Information Source:
Dataloss DB
records from this breach used in our total: 111
September 21, 2007 City of Columbus, Ohio
Columbus, Ohio
GOV STAT

3,500

For Info: The Columbus Dispatch, http://www.dispatch.com

The city of Columbus is offering identity-theft protection services to more than 3,000 people whose Social Security numbers were on three computers stolen from a warehouse. The theft affected people who had signed up for the city's Mobile Tool Library, which lends power tools, lawn mowers and supplies.

 
Information Source:
Dataloss DB
records from this breach used in our total: 3,500
September 21, 2007 Citigroup, ABN Amro Mortgage Group
Norridge, Illinois
BSF DISC

5,208

Three spreadsheets containing 5,200 Social Security numbers and other personal details about customers were inadvertently leaked over an online file-sharing network by a former employee. Tiversa, a company that monitors P2P networks, found Excel spreadsheets from the desktop of a financial analyst at ABN Amro Mortgage Group running LimeWire. Although Tiversa found over 10,000 files, deduplication revealed only 5,208 unique Social Security numbers, along with names and what type of mortgage each customer had.

 
Information Source:
Media
records from this breach used in our total: 5,208
September 20, 2007 State of Connecticut, Accenture Ltd.
Hartford, Connecticut
GOV PORT

58

A backup tape was stolen in Ohio in June and contained data removed by Accenture from the state's Core-CT computer system, which performs all of the state's payroll, personnel, purchasing, accounting and inventory functions. The backup tape contained state agency bank account numbers, bank names and types of accounts, as well as the names and Social Security numbers of 58 of Connecticut taxpayers. Connecticut officials today revealed plans to file a civil complaint against IT consulting giant Accenture Ltd. related to this security breach involving stolen records tied to state agency bank accounts worth millions of dollars.

 
Information Source:
Media
records from this breach used in our total: 58
September 19, 2007 Kansas University
Lawrence, Kansas
EDU PHYS

Unknown

A number of documents containing Kansas University student, faculty and staff personal information were recovered from the recycling and trash in the Mathematics Department at Kansas University. The information included student exams, student change of grade forms, class rosters, copies of health insurance cards, copies of immigration forms as well as a copy of a Social Security card.

 
Information Source:
Media
records from this breach used in our total: 0
September 19, 2007 University of Michigan School of Nursing
Ann Arbor, Michigan
MED PORT

8,585

Backup tapes containing patient information like Social Security numbers, patient names and addresses were stolen from the School of Nursing two weeks ago.

 
Information Source:
Dataloss DB
records from this breach used in our total: 8,585
September 14, 2007 TD Ameritrade Holding Corp.
Omaha , Nebraska
BSF HACK

6.3 million

FAQ at http://www.elvey.com/IDTheft/spam_faq.cfm.html For links to key legal documents, see http://datalossdb.org/incident_highlights/30-legal-sub-project-elvey-v-td-ameritrade

One of TD Ameritrade's databases was hacked and contact information for its more than 6.3 million customers was stolen. A spokeswoman for the Omaha-based company said more sensitive information in the same database, including Social Security numbers and account numbers, does not appear to have been taken. "We were able to conclude that while Social Security numbers are stored in this particular database, your SSN were not retrieved." The company said names, e-mail addresses, phone numbers, and home addresses were taken in the data breach. Company customers received unwanted spam because of this breach.

UPDATE (4/28/09):TD Ameritrade sent a mass email on September 14, 2007 to its customers admitting SSNs had been compromised:" [W]e recently discovered and eliminated unauthorized code from our systems. This code allowed certain client information stored in one of our databases ... to be retrieved by an external source [and] Social Security Numbers are stored in this particular database."

UPDATE (10/27/09): TD Ameritrade was nearing a settlement in the case of more than six million stolen records when the judge, who previously seemed to agree with the proposal, rejected it today. The federal judge handling the case has decided the proposed settlement provides no discernible benefit to the victims and he rejected the proposed settlement.

UPDATE (11/16/10): Pending approval by a U.S. District Judge, TD Ameritrade will offer between $0 and $2,500 to customers who were affected by the breach.  Customers who received spam, or were victims of criminal identity theft because a criminal who was arrested posed as them, will get $0 unless they were also victims of account-fraud-based identity theft. This settlement will cost between $2,500,000 and $6,500,000.

http://www.citizen.org/litigation/forms/cases/getlinkforcase.cfm?cID=499

http://www.bargaineering.com/articles/td-ameritrade-discovers-database-breach.html 

UPDATE (10/07/2011): The settlement was approved.  Ameritrade will pay between $2,500,000 and $6,500,000.

