Chronology of Data Breaches
Security Breaches 2005 - Present

Posted Date: April 20, 2005
Updated Date: December 31, 2013

Is this your first visit to our Chronology of Data Breaches?

  • Read our FAQ about what we define as a breached record, how we calculate the "total" records breached, our data sources, state breach notice laws, studies and other resources

  • Learn how to use our Chronology and take advantage of its sophisticated search and sort features

  • Get our RSS Feed to see when we add new breaches to the list

What would you like to do?

Chronology of Data Breaches

Custom Sort
Select your desired results. Then click "Go!"

Click or unclick the boxes then select go.


Select features, then click GO.



Help Guide

Can't find the sort feature you're looking for? Click here to download a CSV file of the data breach list as it exisits today.
Breach Total
815,842,526 RECORDS BREACHED
(Please see explanation about this total.)
from 4,488 DATA BREACHES made public since 2005

Save or Print PDF of Entire Breach List including introduction.Save or Print a PDF of Entire Breach List (including introductory FAQ)

Filter breach list before saving or printing PDF. Conduct a search of the Chronology using its sorting features, and Save or Print a PDF of your search results (Select filters)

If you do not have access to PDF, you can print the Chronology in landscape view.

Date Made Publicsort icon Name Entity Type
March 27, 2007 St. Mary Parish Schools
Centerville, Louisiana
EDU DISC

380

Personal information including Social Security numbers of St. Mary Parish public school employees was available on the Internet when a Yahoo!Web crawler infiltrated the server of the school's technology department.

 
Information Source:
Dataloss DB
records from this breach used in our total: 380

March 26, 2007 Fort Monroe
Fort Monroe, Virginia
GOV PORT

16,000

A laptop computer containing the names, Social Security numbers and payroll information for as many as 16,000 civilian employees was stolen from an employee's personal vehicle. Bank account and bank routing information were not included.  People who work at the U.S. Army Training and Doctrine Command were affected.

 
Information Source:
Dataloss DB
records from this breach used in our total: 16,000

March 26, 2007 United Subcontractors Inc.
Edina, Minnesota
BSO PORT

123

The theft occurred in New Jersey.

Three jump drives and a laptop were stolen from the trunk of a rental car.  The names, Social Security numbers, and dates of birth of employees may have been exposed.

 
Information Source:
Dataloss DB
records from this breach used in our total: 123

March 23, 2007 Group Health Cooperative Health Care System
Seattle, Washington
MED PORT

31,000

http://www.ghc.org/news/news.jhtml?reposid=/common/news/news/20070323-missing_laptops.html

Two laptops containing names, addresses, Social Security numbers and Group Health ID numbers of local patients and employees have been reported missing.

 
Information Source:
Dataloss DB
records from this breach used in our total: 31,000

March 23, 2007 Swedish Urology Group
Seattle, Washington
MED PORT

Unknown

Three computer hard drives with personal files on hundreds of patients, doctors, and staff were stolen.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

March 23, 2007 New York Institute of Technology
Old Westbury, New York
EDU DISC

256

A file with the names, Social Security numbers, addresses, dates of birth, degree types and majors of former NYIT students was posted on NYIT's website.  The information was not accessible via the NYIT website, but could be found through an Internet search.

 
Information Source:
Dataloss DB
records from this breach used in our total: 256

March 23, 2007 Homeland Funding Solutions Inc.
Cranston, Rhode Island
BSF STAT

Unknown

Two laptops and 13 desktop computers were stolen from the main office of Homeland Funding Solutions, Inc. over the weekend of March 17. Loan information that had been sent via email may have been on the hard drives of the stolen computers.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

March 20, 2007 Tax Service Plus
Santa Rosa, California
BSF STAT

4,000

Thieves stole the company's backup computer, which contained financial data on thousands of tax returns dating back three years.

 
Information Source:
Dataloss DB
records from this breach used in our total: 4,000

March 20, 2007 Sungard
Malvern, Pennsylvania
BSR PORT

3,560

A laptop was stolen from an employee's car.  It contained the names and Social Security numbers of employees.  Around 1,700 employees had their bank transfer ABA number and account number exposed, and about 100 had their credit card number exposed.

