Chronology of Data Breaches
Security Breaches 2005 - Present

Posted Date: April 20, 2005
Updated Date: December 31, 2013

Is this your first visit to our Chronology of Data Breaches?

  • Read our FAQ about what we define as a breached record, how we calculate the "total" records breached, our data sources, state breach notice laws, studies and other resources

  • Learn how to use our Chronology and take advantage of its sophisticated search and sort features

  • Get our RSS Feed to see when we add new breaches to the list

What would you like to do?

Chronology of Data Breaches

Custom Sort
Select your desired results. Then click "Go!"

Click or unclick the boxes then select go.


Select features then click GO. To modify your search, check or uncheck the boxes and click GO.


Reset the checkboxes to the default "all selected."

Help Guide

Can't find the sort feature you're looking for? Click here to download a CSV file of the data breach list as it exisits today.

display_id:page_1

display_id:page_1

Breach Total
816,324,756 RECORDS BREACHED
(Please see explanation about this total.)
from 4,517 DATA BREACHES made public since 2005
Date Made Publicsort ascending Name Entity Type
August 15, 2007 Sky Lakes Medical Center, Verus Inc.
Klamath Falls, Oregon
MED DISC

30,000

The company that maintained the hospital's online bill payment system, transferred patient information from one server to another to perform maintenance but didn't take security measures, leaving information such as names, addresses and Social Security numbers exposed.

 
Information Source:
Dataloss DB
records from this breach used in our total: 30,000
August 13, 2007 Pfizer, Axia Ltd.
New York, New York
BSO PORT

950

 (866) 274-3891

Axia Ltd. had notified Pfizer on June 14 of an incident in which two Pfizer laptops were stolen from a locked car. The laptops, which disappeared May 31 in Boston, included the names and Social Security numbers of health-care professionals who were providing or considering providing contract services for Pfizer, according to the letter.

 
Information Source:
Dataloss DB
records from this breach used in our total: 950
August 11, 2007 Providence Alaska Medical Center
Anhorage, Alaska
MED PORT

250

(888) 387-3392

A laptop computer that contains the personal information of patients is missing. On the laptop there maybe names, medical record numbers, dates of birth, patient diagnoses, Social Security numbers and addresses.

 
Information Source:
Dataloss DB
records from this breach used in our total: 250
August 10, 2007 Loyola University
Chicago, Illinois
EDU STAT

5,800

A computer with the Social Security numbers of 58 hundred students was discarded before its hard drive was erased, forcing the school to warn students about potential identify theft.

 
Information Source:
Dataloss DB
records from this breach used in our total: 5,800
August 10, 2007 Legacy Health System
Portland, Oregon
MED INSD

747

(503) 445-9533

A primary care physician practice has discovered the theft of $13,000 in cash and personal data for patients. Patient receipts, credit card transaction slips and checks are also missing, in addition to Social Security numbers and dates of birth for patients.  The investigation indicated it was a dishonest insider.

 
Information Source:
Dataloss DB
records from this breach used in our total: 747
August 9, 2007 Citigroup
Stamford, Connecticut
BSF PORT

519

A laptop was stolen from a third party vendor during an office burglary. The information on the laptop may have included customer names, Social Security numbers, addresses, telephone numbers and email addresses. The information was related to student loans, but did not include financial account information.

 
Information Source:
Dataloss DB
records from this breach used in our total: 519
August 9, 2007 Penson Worldwide
Dallas, Texas
BSF HACK

11

A person or persons breached Penson's computer network security systems on July 30.  User logins, passwords, email addresses, security questions and answers were compromised.

 
Information Source:
Dataloss DB
records from this breach used in our total: 11
August 8, 2007 Yale University
New Haven, Connecticut
EDU STAT

10,200

Social Security numbers for over 10,000 current and former students, faculty and staff were compromised last month following the theft of two University computers

 
Information Source:
Dataloss DB
records from this breach used in our total: 10,200
August 7, 2007 Electronic Data Systems
Montgomery, Alabama
BSO INSD

498

A former employee was arrested this week for allegedly trafficking in stolen identities she received through her work with the company. She obtained the names and identifying information of 498 Alabama Medicaid recipients and subsequently sold 50 of those identities.

