Chronology of Data Breaches
Security Breaches 2005 - Present

Posted Date: April 20, 2005
Updated Date: December 31, 2013

Is this your first visit to our Chronology of Data Breaches?

  • Read our FAQ about what we define as a breached record, how we calculate the "total" records breached, our data sources, state breach notice laws, studies and other resources

  • Learn how to use our Chronology and take advantage of its sophisticated search and sort features

  • Get our RSS Feed to see when we add new breaches to the list

What would you like to do?

Chronology of Data Breaches

Custom Sort
Select your desired results. Then click "Go!"

Click or unclick the boxes then select go.


Select features, then click GO.



Help Guide

Can't find the sort feature you're looking for? Click here to download a CSV file of the data breach list as it exisits today.

display_id:page_1

display_id:page_1

Breach Total
816,044,152 RECORDS BREACHED
(Please see explanation about this total.)
from 4,503 DATA BREACHES made public since 2005
Date Made Publicsort ascending Name Entity Type
August 4, 2007 Kellogg Community Federal Credit Union
Battle Creek, Michigan
BSF STAT

Unknown

A computer containing personal information on an undisclosed number members was stolen. A file containing some members' names, addresses, telephone numbers, birth dates, Social Security numbers and account numbers was on the computer's hard drive.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0
August 3, 2007 WorkCare Orem
Pleasant Grove, Utah
MED PHYS

Unknown

A truck driver found medical documents containing personal information in his truck and on the ground while he picked up a load at a garbage transfer station. The documents contained names, addresses, telephone numbers, Social Security numbers and birth dates.

 
Information Source:
Media
records from this breach used in our total: 0
August 3, 2007 Wabash Valley Correctional Facility
Indianapolis, Indiana
GOV DISC

Unknown

A database containing Social Security numbers, dates of birth and names of people employed at the facility between 1997 and 2002 was unintentionally moved from a secure private drive that was accessible only by the human resources department to a shared directory that could be accessed by other employees here.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0
August 2, 2007 E.On - U.S.(energy services)
Louisville, Kentucky
BSO PORT

Unknown

A laptop with names, Social Security numbers and birth dates of most E.On U.S. employees and some retirees was stolen last month.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0
August 2, 2007 University of Toledo
Toledo, Ohio
EDU STAT

Unknown

(419) 530-4836, (419) 530-3661, (419) 530-1472

Two computers were stolen with hard drives containing student and staff Social Security numbers, names, and grade change information.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0
August 1, 2007 Lifetime Fitness
Dallas, Texas
GOV PHYS

Unknown

Staff had discarded customer records in easily accessible trash cans behind Dallas businesses. Information that was discarded contained names, addresses, Social Security numbers, driver's license numbers and credit card information, as well as the date of birth of several children. Lifetime Fitness is based in Minnesota.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0
July 31, 2007 Textron
Providence, Rhode Island
BSF PORT

500 (No SSNs or financial information reported)

An employee's laptop was stolen.  It contained employee information.  At least 475 New Hampshire and 25 Maine residents were affected, but the total number of affected individuals was not revealed.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0
July 28, 2007 Yuba County Health and Human Services
Yuba County, California
MED PORT

70,000

A laptop stolen from a building contained personally identifiable information of individuals whose cases were opened before May 2001. The laptop was being used as a backup system for the county's computer system. The data include Social Security numbers, birth dates, driver's license numbers and other private information.

 
Information Source:
Dataloss DB
records from this breach used in our total: 70,000
July 27, 2007 City of Virginia Beach, Flexible Benefits Administrators
Virginia Beach, Virginia
GOV INSD

2,000

A former employee allegedly stole Virginia Beach city and school district employees' personal information and used it to commit prescription fraud. Police discovered a list of names and Social Security numbers at the employee's home.