 
Information Source:
Dataloss DB
records from this breach used in our total: 6,300,000
September 14, 2007 Tennessee Tech University
Cookeville, Tennessee
EDU DISC

3,100

Some 3,100 current or past students who owe the university money were notified today that some of their personal data may have been compromised. A technical problem in the way student bills are printed resulted in the chance that some student social security numbers and personal identification numbers may have been sent to another student's address.

 
Information Source:
Dataloss DB
records from this breach used in our total: 3,100
September 14, 2007 Cornell University
Ithaca, New York
EDU STAT

12

A desktop computer was stolen from the East wing of Ives Hall in the School of Industrial and Labor Relations.  It contained the names, Social Security numbers and dates of birth of some individuals.

 
Information Source:
Dataloss DB
records from this breach used in our total: 12
September 13, 2007 Voxant.com
Reston, Virginia
BSO HACK

4,500

 (703) 964-0696

The Voxant online ecommerce store server was hacked using what appeared to be a typical phishing scheme. The server is seperate from the primary business at www.voxant.com. The affected server was immediately taken offline and removed the offending phising pages. Encrypted credit card numbers could have been accessed during the incident. Although the credit card numbers were encrypted, the encryption key was not well protected. The database up through June 19-20 could have been affected, representing approximately 4,500 US customers.

 
Information Source:
Dataloss DB
records from this breach used in our total: 4,500
September 12, 2007 TennCare, Americhoice Inc.
Knoxville,
MED PORT

67,000

  To sign up for the free ID theft protection you must call AmeriChoice at (800) 690-1606.

There are 67,000 TennCare enrollees at risk of identity theft after a courier service lost their personal information. The lost information includes names, Social Security Numbers, birthdays and addresses.

 
Information Source:
Dataloss DB
records from this breach used in our total: 67,000
September 12, 2007 Hartford Life Insurance Company
Simsbury Center, Connecticut
BSF HACK

526

Activity from a third party was detected on the website. It is likely that the third party used customer Social Security numbers, dates of birth and annuity contract numbers to access the website. The third party may have been able to reset customer PINs and access customer accounts with this information.

 
Information Source:
Dataloss DB
records from this breach used in our total: 526
September 11, 2007 Pennsylvania Public Welfare Department
Harrisburg, Pennsylvania
GOV STAT

2,000

Two computers containing the mental health histories of more than 300,000 medical-assistance recipients were stolen. The computer work stations were taken during an overnight break-in at an office. The mental health information on the computers identified people by codes and not by name. The information also was protected by multiple passwords, but full names and Social Security numbers of nearly 2,000 people were also on the computers.

 
Information Source:
Dataloss DB
records from this breach used in our total: 2,000
September 11, 2007 Gander Mountain
Greensburg, Pennsylvania
BSR STAT

112,000

Somebody either lost or stole a computer potentially containing the credit card information of anyone who has shopped at the Greensburg store since it first opened more than five years ago. Gander Mountain said credit card information for 112,000 customers of its Greensburg store might have been compromised. That includes 10,000 records with names, card numbers and expiration dates.

 
Information Source:
Dataloss DB
records from this breach used in our total: 112,000
September 10, 2007 Purdue University
West Lafayette, Indiana
EDU DISC

111

www.purdue.edu/news/coa0709.html, (866) 275-1181

The university is warning those who were students in the fall of 2004 that information about them was inadvertently posted on the Internet. The information was in a document that contained the names and Social Security numbers of students in the Animal Sciences 102 class. The page was no longer in use but was on a computer server connected to the Internet. The document was found recently through an internal search and reported to the chief information security officer at Purdue.

 
Information Source:
Dataloss DB
records from this breach used in our total: 111
September 10, 2007 Larson Allen LLP, FirstHealth of the Carolinas Inc
Pinehurst, North Carolina
BSF PORT

3913

A laptop was stolen from a Larson Allen employee.  It contained a spreadsheet with the personal information of FirstHealth's employees.  The information included the names, Social Security numbers dates of birth, addresses and employment information of people on payroll during August.