 
Information Source:
Dataloss DB
records from this breach used in our total: 498
August 7, 2007 Merrill Lynch
Hopewell, New Jersey
BSF UNKN

33,000

A computer device apparently was stolen containing sensitive personal information, including Social Security numbers, about some 33,000 employees.

 
Information Source:
Dataloss DB
records from this breach used in our total: 33,000
August 7, 2007 Blue Cross Blue Shield North Carolina
Durham, North Carolina
BSF DISC

2,940

Letters were accidentally mailed with subscriber Social Security numbers visible through envelope windows.

 
Information Source:
Dataloss DB
records from this breach used in our total: 2,940
August 6, 2007 Verisign
Mountain View, California
BSO PORT

Unknown

A laptop containing extensive personal information on an undisclosed number of VeriSign employees was stolen from an employee's car. The information included names, addresses, Social Security numbers, dates of birth, telephone numbers, and salary records.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0
August 4, 2007 Kellogg Community Federal Credit Union
Battle Creek, Michigan
BSF STAT

Unknown

A computer containing personal information on an undisclosed number members was stolen. A file containing some members' names, addresses, telephone numbers, birth dates, Social Security numbers and account numbers was on the computer's hard drive.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0
August 3, 2007 WorkCare Orem
Pleasant Grove, Utah
MED PHYS

Unknown

A truck driver found medical documents containing personal information in his truck and on the ground while he picked up a load at a garbage transfer station. The documents contained names, addresses, telephone numbers, Social Security numbers and birth dates.

 
Information Source:
Media
records from this breach used in our total: 0
August 3, 2007 Wabash Valley Correctional Facility
Indianapolis, Indiana
GOV DISC

Unknown

A database containing Social Security numbers, dates of birth and names of people employed at the facility between 1997 and 2002 was unintentionally moved from a secure private drive that was accessible only by the human resources department to a shared directory that could be accessed by other employees here.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0
August 2, 2007 E.On - U.S.(energy services)
Louisville, Kentucky
BSO PORT

Unknown

A laptop with names, Social Security numbers and birth dates of most E.On U.S. employees and some retirees was stolen last month.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0
August 2, 2007 University of Toledo
Toledo, Ohio
EDU STAT

Unknown

(419) 530-4836, (419) 530-3661, (419) 530-1472

Two computers were stolen with hard drives containing student and staff Social Security numbers, names, and grade change information.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0
August 1, 2007 Lifetime Fitness
Dallas, Texas
GOV PHYS

Unknown

Staff had discarded customer records in easily accessible trash cans behind Dallas businesses. Information that was discarded contained names, addresses, Social Security numbers, driver's license numbers and credit card information, as well as the date of birth of several children. Lifetime Fitness is based in Minnesota.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0
July 31, 2007 Textron
Providence, Rhode Island
BSF PORT

500 (No SSNs or financial information reported)

An employee's laptop was stolen.  It contained employee information.  At least 475 New Hampshire and 25 Maine residents were affected, but the total number of affected individuals was not revealed.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0
July 28, 2007 Yuba County Health and Human Services
Yuba County, California
MED PORT

70,000

A laptop stolen from a building contained personally identifiable information of individuals whose cases were opened before May 2001. The laptop was being used as a backup system for the county's computer system. The data include Social Security numbers, birth dates, driver's license numbers and other private information.

 
Information Source:
Dataloss DB
records from this breach used in our total: 70,000
July 27, 2007 City of Virginia Beach, Flexible Benefits Administrators
Virginia Beach, Virginia
GOV INSD

2,000

A former employee allegedly stole Virginia Beach city and school district employees' personal information and used it to commit prescription fraud. Police discovered a list of names and Social Security numbers at the employee's home.