 
Information Source:
Dataloss DB
records from this breach used in our total: 2,000
July 27, 2007 City Harvest
New York, New York
NGO HACK

12,000

 (917) 351-8763

City Harvest is currently investigating a potential improper access of systems that contained credit card information of their donors.

 
Information Source:
Dataloss DB
records from this breach used in our total: 12,000
July 27, 2007 American Education Services, Vista Financial Inc
Harrisburg, Pennsylvania
BSF PORT

5,000

Personal information was on a laptop stolen in a burglary at a subcontractor's headquarters. The information, which was not encrypted, included names, addresses, phone numbers, e-mail addresses and Social Security numbers.

 
Information Source:
Dataloss DB
records from this breach used in our total: 5,000
July 26, 2007 United States Marine Corps, Penn State University
Harrisburg, Pennsylvania
EDU DISC

10,554

Data belonging to 10,554 Marines was “improperly posted” by Penn State University, according to the Marine Corps. Names and Social Security numbers of Marines could be found via Google search engine. Penn State University was under a research contract with the Marine Corps.

 
Information Source:
Dataloss DB
records from this breach used in our total: 10,554
July 25, 2007 Hidalgo County Commissioner's Office
Hidalgo County, Texas
GOV DISC

25

The private medical information, including Social Security numbers and treatment details of people who sought medical assistance from the county was posted on the Hidalgo County Website.

 
Information Source:
Media
records from this breach used in our total: 25
July 25, 2007 Affiliated Computer Services (ACS) Government Systems Inc., Delaware Court Systems
Levington, Kentucky
GOV PORT

2,718

The location listed is an ACS office.  The location of the breach was not reported.

The luggage of an employee of ACS was stolen during airline travel.  The bag contained a hard drive that may have included names, addresses, Social Security numbers and dates of birth.  The information was obtained from the State of Delaware Court System.

 
Information Source:
Dataloss DB
records from this breach used in our total: 2,718
July 24, 2007 St. Vincent Hospital, Verus, Inc.
Indianapolis, Indiana
MED DISC

51,000

Saint Vincent used subcontractor Verus Inc. to set up an online bill payment for patients.  For a "brief" period of time, personal information was left unprotected and available online.  The security lapse compromised names, addresses and Social Security numbers.

 
Information Source:
Dataloss DB
records from this breach used in our total: 51,000
July 23, 2007 Fox News
Los Angeles, California
BSO DISC

1.5 million Not added to total. It does not appear that SSNs or financial account numbers were exposed.

Sensitive information was exposed on the Fox News web server. The security hole allowed hackers to access login information, names, phone numbers, and email addresses.

 
Information Source:
Media
records from this breach used in our total: 0
July 21, 2007 University of Michigan
Ann Arbor, Michigan
EDU HACK

5,500

University databases were hacked. Names, addresses, Social Security numbers, birth dates, and in some cases, the school districts where former students were teaching were exposed.

 
Information Source:
Dataloss DB
records from this breach used in our total: 5,500
July 20, 2007 Science Applications International Corp. (SAIC)
San Diego, California
BSO DISC

867,000

 (703) 676-6533, http://www.saic.com/response/

The Pentagon contractor may have compromised personal information. Information such as names, addresses, birth dates, Social Security numbers and health information about military personnel and their relatives were exposed when the data were not encrypted prior to being transmitted online.

UPDATE (5/05/2012): Though 580,000 households were reported, a total of 867,000 people may have been affected.

 
Information Source:
Dataloss DB
records from this breach used in our total: 867,000
July 19, 2007 Cricket Communications
Omaha, Nebraska
BSO PHYS

300

Documents stolen from store result in loss of 300 credit card numbers.

 
Information Source:
Dataloss DB
records from this breach used in our total: 300
July 19, 2007 Jackson Local Schools
Massillon, Ohio
EDU DISC

1,800

The Social Security numbers of present and former Jackson Local Schools' employees were at risk of public access on a county maintained Web site.