 
Information Source:
Dataloss DB
records from this breach used in our total: 3,560

March 19, 2007 Science Applications International Corp. (SAIC)
Boise, Idaho
BSO PHYS

Unknown

Barrels filled with thousands of sensitive documents including printed copies of e-mail and performance evaluations along with documents marked “internal use only – not for public release” and “for official use only” were found on the curb outside of SAIC's local office.

 
Information Source:
Media
records from this breach used in our total: 0

March 19, 2007 Pitney Bowes
Stamford, Connecticut
BSF PORT

83

An employee's laptop was stolen from her home on or around March 2.  The laptop may have contained employee names and Social Security numbers.

 
Information Source:
Dataloss DB
records from this breach used in our total: 83

March 19, 2007 Electronic Data Systems Corp. (EDS)
Sacramento, California
BSF PORT

30

An EDS employee working on a project involving processing workers' compensation related medical bills for Fireman's Fund had his laptop stolen from his car on January 19. Names and Social Security numbers were exposed.

 
Information Source:
Dataloss DB
records from this breach used in our total: 30

March 16, 2007 Springfield City Schools, Ohio State Auditor
Springfield, Ohio
EDU PORT

1,950

http://www.spr.k12.oh.us/, http://www.spr.k12.oh.us./ourboard/treasdocs/notificationofDataTheft.pdf

A laptop containing personal information of current and former employees of Springfield City Schools including their names and Social Security numbers was stolen from a state auditor employee's vehicle while parked at home in a garage.

 
Information Source:
Dataloss DB
records from this breach used in our total: 1,950

March 16, 2007 Henry Schein, Financial Services, Inc., ChoiceHealth Leasing
Chicago, Illinois
BSF PORT

340

A laptop was stolen from a Henry Schein agent during a trade show in Chicago, IL. The laptop may have contained the names and Social Security numbers of people who had a leasing or loan transaction with Choice Health Leasing were affected.

 
Information Source:
Dataloss DB
records from this breach used in our total: 340

March 16, 2007 Laser Pros International Corp
Rhinelander, Wisconsin
BSO HACK

434

Someone gained access to transaction data from the Laser Pros website.  Customer names, addresses, email addresses, credit card numbers and security codes for credit cards may have been accessed.  Some customers reported fraudulent charges.  The total number of credit cards accessed was 434, though customers may have had multiple credit cards.

 
Information Source:
Dataloss DB
records from this breach used in our total: 434

March 14, 2007 WellPoint's Empire Blue Cross and Blue Shield unit in NY
Indianapolis, Indiana
MED PORT

75,000

800-293-3443

An unencrypted disc containing patient's names, Social Security numbers, health plan identification numbers and description of medical services back to 2003 was lost en route to a subcontractor.

UPDATE (3/14/07): The subcontrator reported that the CD that was reported missing on Feb. 9 has been found.

 
Information Source:
Dataloss DB
records from this breach used in our total: 75,000

March 13, 2007 U.S. Department of Agriculture (USDA)
Washington, District Of Columbia
GOV UNKN

Unknown

http://www.usda.gov/oig/webdocs/50501-8-FM.pdf

A total of 95 USDA computers were lost or stolen between Oct. 1, 2005, and May 31, 2006. Some may have contained personal information such as names, addresses, Social Security numbers and payment information. Two-thirds of the computers contained unencrypted data.

 
Information Source:
Media
records from this breach used in our total: 0

March 13, 2007 The New Teachers Project
New Orleans, Louisiana
NGO PORT

Unknown

The January 13 theft of a laptop exposed personal information of current and former practitioner teachers. The laptop was stolen from an office. It contained names, Social Security numbers, addresses and telephone numbers. Seven New York residents were affected, but the number of affected employees nationwide was not revealed.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

March 12, 2007 Dai Nippon
,
BSO INSD

Unknown

The incident occurred outside of the U.S. and the companies affected were not disclosed.

