Chronology of Data Breaches
Security Breaches 2005 - Present

Posted Date: April 20, 2005
Updated Date: December 31, 2013

Is this your first visit to our Chronology of Data Breaches?

  • Read our FAQ about what we define as a breached record, how we calculate the "total" records breached, our data sources, state breach notice laws, studies and other resources

  • Learn how to use our Chronology and take advantage of its sophisticated search and sort features

  • Get our RSS Feed to see when we add new breaches to the list

What would you like to do?

Chronology of Data Breaches

Custom Sort
Select your desired results. Then click "Go!"

Click or unclick the boxes then select go.


Select features, then click GO.



Help Guide

Can't find the sort feature you're looking for? Click here to download a CSV file of the data breach list as it exisits today.
Breach Total
815,842,526 RECORDS BREACHED
(Please see explanation about this total.)
from 4,495 DATA BREACHES made public since 2005

Save or Print PDF of Entire Breach List including introduction.Save or Print a PDF of Entire Breach List (including introductory FAQ)

Filter breach list before saving or printing PDF. Conduct a search of the Chronology using its sorting features, and Save or Print a PDF of your search results (Select filters)

If you do not have access to PDF, you can print the Chronology in landscape view.

Date Made Publicsort icon Name Entity Type
July 27, 2007 City of Virginia Beach, Flexible Benefits Administrators
Virginia Beach, Virginia
GOV INSD

2,000

A former employee allegedly stole Virginia Beach city and school district employees' personal information and used it to commit prescription fraud. Police discovered a list of names and Social Security numbers at the employee's home.

 
Information Source:
Dataloss DB
records from this breach used in our total: 2,000

July 27, 2007 City Harvest
New York, New York
NGO HACK

12,000

 (917) 351-8763

City Harvest is currently investigating a potential improper access of systems that contained credit card information of their donors.

 
Information Source:
Dataloss DB
records from this breach used in our total: 12,000

July 27, 2007 American Education Services, Vista Financial Inc
Harrisburg, Pennsylvania
BSF PORT

5,000

Personal information was on a laptop stolen in a burglary at a subcontractor's headquarters. The information, which was not encrypted, included names, addresses, phone numbers, e-mail addresses and Social Security numbers.

 
Information Source:
Dataloss DB
records from this breach used in our total: 5,000

July 26, 2007 United States Marine Corps, Penn State University
Harrisburg, Pennsylvania
EDU DISC

10,554

Data belonging to 10,554 Marines was “improperly posted” by Penn State University, according to the Marine Corps. Names and Social Security numbers of Marines could be found via Google search engine. Penn State University was under a research contract with the Marine Corps.

 
Information Source:
Dataloss DB
records from this breach used in our total: 10,554

July 25, 2007 Hidalgo County Commissioner's Office
Hidalgo County, Texas
GOV DISC

25

The private medical information, including Social Security numbers and treatment details of people who sought medical assistance from the county was posted on the Hidalgo County Website.

 
Information Source:
Media
records from this breach used in our total: 25

July 25, 2007 Affiliated Computer Services (ACS) Government Systems Inc., Delaware Court Systems
Levington, Kentucky
GOV PORT

2,718

The location listed is an ACS office.  The location of the breach was not reported.

The luggage of an employee of ACS was stolen during airline travel.  The bag contained a hard drive that may have included names, addresses, Social Security numbers and dates of birth.  The information was obtained from the State of Delaware Court System.

 
Information Source:
Dataloss DB
records from this breach used in our total: 2,718

July 24, 2007 St. Vincent Hospital, Verus, Inc.
Indianapolis, Indiana
MED DISC

51,000

Saint Vincent used subcontractor Verus Inc. to set up an online bill payment for patients.  For a "brief" period of time, personal information was left unprotected and available online.  The security lapse compromised names, addresses and Social Security numbers.

 
Information Source:
Dataloss DB
records from this breach used in our total: 51,000

July 23, 2007 Fox News
Los Angeles, California
BSO DISC

1.5 million Not added to total. It does not appear that SSNs or financial account numbers were exposed.