 
Information Source:
Dataloss DB
records from this breach used in our total: 1,800
July 18, 2007 Purdue University
West Lafayette, Indiana
EDU DISC

50

  (866) 605-0013

Files which were no longer in use were discovered on a computer server connected to the Internet. The files contained names and Social Security numbers of students who were enrolled in an industrial engineering course in spring 2002 or fall 2004.

 
Information Source:
Dataloss DB
records from this breach used in our total: 50
July 18, 2007 Connecticut General Assembly Transportation Committee, L.G. Defelice
Hartford, Connecticut
GOV DISC

300

Social Security numbers of former employees of defunct L.G. Defelice Inc. were posted on CT transportation committee website.

 
Information Source:
Dataloss DB
records from this breach used in our total: 300
July 17, 2007 Western Union
Greenwood Village, Colorado
BSF HACK

20,000

Credit card information and names were hacked from a database. The thieves got names, addresses, phone numbers and complete credit-card information.

 
Information Source:
Dataloss DB
records from this breach used in our total: 20,000
July 17, 2007 Louisiana Board of Regents
Baton Rouge, Louisiana
GOV DISC

80,000

Records of students and staff including Social Security numbers,names, and addresses exposed on web.  In all, more than 80,000 names and Social Security numbers were accessible for perhaps as long as two years on an internal Internet site.

 
Information Source:
Dataloss DB
records from this breach used in our total: 80,000
July 17, 2007 Kingston Technology Co.
Fountain Valley, California
BSO HACK

27,000

A security breach may have compromised the names, addresses and credit card details of online customers. Kingston Technology is a computer memory vendor. The breach may have gone undetected for nearly 2 years.

 
Information Source:
Dataloss DB
records from this breach used in our total: 27,000
July 16, 2007 Transportation Security Administration (TSA)
Arlington, Virginia
GOV PORT

100,000

Authorities realized in May a storage device was missing from TSA headquarters. The drive contained historical payroll data, Social Security numbers, dates of birth, addresses, time and leave datas, bank account, routing information, and details about financial allotments and deductions.

 
Information Source:
Media
records from this breach used in our total: 100,000
July 16, 2007 Intergraph Corporation
Huntsville, Alabama
BSR HACK

Unknown

Confidential information about some transactions was accessed without authority by an unknown person or persons via the Internet.  The information may have included name, address, and credit or debit card number and expiration date, in addition to shipping address and in some cases, a separate credit card address.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0
July 15, 2007 Westminster College
Salt Lake City, Utah
EDU DISC

100

Names of students, former and current were printed in two files along with each student's Social Security number. The files were on a student Web server used by Westminster students.

 
Information Source:
Media
records from this breach used in our total: 100
July 13, 2007 City of Encinitas
Encinitas, California
GOV DISC

1,200

(760) 633-2788

Credit card or checking account information and addresses of people who had enrolled in Encinitas' youth recreation programs was inadvertently posted on the city's Web site.

 
Information Source:
Dataloss DB
records from this breach used in our total: 1,200
July 13, 2007 Metropolitan St. Louis Sewer District
St.Louis, Missouri
GOV INSD

1,600

A employee had downloaded Social Security numbers of current or former district employees to a home computer. The Social Security numbers were part of a computer file the district uses to make sure workers get the proper pay.

 
Information Source:
Dataloss DB
records from this breach used in our total: 1,600
July 11, 2007 South County Hospital
South Kingstown, Rhode Island
MED PHYS

79

Paperwork containing personal details from customers was left in a briefcase inside a car that was stolen. That batch of paperwork contained details including names, addresses, Social Security numbers, phone numbers and a summary of hospital accounts.

 
Information Source:
Dataloss DB
records from this breach used in our total: 79
July 11, 2007 Texas A&M University
Corpus Christi, Texas
EDU PHYS

49

College of Business officials are investigating a faculty member for the misplacement of a business law class roster containing the names and Social Security numbers of students.