A former contract worker of a Japanese commercial printing company stole nearly 9 million pieces of private data on customers from 43 clients, including U.S. companies. The stolen data includes confidential information such as names, addresses and credit card numbers intended for use in direct mailing and other printing services. Customers of U.S.-based American Home Assurance Co. and Toyota Motor were affected.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

March 10, 2007 University of Idaho
Moscow, Idaho
EDU DISC

2,700

888-900-3783

A data file posted to the school's Web site contained personal information including names, birthdates and Social Security numbers of University employees.

 
Information Source:
Dataloss DB
records from this breach used in our total: 2,700

March 9, 2007 California National Guard
Sacramento, California
GOV PORT

1,300

A computer hard drive containing Social Security numbers, home addresses, birth dates and other identifying information of California National Guard troops deployed to the U.S.-Mexico border was stolen.

 
Information Source:
Dataloss DB
records from this breach used in our total: 1,300

March 7, 2007 Los Rios Community College
Sacramento, California
EDU DISC

2,000

Student information including Social Security numbers were accessible on the Internet after the school used actual data to test a new online application process in October.

 
Information Source:
Dataloss DB
records from this breach used in our total: 2,000

March 7, 2007 U.S. Census Bureau
Washington, District Of Columbia
GOV DISC

302 households

http://www.census.gov/Press-Release/www/releases/archives/miscellaneous/009732.html

Personal information of 302 households including names, addresses, phone numbers, birth dates and family income ranges were posted on a public Internet site multiple times over a five-month period from October 2006 to Feb. 15, 2007 when Census employees working from home tested new software records.

 
Information Source:
Dataloss DB
records from this breach used in our total: 302

March 7, 2007 Right Media Inc.
New York, New York
BSO HACK

34

An unauthorized person or persons accessed the computer system.  Customer names, Social Security numbers, email addresses, addresses and employee ID numbers may have been accessed.  

 
Information Source:
Dataloss DB
records from this breach used in our total: 34

March 7, 2007 North Carolina Department of Correction
Raleigh, North Carolina
GOV PHYS

16 (No SSNs or financial information reported)

Paper documents with sensitive information were thrown into the trash and may have been recovered by an inmate working as a janitor.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

March 7, 2007 Eastern Suffolk BOCES
Patchogue, New York
GOV HACK 1,500
A file server in the Eastern Suffolk BOCES computer area was hacked. Data from the Free and Reduced Lunch Database was compromised. The names of parents and children, Social Security numbers, addresses, home and work phone numbers, salary information and income information that were related to the program may have been accessed.  
Information Source:
Dataloss DB
records from this breach used in our total: 1,500

March 3, 2007 Metropolitan State College of Denver
Denver, Colorado
EDU PORT

988

http://www.mscd.edu/securityalert/, 866-737-6622

A faculty member's laptop computer that contained the names and Social Security numbers of former students was stolen from its docking station on campus.

 
Information Source:
Dataloss DB
records from this breach used in our total: 988

March 3, 2007 Johnny's Selected Seeds
Winslow, Maine
BSR HACK

11,500

Hacker accessed credit card account information of online customers. About 20 credit cards have been used fraudulently.

 
Information Source:
Dataloss DB
records from this breach used in our total: 11,500

March 2, 2007 California Department of Health Services
Sacramento, California
GOV DISC

54

http://www.cchealth.org/press_releases/dhs_breach_03_2007.php, http://www.applications.dhs.ca.gov/pressreleases/store/PressReleases/07-...

Benefit notification letters containing names addresses, Medicare Part D plan names and premium payment amounts of some individuals enrolled in the California AIDS Drug Assistance Program (ADAP) were erroneously mailed to another enrollee.

 
Information Source:
Media
records from this breach used in our total: 54

March 1, 2007 Westerly Hospital
Westerly, Rhode Island
MED DISC

2,200

Patient names, Social Security numbers, contact information as well as insurance information were posted on a publicly-accessible Web site.