 
Information Source:
Dataloss DB
records from this breach used in our total: 3,913
September 9, 2007 De Anza College
Cupertino, California
EDU PORT

4,375

(408) 864-8292

Thousands of former students might be at risk for identity fraud after an instructor's laptop computer, containing students' personal information, was stolen last month. The computer contained the students' names, addresses, grades and in many cases Social Security numbers.

 
Information Source:
Dataloss DB
records from this breach used in our total: 4,375
September 9, 2007 McKesson Specialty, AstraZeneca
Scottsdale, Arizona
MED STAT

68,779

 (866) 554-6366

McKesson Health-care services company, is alerting thousands of its patients that their personal information is at risk after two of its computers were stolen from an office.

 
Information Source:
Dataloss DB
records from this breach used in our total: 68,779
September 6, 2007 University of South Carolina
Columbia, South Carolina
EDU DISC

1,482

A number of files containing Social Security numbers, test scores and course grades were exposed online. It appears the person responsible for the breach may not have known enough about computers to realize the information could be accessed outside the university system.

 
Information Source:
Dataloss DB
records from this breach used in our total: 1,482
September 5, 2007 Affiliated Computer Services (ACS), Kraft Foods
Northfield, Illinois
BSR PORT

1446

A computer tape with the names and Social Security numbers of current and former Kraft employees was lost by ACS.  ACS administers Kraft's prescription drug benefits program.  ACS believes it accidentally destroyed the tape.  Kraft reported the number of affected residents in North Carolina, New Hampshire, Maine and New York, but the total number nationwide was not reported and is likely to exceed 1446.

 
Information Source:
Dataloss DB
records from this breach used in our total: 1,446
September 4, 2007 Pfizer
New York, New York
BSO INSD

34,000

(866) 274-3891

A security breach may have caused employees' names, Social Security numbers, addresses, dates of birth, phone numbers, bank account numbers, credit card information, signatures and other personal information to be publicly exposed. The breach occurred late last year when a Pfizer employee removed copies of confidential information from a Pfizer computer system without the company's knowledge or approval. Pfizer didn't become aware of the breach until July 10.

 
Information Source:
Dataloss DB
records from this breach used in our total: 34,000
September 4, 2007 Brevard Public Schools
Viera, Florida
EDU UNKN

61

A missing piece of luggage belonging to a state auditor contains the personal information of 61 Brevard Public Schools employees and had district personnel scrambling before the holiday weekend began to notify people that their names and Social Security numbers might be compromised.

UPDATE (9/21/07): Melbourne International Airport police arrested a 44-year-old defense subcontractor from California on charges of stealing luggage. He is in the Brevard County Jail, facing at least two charges of grand theft.

 
Information Source:
Media
records from this breach used in our total: 61
September 1, 2007 Johns Hopkins Hospital
Baltimore, Maryland
MED STAT

5,783

A desktop computer containing the personal information of 5,783 Johns Hopkins Hospital patients was stolen. The computer included patients' names, Social Security numbers, birth dates and medical histories.

 
Information Source:
Dataloss DB
records from this breach used in our total: 5,783
August 31, 2007 Option One Mortgage
Irvine, California
BSF HACK

10,000

A computer server that contained customer service information was hacked.  People who visited the customer service website between August 9 and 14 may have had their names, Social Security numbers, addresses, phone numbers, loan information and payment histories exposed.  The hacker was able to change the website so that a virus was installed on the computers of visitors.  

 
Information Source:
Dataloss DB
records from this breach used in our total: 10,000
August 31, 2007 AW Direct Inc.
Berlin, Connecticut
BSR HACK

Unknown

An unauthorized person accessed AW Direct's website. Customer order information that included full names, addresses and credit card information was exposed.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0
August 31, 2007 Voxant
Reston, Virginia
BSO HACK

4,500

A hacker accessed the website and obtained personal information of customers.

 
Information Source:
Dataloss DB
records from this breach used in our total: 4,500
August 30, 2007 Maryland Department of the Environment
Annapolis, Maryland
GOV PORT

Unknown

A laptop computer containing personal information on people with state licenses has been stolen from a vehicle. It contains four databases that include personal information related to licenses issued by four state boards.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0
August 30, 2007 AT&T
San Antonio, Texas
BSO PORT

Unknown

A laptop containing unencrypted personal data on current and former employees of the former AT&T Corp. was stolen recently from the car of an employee of a professional services firm doing work for the company. That theft prompted the company to notify an unspecified number of individuals about the potential compromise of their Social Security numbers, names and other personal details.