 
Information Source:
Media
records from this breach used in our total: 49
July 11, 2007 Disney Movie Club, Alta Resources, McNeil-PPC Inc
Neenah, Wisconsin
BSO INSD

Unknown

A contract employee stole an unknown number of credit card numbers. Credit-card information was sold by an employee of a Disney contractor to a federal agent as part of an undercover sting operation.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0
July 9, 2007 Girl Scouts Mile Hi
Denver, Colorado
NGO PORT

Unknown

Tapes stolen from a car held personal information from a membership database, including names, addresses, phone numbers. A very limited number of credit card numbers and Social Security numbers were included in the stolen data from the camp and event registration database.

 
Information Source:
Media
records from this breach used in our total: 0
July 7, 2007 Cuyahoga County Dept. of Development
Cleveland, Ohio
GOV PORT

3,000

Names and Social Security numbers on memory stick stolen in carjacking.

 
Information Source:
Dataloss DB
records from this breach used in our total: 3,000
July 5, 2007 Highland University
Las Vegas, New Mexico
EDU UNKN

420

A building on the campus had been broken into, and the affected offices might have contained such personal information as Social Security numbers, credit card and bank account information.

 
Information Source:
Dataloss DB
records from this breach used in our total: 420
July 3, 2007 Fidelity National Information Services/Certegy Check Services Inc.
Jacksonville, Florida
BSF INSD

8,500,000

A worker at one of the company's subsidiaries (Certegy Check Services, Inc.) stole customer records containing credit card, bank account and other personal information.
UPDATE (8/27/07):
The company first estimated that about 2.3 million records were affected but quickly boosted that number to 8.5 million in filings with the U.S. Securities and Exchange Commission. A California law firm has filed a class-action suit charging Fidelity National Information Services (FIS) and one of its subsidiaries with negligence in connection with a data breach.
UPDATE (11/23/07): A former database analyst at Certegy Check Services Inc., has agreed to enter a guilty plea to federal fraud and conspiracy charges in connection with the theft of data.
UPDATE (7/7/08):A man has been sentenced to four years and nine months in jail and fined US $3.2 million for his part in the theft of consumer records from Certegy Check Services.
UPDATE (7/7/08): A new settlement provides that all class members whose personal or financial information was stolen can get compensated up to $20,000 if they were not reimbursed for certain identity theft losses caused by the data theft. The losses covered could have occurred from Aug. 24, 1998, to Dec. 31, 2010. www.datasettlement.com
UPDATE (4/26/10): As part of a class action settlement in U.S. District Court in Tampa, consumers were given the opportunity to elect credit monitoring for one year or bank account monitoring for two years and were able to seek reimbursement of certain out-of-pocket costs incurred or identity theft expenses. Consumers also were able to request credit monitoring at the company's expense immediately after the thefts were announced. The settlement with the Attorney General's office ensures that Certegy will maintain a comprehensive information-security program. This program will assess internal and external risks to consumers' personal information, implement safeguards to protect that consumer information, and will regularly monitor and test the effectiveness of those safeguards. Certegy and its related entities also agree to adhere to payment card industry data security standards as those standards continue to evolve. As part of the settlement, Certegy is donating $125,000 to the Attorney General's Seniors vs. Crime Program for educational, investigative and crime prevention programs for the benefit of senior citizens and the community and will pay $850,000 for the state's investigative costs and attorney's fees related to the case.

 
Information Source:
Dataloss DB
records from this breach used in our total: 8,500,000
June 29, 2007 Harrison County Schools
Charleston, West Virginia
EDU STAT

Unknown

Several computers that contained the personal information, including Social Security numbers, of several Harrison County school employees were stolen. Workers Comp claims between January of 2001 and February of 2007 are at risk.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0
June 27, 2007 Milwaukee PC
Milwaukee, Wisconsin
BSR DISC

65,000

(414) 258-2275

Credit card information for 65,000 was possibly compromised. A service center noticed a file in their server and was concerned that file could contain customers' credit card numbers and personal information.

