Chronology of Data Breaches
Security Breaches 2005 - Present

Posted Date: April 20, 2005
Updated Date: December 31, 2013

Is this your first visit to our Chronology of Data Breaches?

  • Read our FAQ about what we define as a breached record, how we calculate the "total" records breached, our data sources, state breach notice laws, studies and other resources

  • Learn how to use our Chronology and take advantage of its sophisticated search and sort features

  • Get our RSS Feed to see when we add new breaches to the list

What would you like to do?

Chronology of Data Breaches

Custom Sort
Select your desired results. Then click "Go!"

Click or unclick the boxes then select go.


Select features then click GO. To modify your search, check or uncheck the boxes and click GO.


Reset the checkboxes to the default "all selected."

Help Guide

Can't find the sort feature you're looking for? Click here to download a CSV file of the data breach list as it exisits today.

display_id:page_1

display_id:page_1

Breach Total
816,324,756 RECORDS BREACHED
(Please see explanation about this total.)
from 4,517 DATA BREACHES made public since 2005
Date Made Publicsort ascending Name Entity Type
March 7, 2007 Right Media Inc.
New York, New York
BSO HACK

34

An unauthorized person or persons accessed the computer system.  Customer names, Social Security numbers, email addresses, addresses and employee ID numbers may have been accessed.  

 
Information Source:
Dataloss DB
records from this breach used in our total: 34
March 7, 2007 North Carolina Department of Correction
Raleigh, North Carolina
GOV PHYS

16 (No SSNs or financial information reported)

Paper documents with sensitive information were thrown into the trash and may have been recovered by an inmate working as a janitor.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0
March 7, 2007 Eastern Suffolk BOCES
Patchogue, New York
GOV HACK 1,500
A file server in the Eastern Suffolk BOCES computer area was hacked. Data from the Free and Reduced Lunch Database was compromised. The names of parents and children, Social Security numbers, addresses, home and work phone numbers, salary information and income information that were related to the program may have been accessed.  
Information Source:
Dataloss DB
records from this breach used in our total: 1,500
March 3, 2007 Metropolitan State College of Denver
Denver, Colorado
EDU PORT

988

http://www.mscd.edu/securityalert/, 866-737-6622

A faculty member's laptop computer that contained the names and Social Security numbers of former students was stolen from its docking station on campus.

 
Information Source:
Dataloss DB
records from this breach used in our total: 988
March 3, 2007 Johnny's Selected Seeds
Winslow, Maine
BSR HACK

11,500

Hacker accessed credit card account information of online customers. About 20 credit cards have been used fraudulently.

 
Information Source:
Dataloss DB
records from this breach used in our total: 11,500
March 2, 2007 California Department of Health Services
Sacramento, California
GOV DISC

54

http://www.cchealth.org/press_releases/dhs_breach_03_2007.php, http://www.applications.dhs.ca.gov/pressreleases/store/PressReleases/07-17%20breach%20of%20personal%20information.html

Benefit notification letters containing names addresses, Medicare Part D plan names and premium payment amounts of some individuals enrolled in the California AIDS Drug Assistance Program (ADAP) were erroneously mailed to another enrollee.

 
Information Source:
Media
records from this breach used in our total: 54
March 1, 2007 Westerly Hospital
Westerly, Rhode Island
MED DISC

2,200

Patient names, Social Security numbers, contact information as well as insurance information were posted on a publicly-accessible Web site.

 
Information Source:
Dataloss DB
records from this breach used in our total: 2,200
February 28, 2007 Gulf Coast Medical Center
Tallahassee, Florida
MED PORT

8,000

Patient information including names and Social Security numbers were compromised when a computer went missing in February in Tallahassee, FL. A very similar and previously uncovered breach happened in November of 2006.

 
Information Source:
Dataloss DB
records from this breach used in our total: 8,000
February 28, 2007 Gulf Coast Medical Center
Nashville, Tennessee
MED PORT

1,900

Patient information including names and Social Security numbers were compromised when a computer went missing in November 2006 from Nashville, TN. This breach drew media attention when an additional 8,000 patients' information was compromised during a February 2007 breach in Tallahassee, FL.

 
Information Source:
Dataloss DB
records from this breach used in our total: 1,900
February 28, 2007 First Advantage SBS
Saint Petersburg, Florida
BSO HACK

Unknown

Subscriber user-IDs and passwords were compromised. Unauthorized individuals may have accessed names, Social Security numbers, addresses and other information related to employment credit reports. At least 11 New York residents were affected by this breach, but the total number of affected individuals nationwide was not revealed.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0
February 27, 2007 CBCInnovis Inc., Hudiburg Chevrolet
Midwest City, Oklahoma
BSR UNKN

138

An unauthorized person gained access to Hudiburg Chevrolet's CBCInnovis account. The person or persons would have been able to obtain customer names, Social Security numbers, addresses and credit information.