 
Information Source:
Dataloss DB
records from this breach used in our total: 2,000
July 27, 2007 City Harvest
New York, New York
NGO HACK

12,000

 (917) 351-8763

City Harvest is currently investigating a potential improper access of systems that contained credit card information of their donors.

 
Information Source:
Dataloss DB
records from this breach used in our total: 12,000
July 27, 2007 American Education Services, Vista Financial Inc
Harrisburg, Pennsylvania
BSF PORT

5,000

Personal information was on a laptop stolen in a burglary at a subcontractor's headquarters. The information, which was not encrypted, included names, addresses, phone numbers, e-mail addresses and Social Security numbers.

 
Information Source:
Dataloss DB
records from this breach used in our total: 5,000
July 26, 2007 United States Marine Corps, Penn State University
Harrisburg, Pennsylvania
EDU DISC

10,554

Data belonging to 10,554 Marines was “improperly posted” by Penn State University, according to the Marine Corps. Names and Social Security numbers of Marines could be found via Google search engine. Penn State University was under a research contract with the Marine Corps.

 
Information Source:
Dataloss DB
records from this breach used in our total: 10,554
July 25, 2007 Hidalgo County Commissioner's Office
Hidalgo County, Texas
GOV DISC

25

The private medical information, including Social Security numbers and treatment details of people who sought medical assistance from the county was posted on the Hidalgo County Website.

 
Information Source:
Media
records from this breach used in our total: 25
July 25, 2007 Affiliated Computer Services (ACS) Government Systems Inc., Delaware Court Systems
Levington, Kentucky
GOV PORT

2,718

The location listed is an ACS office.  The location of the breach was not reported.

The luggage of an employee of ACS was stolen during airline travel.  The bag contained a hard drive that may have included names, addresses, Social Security numbers and dates of birth.  The information was obtained from the State of Delaware Court System.

 
Information Source:
Dataloss DB
records from this breach used in our total: 2,718
July 24, 2007 St. Vincent Hospital, Verus, Inc.
Indianapolis, Indiana
MED DISC

51,000

Saint Vincent used subcontractor Verus Inc. to set up an online bill payment for patients.  For a "brief" period of time, personal information was left unprotected and available online.  The security lapse compromised names, addresses and Social Security numbers.

 
Information Source:
Dataloss DB
records from this breach used in our total: 51,000
July 23, 2007 Fox News
Los Angeles, California
BSO DISC

1.5 million Not added to total. It does not appear that SSNs or financial account numbers were exposed.

Sensitive information was exposed on the Fox News web server. The security hole allowed hackers to access login information, names, phone numbers, and email addresses.

 
Information Source:
Media
records from this breach used in our total: 0
July 21, 2007 University of Michigan
Ann Arbor, Michigan
EDU HACK

5,500

University databases were hacked. Names, addresses, Social Security numbers, birth dates, and in some cases, the school districts where former students were teaching were exposed.

 
Information Source:
Dataloss DB
records from this breach used in our total: 5,500
July 20, 2007 Science Applications International Corp. (SAIC)
San Diego, California
BSO DISC

867,000

 (703) 676-6533, http://www.saic.com/response/

The Pentagon contractor may have compromised personal information. Information such as names, addresses, birth dates, Social Security numbers and health information about military personnel and their relatives were exposed when the data were not encrypted prior to being transmitted online.

UPDATE (5/05/2012): Though 580,000 households were reported, a total of 867,000 people may have been affected.

 
Information Source:
Dataloss DB
records from this breach used in our total: 867,000
July 19, 2007 Cricket Communications
Omaha, Nebraska
BSO PHYS

300

Documents stolen from store result in loss of 300 credit card numbers.

 
Information Source:
Dataloss DB
records from this breach used in our total: 300
July 19, 2007 Jackson Local Schools
Massillon, Ohio
EDU DISC

1,800

The Social Security numbers of present and former Jackson Local Schools' employees were at risk of public access on a county maintained Web site.