Sensitive information was exposed on the Fox News web server. The security hole allowed hackers to access login information, names, phone numbers, and email addresses.

 
Information Source:
Media
records from this breach used in our total: 0

July 21, 2007 University of Michigan
Ann Arbor, Michigan
EDU HACK

5,500

University databases were hacked. Names, addresses, Social Security numbers, birth dates, and in some cases, the school districts where former students were teaching were exposed.

 
Information Source:
Dataloss DB
records from this breach used in our total: 5,500

July 20, 2007 Science Applications International Corp. (SAIC)
San Diego, California
BSO DISC

867,000

 (703) 676-6533, http://www.saic.com/response/

The Pentagon contractor may have compromised personal information. Information such as names, addresses, birth dates, Social Security numbers and health information about military personnel and their relatives were exposed when the data were not encrypted prior to being transmitted online.

UPDATE (5/05/2012): Though 580,000 households were reported, a total of 867,000 people may have been affected.

 
Information Source:
Dataloss DB
records from this breach used in our total: 867,000

July 19, 2007 Cricket Communications
Omaha, Nebraska
BSO PHYS

300

Documents stolen from store result in loss of 300 credit card numbers.

 
Information Source:
Dataloss DB
records from this breach used in our total: 300

July 19, 2007 Jackson Local Schools
Massillon, Ohio
EDU DISC

1,800

The Social Security numbers of present and former Jackson Local Schools' employees were at risk of public access on a county maintained Web site.

 
Information Source:
Dataloss DB
records from this breach used in our total: 1,800

July 18, 2007 Purdue University
West Lafayette, Indiana
EDU DISC

50

  (866) 605-0013

Files which were no longer in use were discovered on a computer server connected to the Internet. The files contained names and Social Security numbers of students who were enrolled in an industrial engineering course in spring 2002 or fall 2004.

 
Information Source:
Dataloss DB
records from this breach used in our total: 50

July 18, 2007 Connecticut General Assembly Transportation Committee, L.G. Defelice
Hartford, Connecticut
GOV DISC

300

Social Security numbers of former employees of defunct L.G. Defelice Inc. were posted on CT transportation committee website.

 
Information Source:
Dataloss DB
records from this breach used in our total: 300

July 17, 2007 Western Union
Greenwood Village, Colorado
BSF HACK

20,000

Credit card information and names were hacked from a database. The thieves got names, addresses, phone numbers and complete credit-card information.

 
Information Source:
Dataloss DB
records from this breach used in our total: 20,000

July 17, 2007 Louisiana Board of Regents
Baton Rouge, Louisiana
GOV DISC

80,000

Records of students and staff including Social Security numbers,names, and addresses exposed on web.  In all, more than 80,000 names and Social Security numbers were accessible for perhaps as long as two years on an internal Internet site.

 
Information Source:
Dataloss DB
records from this breach used in our total: 80,000

July 17, 2007 Kingston Technology Co.
Fountain Valley, California
BSO HACK

27,000

A security breach may have compromised the names, addresses and credit card details of online customers. Kingston Technology is a computer memory vendor. The breach may have gone undetected for nearly 2 years.

 
Information Source:
Dataloss DB
records from this breach used in our total: 27,000

July 16, 2007 Transportation Security Administration (TSA)
Arlington, Virginia
GOV PORT

100,000

Authorities realized in May a storage device was missing from TSA headquarters. The drive contained historical payroll data, Social Security numbers, dates of birth, addresses, time and leave datas, bank account, routing information, and details about financial allotments and deductions.

 
Information Source:
Media
records from this breach used in our total: 100,000

July 16, 2007 Intergraph Corporation
Huntsville, Alabama
BSR HACK

Unknown

Confidential information about some transactions was accessed without authority by an unknown person or persons via the Internet.  The information may have included name, address, and credit or debit card number and expiration date, in addition to shipping address and in some cases, a separate credit card address.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

July 15, 2007 Westminster College
Salt Lake City, Utah
EDU DISC

100

Names of students, former and current were printed in two files along with each student's Social Security number. The files were on a student Web server used by Westminster students.