 
Information Source:
Media
records from this breach used in our total: 0
August 28, 2007 Connecticut Department of Revenue Services
Hartford, Connecticut
GOV PORT

106,000

A computer laptop with the names and Social Security numbers of more than 100,000 Connecticut taxpayers has been stolen. The Department of Revenue Services intends to launch a web page soon that residents can search to determine whether their personal information was stored on the laptop.

UPDATE (9/14/07): More than 2 dozen state laptops have gone missing since July 2006.

UPDATE (10/19/07): A supervisor at the state Department of Revenue Services was suspended without pay. His computer was stolen from his car in August at a hotel in New York. Police say it was possible the vehicle was not locked because there were no signs of a break-in.

 
Information Source:
Dataloss DB
records from this breach used in our total: 106,000
August 27, 2007 University of Illinois
Champaign-Urbana, Illinois
EDU DISC

5,247 Not added to total. It does not appear that SSNs or financial account numbers were exposed.

An e-mail sent Aug. 24 to about 700 University of Illinois engineering students contained a spreadsheet listing personal information, including addresses and grade point averages, of thousands of students. The spreadsheet attached to the mass mail did not contain Social Security numbers or the students' university identification numbers. But, the person who sent the mass e-mail attached a spreadsheet containing information on all 5,247 students in the College of Engineering. The spreadsheet included each student's name, e-mail address, major, gender, race and ethnicity, class, date admitted, spring 2007 grade point average, cumulative GPA, plus local address and phone number.

 
Information Source:
Media
records from this breach used in our total: 0
August 26, 2007 American Ex-Prisoners of War
, Texas
NGO UNKN

35,000

Personal records including addresses and Social Security numbers of more than 35,000 veterans and their families were stolen this month from the offices of a POW support organization in Texas. Digital and paper records included information on the group's entire membership, including addresses, dates of birth, Social Security numbers and VA claims data.

 
Information Source:
Dataloss DB
records from this breach used in our total: 35,000
August 23, 2007 New York City Financial nformation Services Agency
New York, New York
GOV PORT

280,000 Not added to total. It is not clear that SSNs or financial account numbers were exposed.

A laptop loaded with financial information on as many as 280,000 city retirees was stolen from a consultant who took the computer to a restaurant.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0
August 23, 2007 Loomis Chaffee School
Windsor, Connecticut
EDU UNKN

Unknown

Valuable computer equipment, including two large storage devices were stolen during a night time burglary from the locked IT facility on campus. The stolen storage devices contained information about some recent graduates of the school, including their names, Social Security numbers, and contact information from their days as students at the school.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0
August 23, 2007 Monster.com
Maynard, Massachusetts
BSO HACK

Unknown

http://help.monster.com/besafe/

Monster announced that the details of some 1.6 million job seekers had been stolen. Fewer than 5,000 of those 1.6 million users affected are based outside the United States. The information stolen was limited to names, addresses, phone numbers and email addresses, and no other details including bank account numbers were uploaded.

UPDATE (8/29/07) : Hackers have stolen the names, e-mail addresses and telephone numbers of about 146,000 subscribers to USAJOBS.gov. The hackers accessed the information from the resume database run by Monster.com, which provides the technology for USAJOBS.gov. Monster Worldwide told OPM that no Social Security numbers were compromised.

 
Information Source:
Media
records from this breach used in our total: 0
August 22, 2007 California Public Employees' Retirement System (CalPERS)
Sacramento, California
GOV DISC

445,000

Roughly 445,000 retirees in California received brochures announcing an upcoming election to fill a rare vacancy on the board of the California Public Employees' Retirement System. All or a portion of each person's Social Security number appeared without hyphens on the address panel.