 
Information Source:
Dataloss DB
records from this breach used in our total: 1,800
July 18, 2007 Purdue University
West Lafayette, Indiana
EDU DISC

50

  (866) 605-0013

Files which were no longer in use were discovered on a computer server connected to the Internet. The files contained names and Social Security numbers of students who were enrolled in an industrial engineering course in spring 2002 or fall 2004.

 
Information Source:
Dataloss DB
records from this breach used in our total: 50
July 18, 2007 Connecticut General Assembly Transportation Committee, L.G. Defelice
Hartford, Connecticut
GOV DISC

300

Social Security numbers of former employees of defunct L.G. Defelice Inc. were posted on CT transportation committee website.

 
Information Source:
Dataloss DB
records from this breach used in our total: 300
July 17, 2007 Western Union
Greenwood Village, Colorado
BSF HACK

20,000

Credit card information and names were hacked from a database. The thieves got names, addresses, phone numbers and complete credit-card information.

 
Information Source:
Dataloss DB
records from this breach used in our total: 20,000
July 17, 2007 Louisiana Board of Regents
Baton Rouge, Louisiana
GOV DISC

80,000

Records of students and staff including Social Security numbers,names, and addresses exposed on web.  In all, more than 80,000 names and Social Security numbers were accessible for perhaps as long as two years on an internal Internet site.

 
Information Source:
Dataloss DB
records from this breach used in our total: 80,000
July 17, 2007 Kingston Technology Co.
Fountain Valley, California
BSO HACK

27,000

A security breach may have compromised the names, addresses and credit card details of online customers. Kingston Technology is a computer memory vendor. The breach may have gone undetected for nearly 2 years.

 
Information Source:
Dataloss DB
records from this breach used in our total: 27,000
July 16, 2007 Transportation Security Administration (TSA)
Arlington, Virginia
GOV PORT

100,000

Authorities realized in May a storage device was missing from TSA headquarters. The drive contained historical payroll data, Social Security numbers, dates of birth, addresses, time and leave datas, bank account, routing information, and details about financial allotments and deductions.

 
Information Source:
Media
records from this breach used in our total: 100,000
July 16, 2007 Intergraph Corporation
Huntsville, Alabama
BSR HACK

Unknown

Confidential information about some transactions was accessed without authority by an unknown person or persons via the Internet.  The information may have included name, address, and credit or debit card number and expiration date, in addition to shipping address and in some cases, a separate credit card address.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0
July 15, 2007 Westminster College
Salt Lake City, Utah
EDU DISC

100

Names of students, former and current were printed in two files along with each student's Social Security number. The files were on a student Web server used by Westminster students.

 
Information Source:
Media
records from this breach used in our total: 100
July 13, 2007 City of Encinitas
Encinitas, California
GOV DISC

1,200

(760) 633-2788

Credit card or checking account information and addresses of people who had enrolled in Encinitas' youth recreation programs was inadvertently posted on the city's Web site.

 
Information Source:
Dataloss DB
records from this breach used in our total: 1,200
July 13, 2007 Metropolitan St. Louis Sewer District
St.Louis, Missouri
GOV INSD

1,600

A employee had downloaded Social Security numbers of current or former district employees to a home computer. The Social Security numbers were part of a computer file the district uses to make sure workers get the proper pay.

 
Information Source:
Dataloss DB
records from this breach used in our total: 1,600
July 11, 2007 South County Hospital
South Kingstown, Rhode Island
MED PHYS

79

Paperwork containing personal details from customers was left in a briefcase inside a car that was stolen. That batch of paperwork contained details including names, addresses, Social Security numbers, phone numbers and a summary of hospital accounts.

 
Information Source:
Dataloss DB
records from this breach used in our total: 79
July 11, 2007 Texas A&M University
Corpus Christi, Texas
EDU PHYS

49

College of Business officials are investigating a faculty member for the misplacement of a business law class roster containing the names and Social Security numbers of students.