 
Information Source:
Media
records from this breach used in our total: 100

July 13, 2007 City of Encinitas
Encinitas, California
GOV DISC

1,200

(760) 633-2788

Credit card or checking account information and addresses of people who had enrolled in Encinitas' youth recreation programs was inadvertently posted on the city's Web site.

 
Information Source:
Dataloss DB
records from this breach used in our total: 1,200

July 13, 2007 Metropolitan St. Louis Sewer District
St.Louis, Missouri
GOV INSD

1,600

A employee had downloaded Social Security numbers of current or former district employees to a home computer. The Social Security numbers were part of a computer file the district uses to make sure workers get the proper pay.

 
Information Source:
Dataloss DB
records from this breach used in our total: 1,600

July 11, 2007 South County Hospital
South Kingstown, Rhode Island
MED PHYS

79

Paperwork containing personal details from customers was left in a briefcase inside a car that was stolen. That batch of paperwork contained details including names, addresses, Social Security numbers, phone numbers and a summary of hospital accounts.

 
Information Source:
Dataloss DB
records from this breach used in our total: 79

July 11, 2007 Texas A&M University
Corpus Christi, Texas
EDU PHYS

49

College of Business officials are investigating a faculty member for the misplacement of a business law class roster containing the names and Social Security numbers of students.

 
Information Source:
Media
records from this breach used in our total: 49

July 11, 2007 Disney Movie Club, Alta Resources, McNeil-PPC Inc
Neenah, Wisconsin
BSO INSD

Unknown

A contract employee stole an unknown number of credit card numbers. Credit-card information was sold by an employee of a Disney contractor to a federal agent as part of an undercover sting operation.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

July 9, 2007 Girl Scouts Mile Hi
Denver, Colorado
NGO PORT

Unknown

Tapes stolen from a car held personal information from a membership database, including names, addresses, phone numbers. A very limited number of credit card numbers and Social Security numbers were included in the stolen data from the camp and event registration database.

 
Information Source:
Media
records from this breach used in our total: 0

July 7, 2007 Cuyahoga County Dept. of Development
Cleveland, Ohio
GOV PORT

3,000

Names and Social Security numbers on memory stick stolen in carjacking.

 
Information Source:
Dataloss DB
records from this breach used in our total: 3,000

July 5, 2007 Highland University
Las Vegas, New Mexico
EDU UNKN

420

A building on the campus had been broken into, and the affected offices might have contained such personal information as Social Security numbers, credit card and bank account information.

 
Information Source:
Dataloss DB
records from this breach used in our total: 420

July 3, 2007 Fidelity National Information Services/Certegy Check Services Inc.
Jacksonville, Florida
BSF INSD

8,500,000

A worker at one of the company's subsidiaries (Certegy Check Services, Inc.) stole customer records containing credit card, bank account and other personal information.
UPDATE (8/27/07):
The company first estimated that about 2.3 million records were affected but quickly boosted that number to 8.5 million in filings with the U.S. Securities and Exchange Commission. A California law firm has filed a class-action suit charging Fidelity National Information Services (FIS) and one of its subsidiaries with negligence in connection with a data breach.
UPDATE (11/23/07): A former database analyst at Certegy Check Services Inc., has agreed to enter a guilty plea to federal fraud and conspiracy charges in connection with the theft of data.
UPDATE (7/7/08):A man has been sentenced to four years and nine months in jail and fined US $3.2 million for his part in the theft of consumer records from Certegy Check Services.
UPDATE (7/7/08): A new settlement provides that all class members whose personal or financial information was stolen can get compensated up to $20,000 if they were not reimbursed for certain identity theft losses caused by the data theft. The losses covered could have occurred from Aug. 24, 1998, to Dec. 31, 2010. www.datasettlement.com
UPDATE (4/26/10): As part of a class action settlement in U.S. District Court in Tampa, consumers were given the opportunity to elect credit monitoring for one year or bank account monitoring for two years and were able to seek reimbursement of certain out-of-pocket costs incurred or identity theft expenses. Consumers also were able to request credit monitoring at the company's expense immediately after the thefts were announced. The settlement with the Attorney General's office ensures that Certegy will maintain a comprehensive information-security program. This program will assess internal and external risks to consumers' personal information, implement safeguards to protect that consumer information, and will regularly monitor and test the effectiveness of those safeguards. Certegy and its related entities also agree to adhere to payment card industry data security standards as those standards continue to evolve. As part of the settlement, Certegy is donating $125,000 to the Attorney General's Seniors vs. Crime Program for educational, investigative and crime prevention programs for the benefit of senior citizens and the community and will pay $850,000 for the state's investigative costs and attorney's fees related to the case.