 
Information Source:
Dataloss DB
records from this breach used in our total: 2,200

February 28, 2007 Gulf Coast Medical Center
Tallahassee, Florida
MED PORT

8,000

Patient information including names and Social Security numbers were compromised when a computer went missing in February in Tallahassee, FL. A very similar and previously uncovered breach happened in November of 2006.

 
Information Source:
Dataloss DB
records from this breach used in our total: 8,000

February 28, 2007 Gulf Coast Medical Center
Nashville, Tennessee
MED PORT

1,900

Patient information including names and Social Security numbers were compromised when a computer went missing in November 2006 from Nashville, TN. This breach drew media attention when an additional 8,000 patients' information was compromised during a February 2007 breach in Tallahassee, FL.

 
Information Source:
Dataloss DB
records from this breach used in our total: 1,900

February 28, 2007 First Advantage SBS
Saint Petersburg, Florida
BSO HACK

Unknown

Subscriber user-IDs and passwords were compromised. Unauthorized individuals may have accessed names, Social Security numbers, addresses and other information related to employment credit reports. At least 11 New York residents were affected by this breach, but the total number of affected individuals nationwide was not revealed.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

February 27, 2007 CBCInnovis Inc., Hudiburg Chevrolet
Midwest City, Oklahoma
BSR UNKN

138

An unauthorized person gained access to Hudiburg Chevrolet's CBCInnovis account. The person or persons would have been able to obtain customer names, Social Security numbers, addresses and credit information.

 
Information Source:
Dataloss DB
records from this breach used in our total: 138

February 23, 2007 Rabun Apparel Inc., former subsidiary of Fruit of the Loom
Rabun Gap, Georgia
BSR DISC

1,006

Names and Social Security numbers of former employees were accessible on the Internet from Jan. 15 until Feb. 20.

 
Information Source:
Dataloss DB
records from this breach used in our total: 1,006

February 23, 2007 ADC Telecommunications Inc., Flex Compensation
St. Louis Park, Minnesota
BSR PORT

63,400

A laptop was stolen from ADC's benefits administrator. Current and former employee names, Social Security numbers, bank account numbers, dates of birth, addresses and other private information were on the laptop.  It is not clear if employees from other companies that use Flex Compensation for benefits administration are among the 63,400 affected individuals.

 
Information Source:
Dataloss DB
records from this breach used in our total: 63,400

February 22, 2007 Speedmark
Woodlands, Texas
BSO STAT

35,000

Thieves stole several computers, one of which contained a database with personally identifying information including names, addresses, e-mail accounts, and Social Security numbers of Speedmark's mystery shopper employees and contractors.

 
Information Source:
Dataloss DB
records from this breach used in our total: 35,000

February 21, 2007 Georgia Institute of Technology
Atlanta, Georgia
EDU HACK

3,000

404-894-2499, hr@gatech.edu

Personal information of former employees mostly in the School of Electrical and Computer Engineering including name, address, Social Security number, other sensitive information, and about 400 state purchasing card numbers, were compromised by unauthorized access to a Georgia Tech computer account.

 
Information Source:
Dataloss DB
records from this breach used in our total: 3,000

February 21, 2007 Fidelity Investments, Dairy Farmers of America
,
BSF PORT

69

A Fidelity laptop used by a former Fidelity employee was discarded and recovered by a non-affiliated person. The employee had taken the laptop home after believing it had been decommissioned from business use by Fidelity. Participants and beneficiaries of participants in the Dairy Farmers of America Defined Benefit plan had their names and Social Security numbers exposed. At least 69 New York residents were affected by the breach, but the total number of affected individuals nationwide was not revealed.

 
Information Source:
Dataloss DB
records from this breach used in our total: 69

February 20, 2007 Back and Joint Institute of Texas
San Antonio, Texas
MED PHYS

Unknown

Twenty boxes containing Social Security numbers, photocopies of driver's license numbers, addresses, phone numbers and private medical history of chiropractic patients were found in a dumpster.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

February 20, 2007 Credit Suisse
New York, New York
BSF DISC

3,000

Documents with confidential details of loan applicants were mistakenly posted online.  The documents are routinely posted online without personal information.  Applicant names, Social Security numbers, addresses, monthly incomes and credit scores were exposed.  The exposure first occurred on March 15, 2006.