 
Information Source:
Media
records from this breach used in our total: 49
July 11, 2007 Disney Movie Club, Alta Resources, McNeil-PPC Inc
Neenah, Wisconsin
BSO INSD

Unknown

A contract employee stole an unknown number of credit card numbers. Credit-card information was sold by an employee of a Disney contractor to a federal agent as part of an undercover sting operation.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0
July 9, 2007 Girl Scouts Mile Hi
Denver, Colorado
NGO PORT

Unknown

Tapes stolen from a car held personal information from a membership database, including names, addresses, phone numbers. A very limited number of credit card numbers and Social Security numbers were included in the stolen data from the camp and event registration database.

 
Information Source:
Media
records from this breach used in our total: 0
July 7, 2007 Cuyahoga County Dept. of Development
Cleveland, Ohio
GOV PORT

3,000

Names and Social Security numbers on memory stick stolen in carjacking.

 
Information Source:
Dataloss DB
records from this breach used in our total: 3,000
July 5, 2007 Highland University
Las Vegas, New Mexico
EDU UNKN

420

A building on the campus had been broken into, and the affected offices might have contained such personal information as Social Security numbers, credit card and bank account information.

 
Information Source:
Dataloss DB
records from this breach used in our total: 420
July 3, 2007 Fidelity National Information Services/Certegy Check Services Inc.
Jacksonville, Florida
BSF INSD

8,500,000

A worker at one of the company's subsidiaries (Certegy Check Services, Inc.) stole customer records containing credit card, bank account and other personal information.
UPDATE (8/27/07):
The company first estimated that about 2.3 million records were affected but quickly boosted that number to 8.5 million in filings with the U.S. Securities and Exchange Commission. A California law firm has filed a class-action suit charging Fidelity National Information Services (FIS) and one of its subsidiaries with negligence in connection with a data breach.
UPDATE (11/23/07): A former database analyst at Certegy Check Services Inc., has agreed to enter a guilty plea to federal fraud and conspiracy charges in connection with the theft of data.
UPDATE (7/7/08):A man has been sentenced to four years and nine months in jail and fined US $3.2 million for his part in the theft of consumer records from Certegy Check Services.
UPDATE (7/7/08): A new settlement provides that all class members whose personal or financial information was stolen can get compensated up to $20,000 if they were not reimbursed for certain identity theft losses caused by the data theft. The losses covered could have occurred from Aug. 24, 1998, to Dec. 31, 2010. www.datasettlement.com
UPDATE (4/26/10): As part of a class action settlement in U.S. District Court in Tampa, consumers were given the opportunity to elect credit monitoring for one year or bank account monitoring for two years and were able to seek reimbursement of certain out-of-pocket costs incurred or identity theft expenses. Consumers also were able to request credit monitoring at the company's expense immediately after the thefts were announced. The settlement with the Attorney General's office ensures that Certegy will maintain a comprehensive information-security program. This program will assess internal and external risks to consumers' personal information, implement safeguards to protect that consumer information, and will regularly monitor and test the effectiveness of those safeguards. Certegy and its related entities also agree to adhere to payment card industry data security standards as those standards continue to evolve. As part of the settlement, Certegy is donating $125,000 to the Attorney General's Seniors vs. Crime Program for educational, investigative and crime prevention programs for the benefit of senior citizens and the community and will pay $850,000 for the state's investigative costs and attorney's fees related to the case.

 
Information Source:
Dataloss DB
records from this breach used in our total: 8,500,000
June 29, 2007 Harrison County Schools
Charleston, West Virginia
EDU STAT

Unknown

Several computers that contained the personal information, including Social Security numbers, of several Harrison County school employees were stolen. Workers Comp claims between January of 2001 and February of 2007 are at risk.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0
Breach Total
816,324,756 RECORDS BREACHED
(Please see explanation about this total.)
from 4,517 DATA BREACHES made public since 2005

Pages

Showing 3601-3650 of 4517 results