 
Information Source:
Dataloss DB
records from this breach used in our total: 8,500,000

June 29, 2007 Harrison County Schools
Charleston, West Virginia
EDU STAT

Unknown

Several computers that contained the personal information, including Social Security numbers, of several Harrison County school employees were stolen. Workers Comp claims between January of 2001 and February of 2007 are at risk.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

June 27, 2007 Milwaukee PC
Milwaukee, Wisconsin
BSR DISC

65,000

(414) 258-2275

Credit card information for 65,000 was possibly compromised. A service center noticed a file in their server and was concerned that file could contain customers' credit card numbers and personal information.

 
Information Source:
Dataloss DB
records from this breach used in our total: 65,000

June 27, 2007 Bowling Green State University
Bowling Green, Ohio
EDU PORT

199

Lost storage device contained Social Security numbers, and names of 199 former students.

 
Information Source:
Dataloss DB
records from this breach used in our total: 199

June 27, 2007 University of California, Davis
Davis, California
EDU HACK

1,120

deansoffice@vetmed.ucdavis.edu

Computer-security safeguards were breached.  Compromised information included the applicants' names, birth dates and, in most cases, Social Security numbers.

 
Information Source:
Dataloss DB
records from this breach used in our total: 1,120

June 25, 2007 Fresno County
Fresno, California
GOV PORT

10,000

(559) 453-6450

A disk containing information pertaining to thousands of home health-care workers -- including their names, addresses and Social Security numbers -- was lost when it was shipped to a software vendor's office in San Jose, CA.

 
Information Source:
Dataloss DB
records from this breach used in our total: 10,000

June 25, 2007 UnitedHealthCare
Trumbull, Connecticut
MED INSD

17,000

A former employee had the names, Social Security numbers, dates of birth and addresses of about 127 members. The employee is believed to have participated in fraudulent activity and may have accessed approximately 17,000 members' information during the final 2 1/2 years of his or her employment.

 
Information Source:
Dataloss DB
records from this breach used in our total: 17,000

June 23, 2007 Winn-Dixie
Pascagoula, Mississippi
MED PHYS

Unknown

Pharmacy documents were found behind a closed Winn-Dixie grocery store, containing telephone numbers, Social Security numbers and addresses of thousands of individuals. Apparently when the grocery store/pharmacy closed, employees put bundles of documents outside to be picked up. However, they were never retrieved.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

June 22, 2007 Texas First Bank
Texas City, Texas
BSF PORT

4,000

Information such as account numbers, Social Security numbers, names and addresses may have been stored on a stolen laptop computer during a car theft in Dallas.

 
Information Source:
Dataloss DB
records from this breach used in our total: 4,000

June 20, 2007 American Airlines
Fort Worth, Texas
BSO DISC

365

Personal information including Social Security numbers of pilots and other employees at American Airlines, including the chief executive, was exposed on a company Web site.

 
Information Source:
Dataloss DB
records from this breach used in our total: 365

June 20, 2007 University Community Hospital
Tampa, Florida
MED DISC

Unknown

A parent says his son should never have received bills in the mail for a pre-employment drug screening visit.  Additionally, he received information about 17 others who were also tested, including Social Security numbers.

 
Information Source:
Media
records from this breach used in our total: 0

June 18, 2007 Parisexposed.com
Bellevue, Washington
BSO DISC

750

Investigation by The Smoking Gun Web site said that by changing a few characters on the web page URL it was possible to see the subscriber's name, email address, password, phone number, mailing address and credit card number.