 
Information Source:
Dataloss DB
records from this breach used in our total: 445,000
August 22, 2007 PrintPack Inc.
Atlanta, Georgia
BSR PORT

Unknown

Five laptops were stolen from Printpack's corporate headquarters during a nighttime burglary on or around August 16.  One laptop was taken from the finance department and had human resources information from current and former employees.  Names, Social Security numbers, dates of birth, marital status, addresses and other information may have been exposed.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0
August 21, 2007 Walter Reed Army Institute of Research
Silver Spring, Maryland
GOV PHYS

Unknown

Boxes of documents containing personal information were supposed to be shredded but instead turned up last week in an off-base trash bin. Police do not believe anyone had access to the information other than the person who found the records. An investigation is under way to determine precisely what information they held and why they appeared off base.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0
August 21, 2007 West Virginia Board of Barbers and Cosmetologists
Charleston, West Virginia
BSO UNKN

Unknown

Every barber and cosmetologist licensed in the state of West Virginia since 1986 could now potentially be a victim of identity theft. Someone broke into the second floor office of the Board of Barbers and Cosmetologists and stole a safe. The director of the agency says the safe contains the personal information of thousands of hair dressers.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0
August 20, 2007 University of Toledo
Toledo, Ohio
EDU PORT

Unknown

A laptop computer has been stolen from an office in the Student Recreation Center that contained some student and employee names and Social Security numbers.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0
August 20, 2007 Celgene Corporation
Summit, New Jersey
BSR PORT

1,951

Four external computer hard drives used to back up information were discovered missing from a locked information technology workroom. The hard drives contained personal information about Celgene's current and former employees. Names, Social Security numbers, addresses, phone numbers, dates of birth, bank and financial accounts, compensation information and some driver's license numbers were on the hard drives.

 
Information Source:
Dataloss DB
records from this breach used in our total: 1,951
August 19, 2007 Applera
Norwalk, Connecticut
BSO PORT

Unknown

A laptop was stolen from the car of an employee while it was in a parking lot on August 9. The laptop contained full names and Social Security numbers of employees. It is not clear if all 5,530 of Applera's employees were affected by the incident. At least 24 New Hampshire residents were affected.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0
August 17, 2007 Mercury Interactive, Hewlett-Packard
Atlanta, Georgia
BSO PORT

1,425

A laptop belonging to an HP director was lost during a business trip to Atlanta, GA. The breach occurred in late July and involved the names, Social Security numbers, addresses, dates of birth, citizenship status and compensation information of Mercury Interactive employees.  Mercury Interactive was acquired by HP in November of 2006.

 
Information Source:
Dataloss DB
records from this breach used in our total: 1,425
August 17, 2007 University of New Hampshire
Durham, New Hampshire
EDU DISC

29

An MS Excel spreadsheet containing names and Social Security numbers of graduate students at the University was posted within the University's website on or around April 17, 2007.  Specifically, the spreadsheet contained the credit hour and tuition information associated with "inter-college" graduate programs.  In addition to the credit hour and tuition information that were visible at the top of the spreadsheet, the bottom of the report also included the names and Social Security numbers of students. A staff member recognized the mistake on July 27.

 
Information Source:
Dataloss DB
records from this breach used in our total: 29
August 16, 2007 Utica Title and Escrow
Bixby, Oklahoma
BSF PHYS

Unknown

Boxes belonging to Utica Title and Escrow had been stored at a storage unit in Bixby. When Utica quit paying rent the storage company went through the legal process to be able to sell everything left behind. No one wanted to buy the boxes of paper so the boxes were thrown out. The boxes contained private information, including Social Security numbers, bank accounts and pay stubs.

 
Information Source:
Media
records from this breach used in our total: 0
August 16, 2007 Nationwide Mutual Insurance
Woodbury, New York
BSF PORT

140

A laptop was stolen from the car of a claims representative.  It contained the names, Social Security numbers and driver's license numbers of clients.  

 
Information Source:
Dataloss DB
records from this breach used in our total: 140
August 15, 2007 Idaho Army National Guard
Boise, Idaho
GOV PORT

3,400

http://www.idahoarmyguard.org/, or call the Idaho National Guard Joint Operations Center

A small computer drive containing Social Security numbers and other personal information about every Army National Guard soldier in Idaho has been stolen.

 
Information Source:
Dataloss DB
records from this breach used in our total: 3,400
August 15, 2007 Greater Detroit Hospital
Detroit, Michigan
MED PHYS

Unknown

It's a repeat of a problem that emerged late last year at the Greater Detroit Hospital where metal thieves stripped everything from copper piping to windows, exposing rows of abandoned patient files. Neighbors said there are hundreds of boxes of patient files and payroll records inside, full of credit card and Social Security numbers.

 
Information Source:
Media
records from this breach used in our total: 0
Breach Total
816,324,756 RECORDS BREACHED
(Please see explanation about this total.)
from 4,517 DATA BREACHES made public since 2005

Pages

Showing 3551-3600 of 4517 results