 
Information Source:
Dataloss DB
records from this breach used in our total: 65,000
June 27, 2007 Bowling Green State University
Bowling Green, Ohio
EDU PORT

199

Lost storage device contained Social Security numbers, and names of 199 former students.

 
Information Source:
Dataloss DB
records from this breach used in our total: 199
June 27, 2007 University of California, Davis
Davis, California
EDU HACK

1,120

deansoffice@vetmed.ucdavis.edu

Computer-security safeguards were breached.  Compromised information included the applicants' names, birth dates and, in most cases, Social Security numbers.

 
Information Source:
Dataloss DB
records from this breach used in our total: 1,120
June 25, 2007 Fresno County
Fresno, California
GOV PORT

10,000

(559) 453-6450

A disk containing information pertaining to thousands of home health-care workers -- including their names, addresses and Social Security numbers -- was lost when it was shipped to a software vendor's office in San Jose, CA.

 
Information Source:
Dataloss DB
records from this breach used in our total: 10,000
June 25, 2007 UnitedHealthCare
Trumbull, Connecticut
MED INSD

17,000

A former employee had the names, Social Security numbers, dates of birth and addresses of about 127 members. The employee is believed to have participated in fraudulent activity and may have accessed approximately 17,000 members' information during the final 2 1/2 years of his or her employment.

 
Information Source:
Dataloss DB
records from this breach used in our total: 17,000
June 23, 2007 Winn-Dixie
Pascagoula, Mississippi
MED PHYS

Unknown

Pharmacy documents were found behind a closed Winn-Dixie grocery store, containing telephone numbers, Social Security numbers and addresses of thousands of individuals. Apparently when the grocery store/pharmacy closed, employees put bundles of documents outside to be picked up. However, they were never retrieved.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0
June 22, 2007 Texas First Bank
Texas City, Texas
BSF PORT

4,000

Information such as account numbers, Social Security numbers, names and addresses may have been stored on a stolen laptop computer during a car theft in Dallas.

 
Information Source:
Dataloss DB
records from this breach used in our total: 4,000
June 20, 2007 American Airlines
Fort Worth, Texas
BSO DISC

365

Personal information including Social Security numbers of pilots and other employees at American Airlines, including the chief executive, was exposed on a company Web site.

 
Information Source:
Dataloss DB
records from this breach used in our total: 365
June 20, 2007 University Community Hospital
Tampa, Florida
MED DISC

Unknown

A parent says his son should never have received bills in the mail for a pre-employment drug screening visit.  Additionally, he received information about 17 others who were also tested, including Social Security numbers.

 
Information Source:
Media
records from this breach used in our total: 0
June 18, 2007 Parisexposed.com
Bellevue, Washington
BSO DISC

750

Investigation by The Smoking Gun Web site said that by changing a few characters on the web page URL it was possible to see the subscriber's name, email address, password, phone number, mailing address and credit card number.

 
Information Source:
Dataloss DB
records from this breach used in our total: 750
June 18, 2007 Shamokin Area School District
Coal Township, Pennsylvania
EDU DISC

Unknown

A local newspaper employee gained unauthorized access to the Shamokin Area School District's computer database. It is the same system that stores students' personal information, including Social Security numbers. That newspaper employee brought the security flaw to the attention of school officials.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0
June 18, 2007 Texas A&M University
Corpus Christi, Texas
EDU PORT

8,000

A professor vacationing off the coast of Africa took data with him on a small computer storage device which was lost or stolen. It is thought to contains SSNs and dates of birth for students enrolled in the spring, summer and fall semesters of 2006

 
Information Source:
Dataloss DB
records from this breach used in our total: 8,000
Breach Total
816,044,152 RECORDS BREACHED
(Please see explanation about this total.)
from 4,503 DATA BREACHES made public since 2005

Pages

Showing 3601-3650 of 4503 results