 
Information Source:
Dataloss DB
records from this breach used in our total: 138
February 23, 2007 Rabun Apparel Inc., former subsidiary of Fruit of the Loom
Rabun Gap, Georgia
BSR DISC

1,006

Names and Social Security numbers of former employees were accessible on the Internet from Jan. 15 until Feb. 20.

 
Information Source:
Dataloss DB
records from this breach used in our total: 1,006
February 23, 2007 ADC Telecommunications Inc., Flex Compensation
St. Louis Park, Minnesota
BSR PORT

63,400

A laptop was stolen from ADC's benefits administrator. Current and former employee names, Social Security numbers, bank account numbers, dates of birth, addresses and other private information were on the laptop.  It is not clear if employees from other companies that use Flex Compensation for benefits administration are among the 63,400 affected individuals.

 
Information Source:
Dataloss DB
records from this breach used in our total: 63,400
February 22, 2007 Speedmark
Woodlands, Texas
BSO STAT

35,000

Thieves stole several computers, one of which contained a database with personally identifying information including names, addresses, e-mail accounts, and Social Security numbers of Speedmark's mystery shopper employees and contractors.

 
Information Source:
Dataloss DB
records from this breach used in our total: 35,000
February 21, 2007 Georgia Institute of Technology
Atlanta, Georgia
EDU HACK

3,000

404-894-2499, hr@gatech.edu

Personal information of former employees mostly in the School of Electrical and Computer Engineering including name, address, Social Security number, other sensitive information, and about 400 state purchasing card numbers, were compromised by unauthorized access to a Georgia Tech computer account.

 
Information Source:
Dataloss DB
records from this breach used in our total: 3,000
February 21, 2007 Fidelity Investments, Dairy Farmers of America
,
BSF PORT

69

A Fidelity laptop used by a former Fidelity employee was discarded and recovered by a non-affiliated person. The employee had taken the laptop home after believing it had been decommissioned from business use by Fidelity. Participants and beneficiaries of participants in the Dairy Farmers of America Defined Benefit plan had their names and Social Security numbers exposed. At least 69 New York residents were affected by the breach, but the total number of affected individuals nationwide was not revealed.

 
Information Source:
Dataloss DB
records from this breach used in our total: 69
February 20, 2007 Back and Joint Institute of Texas
San Antonio, Texas
MED PHYS

Unknown

Twenty boxes containing Social Security numbers, photocopies of driver's license numbers, addresses, phone numbers and private medical history of chiropractic patients were found in a dumpster.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0
February 20, 2007 Credit Suisse
New York, New York
BSF DISC

3,000

Documents with confidential details of loan applicants were mistakenly posted online.  The documents are routinely posted online without personal information.  Applicant names, Social Security numbers, addresses, monthly incomes and credit scores were exposed.  The exposure first occurred on March 15, 2006.

 
Information Source:
Dataloss DB
records from this breach used in our total: 3,000
February 19, 2007 Seton Healthcare Network
North Austin, Texas
MED PORT

7,800

A laptop with uninsured patients' names, birth dates and Social Security numbers was stolen last week from the Seton hospital system. The uninsured patients had gone to Seton emergency rooms and city health clinics since July 1, 2005.

 
Information Source:
Dataloss DB
records from this breach used in our total: 7,800
February 19, 2007 Clarksville-Montgomery County middle and high schools
Clarksville, Tennessee
EDU DISC

633

Staff and faculty Social Security numbers, used as employee identification numbers, were embedded in file photos by the company that took yearbook pictures and inadvertently placed in a search engine on school system's Web site.

 
Information Source:
Dataloss DB
records from this breach used in our total: 633
February 19, 2007 Stop & Shop Supermarkets
Quincy, Massachusetts
BSR CARD

Unknown

Additional locations: Southern Massachusetts and Rhode Island.  (877) 366-2668

Credit and debit card account information including PIN numbers was stolen by high-tech thieves who apparently broke into checkout-line card readers and PIN pads and tampered with them.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0
February 19, 2007 Social Security Administration (SSA)
Milwaukee, Wisconsin
GOV PHYS

13

Files of disability applicants containing Social Security numbers, addresses, phone numbers of family members, dates of birth, work history, and detailed medical information were lost/stolen when a telecommuting employee abandoned them in a locked filing cabinet at home after a threat of domestic violence. Several of the files were mailed back to the local SSA office. Others were found in a dumpster months later.  Four were never recovered.

 
Information Source:
Media
records from this breach used in our total: 13
February 17, 2007 Albany Medical Center
Albany, New York
MED PORT

12,000 (Unknown number of SSNs)

A laptop was stolen from the Employee Health Services center.  It contained software used to track information required for N95 fit testing at Albany Med.  Staff names and Social Security numbers were also exposed.  Anyone who had N95 fit testing at Albany Med between January 2005 and February 2007 may have had their personal information exposed.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0
February 16, 2007 Brunswick Corp.
Lake Forrest, Illinois
BSR HACK

5,100

An unauthorized person obtained access to employee information stored on Brunswick's computer systems. Names, Social Security numbers and addresses may have been exposed during the April incident.