 
Information Source:
Dataloss DB
records from this breach used in our total: 3,000

February 19, 2007 Seton Healthcare Network
North Austin, Texas
MED PORT

7,800

A laptop with uninsured patients' names, birth dates and Social Security numbers was stolen last week from the Seton hospital system. The uninsured patients had gone to Seton emergency rooms and city health clinics since July 1, 2005.

 
Information Source:
Dataloss DB
records from this breach used in our total: 7,800

February 19, 2007 Clarksville-Montgomery County middle and high schools
Clarksville, Tennessee
EDU DISC

633

Staff and faculty Social Security numbers, used as employee identification numbers, were embedded in file photos by the company that took yearbook pictures and inadvertently placed in a search engine on school system's Web site.

 
Information Source:
Dataloss DB
records from this breach used in our total: 633

February 19, 2007 Stop & Shop Supermarkets
Quincy, Massachusetts
BSR CARD

Unknown

Additional locations: Southern Massachusetts and Rhode Island.  (877) 366-2668

Credit and debit card account information including PIN numbers was stolen by high-tech thieves who apparently broke into checkout-line card readers and PIN pads and tampered with them.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

February 19, 2007 Social Security Administration (SSA)
Milwaukee, Wisconsin
GOV PHYS

13

Files of disability applicants containing Social Security numbers, addresses, phone numbers of family members, dates of birth, work history, and detailed medical information were lost/stolen when a telecommuting employee abandoned them in a locked filing cabinet at home after a threat of domestic violence. Several of the files were mailed back to the local SSA office. Others were found in a dumpster months later.  Four were never recovered.

 
Information Source:
Media
records from this breach used in our total: 13

February 17, 2007 Albany Medical Center
Albany, New York
MED PORT

12,000 (Unknown number of SSNs)

A laptop was stolen from the Employee Health Services center.  It contained software used to track information required for N95 fit testing at Albany Med.  Staff names and Social Security numbers were also exposed.  Anyone who had N95 fit testing at Albany Med between January 2005 and February 2007 may have had their personal information exposed.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

February 16, 2007 Brunswick Corp.
Lake Forrest, Illinois
BSR HACK

5,100

An unauthorized person obtained access to employee information stored on Brunswick's computer systems. Names, Social Security numbers and addresses may have been exposed during the April incident.

 
Information Source:
Dataloss DB
records from this breach used in our total: 5,100

February 15, 2007 City College of San Francisco
San Francisco, California
EDU DISC

11,000 students

 (800) 436-0108, www.ccsf.edu/securityalert

Names, grades, and SSNs were posted on an unprotected Web site after summer session in 1999. CCSF stopped using SSNs as studens IDs in 2002.

 
Information Source:
Dataloss DB
records from this breach used in our total: 11,000

February 15, 2007 The Professional Education Institute
Burr Ridge, Illinois
EDU DISC

34

Customer information was accidentally exposed online because of a data encryption lapse. The Social Security numbers and dates of birth of some customers were viewable on the Millionaire Elite Website. Two New Hampshire, three Maine and 29 New York residents were affected by the breach. The total number of individuals affected nationwide was not revealed.

 
Information Source:
Dataloss DB
records from this breach used in our total: 34

February 14, 2007 Kaiser Medical Center
Oakland, California
MED PORT

22,000 patients, but apparently only 500 records contained SSNs

(866) 529-0779

A doctor's laptop was stolen from the Medical Center containing medical information of 22,000 patients. But only 500 records contained SSNs.

 
Information Source:
Dataloss DB
records from this breach used in our total: 500

Breach Total
815,842,526 RECORDS BREACHED
(Please see explanation about this total.)
from 4,488 DATA BREACHES made public since 2005
Showing 3751-3800 of 4488 results


X

Sign In!

Loading