 
Information Source:
Dataloss DB
records from this breach used in our total: 750

June 18, 2007 Shamokin Area School District
Coal Township, Pennsylvania
EDU DISC

Unknown

A local newspaper employee gained unauthorized access to the Shamokin Area School District's computer database. It is the same system that stores students' personal information, including Social Security numbers. That newspaper employee brought the security flaw to the attention of school officials.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

June 18, 2007 Texas A&M University
Corpus Christi, Texas
EDU PORT

8,000

A professor vacationing off the coast of Africa took data with him on a small computer storage device which was lost or stolen. It is thought to contains SSNs and dates of birth for students enrolled in the spring, summer and fall semesters of 2006

 
Information Source:
Dataloss DB
records from this breach used in our total: 8,000

June 15, 2007 Ohio state workers
Columbus, Ohio
GOV PORT

1,000,000

(888) 644-6648(taped-message), (877) 742-5622 (Ohio Consumers' Counsel) or (800) 267-4474

A backup computer storage device with the names and Social Security numbers of every state worker was stolen out of a state intern's car. The tape, which was stolen in June, contains personally identifiable information of nearly 84,000 current and former Ohio state employees and more than 47,000 state taxpayers.

UPDATE (6/20/07) : The storage device also had the names and Social Security numbers of 225,000 taxpayers.

UPDATE (6/22/07) : Previous news stories reported smaller amounts, but the most recent news story shows 500,000.

UPDATE (7/12/07) The State of Ohio increased the data theft estiamte to one million.

 
Information Source:
Dataloss DB
records from this breach used in our total: 1,000,000

June 14, 2007 Division of Workforce Services
Salt Lake City, Utah
GOV UNKN

20,000

(801) 281-1267

Children's Social Security numbers are believed to have been compromised by identity thieves.

 
Information Source:
Media
records from this breach used in our total: 20,000

June 14, 2007 Hamburger Hamlet Restaurant
Los Angeles, California
BSO INSD

40

Former waitress made off with the credit or debit card numbers of at least half a dozen patrons - and possibly as many as 40. Already, about $16,300 in unauthorized charges have been linked to the scam.

 
Information Source:
Media
records from this breach used in our total: 40

June 14, 2007 Georgia Tech University
Atlanta, Georgia
EDU DISC

23,000 Not included in Total because it's not clear SSNs or account numbers were exposed.

An electronic file containing the personal information of current and former Georgia Tech students was exposed briefly.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

June 14, 2007 Lynchburg City
Lynchburg, Virginia
GOV DISC

1,200 Not included in total because it's not clear SSNs or account numbers were exposed.

Personal information of Lynchburg city employees and retirees was accidentally posted on the city's website among that information employee's prescription medications.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

June 11, 2007 Pfizer
New York, New York
BSO DISC

17,000

866-274-3891

Installation of certain file sharing software on a Pfizer laptop, exposed files containing names, Social Security numbers, addresses and bonus information of present and former Pfizer colleagues. Investigation revealed that certain files containing data were accessed and copied.

 
Information Source:
Dataloss DB
records from this breach used in our total: 17,000

June 11, 2007 Grand Valley State University
Allendale, Michigan
EDU PORT

3,000

Jann Joseph (616) 331-2110

A flash drive containing confidential information was stolen. Social Security numbers of current and former students were on the flash drive, stolen from the English department.

 
Information Source:
Dataloss DB
records from this breach used in our total: 3,000

June 9, 2007 Concord Hospital, Verus Inc.
Concord, New Hampshire
MED DISC

9,297

Contact mhanna@cmonitor.com for more information.

Patient names, addresses, dates of birth and Social Security numbers were exposed on the internet for a period of time.  A subcontractor names Verus that handles Concord's online billing was responsible for the breach.

UPDATE (6/20/07): The Washington-based company that managed Concord's online billing system was fired. Hospital officials now are asking for an audit to verify that Verus Incorporated has removed all of its patient information from its servers.

 
Information Source:
Dataloss DB
records from this breach used in our total: 9,297

Breach Total
815,842,526 RECORDS BREACHED
(Please see explanation about this total.)
from 4,495 DATA BREACHES made public since 2005
Showing 3601-3650 of 4495 results


X

Sign In!

Loading