 
Information Source:
Dataloss DB
records from this breach used in our total: 5,100
February 15, 2007 City College of San Francisco
San Francisco, California
EDU DISC

11,000 students

 (800) 436-0108, www.ccsf.edu/securityalert

Names, grades, and SSNs were posted on an unprotected Web site after summer session in 1999. CCSF stopped using SSNs as studens IDs in 2002.

 
Information Source:
Dataloss DB
records from this breach used in our total: 11,000
February 15, 2007 The Professional Education Institute
Burr Ridge, Illinois
EDU DISC

34

Customer information was accidentally exposed online because of a data encryption lapse. The Social Security numbers and dates of birth of some customers were viewable on the Millionaire Elite Website. Two New Hampshire, three Maine and 29 New York residents were affected by the breach. The total number of individuals affected nationwide was not revealed.

 
Information Source:
Dataloss DB
records from this breach used in our total: 34
February 14, 2007 Kaiser Medical Center
Oakland, California
MED PORT

22,000 patients, but apparently only 500 records contained SSNs

(866) 529-0779

A doctor's laptop was stolen from the Medical Center containing medical information of 22,000 patients. But only 500 records contained SSNs.

 
Information Source:
Dataloss DB
records from this breach used in our total: 500
February 14, 2007 Iowa Department of Education
Des Moines , Iowa
GOV HACK

600

Up to 600 files of G.E.D. recipients were viewed when the online database was hacked. Files included names, addresses, birthdates, and SSNs of G.E.D. graduates from 1965 to 2002.

 
Information Source:
Dataloss DB
records from this breach used in our total: 600
February 14, 2007 Conneticut Office of the State Comptroller
Hartford, Connecticut
GOV DISC

1,753

Personal information of state employees including names and Social Security numbers was inadvertently posted on the Internet in a spreadsheet of vendors used by the state.

 
Information Source:
Dataloss DB
records from this breach used in our total: 1,753
February 10, 2007 State of Indiana Official Website www.IN.gov
Indianapolis, Indiana
GOV HACK

76,600

  (888) 438-8397, Email: securityconcerns @www.IN.gov

A hacker gained access to the State Web site and obtained credit card numbers of individuals who had used the site's online services and gained access to Social Security numbers for 71,000 healthcare workers and 5,600 individuals and businesses.

UPDATE (3/22/07): Investigators have identified a teen they believe hacked into the IN.gov as a prank.

 
Information Source:
Dataloss DB
records from this breach used in our total: 76,600
February 9, 2007 East Carolina University
Greenville, North Carolina
EDU DISC

65,000 students, alumni, and staff members

http://www.ecu.edu/incident/, 877-328-6660

A programming error resulted in personal information of 65,000 individuals being exposed on the University's Web site. The data has since been removed. Included were names, addresses, SSNs, and in some cases credit card numbers.

 
Information Source:
Dataloss DB
records from this breach used in our total: 65,000
February 9, 2007 Radford University, Waldron School of Health and Human Services
Radford, Virginia
EDU HACK

2,400 children

A computer security breach exposed the personal information, including SSNs, of children enrolled in the FAMIS program, Family Access to Medical Insurance Security.

 
Information Source:
Dataloss DB
records from this breach used in our total: 2,400
February 9, 2007 General Electric
Louisville, Kentucky
BSR PORT

80

A GE service technician's laptop was stolen. It contained customer names and credit card numbers.

 
Information Source:
Dataloss DB
records from this breach used in our total: 80
February 8, 2007 Piper Jaffrey
Minneapolis, Minnesota
BSF DISC

More than 1,000 employees

W-2s sent to current and former employees in January included employees' Social Security numbers on the outside of the envelope. Though the numbers were not identified as Social Security numbers, they followed the standard XXX-XX-XXXX format. Executives indicated the mishap was an error by a third-party vendor.

 
Information Source:
Dataloss DB
records from this breach used in our total: 1,000
February 8, 2007 St. Mary's Hospital
Leonardtown, Maryland
MED PORT

130,000

A laptop was stolen in December that contained names, SSNs, and birthdates for many of the Hospital's patients.

 
Information Source:
Dataloss DB
records from this breach used in our total: 130,000
February 8, 2007 Fresenius Medical Care Holdings Inc., Fresenius Medical Care North America (FMCNA)
Waltham, Massachusetts
MED PORT

10 (No SSNs or financial information reported)

A laptop was stolen from the locked car of an employee on December 13 while it was parked outside of a restaurant. The laptop contained patient names, dates of birth, dates of service and insurance information.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0
February 8, 2007 LexisNexis
Boca Raton, Florida
BSO INSD

220

LexisNexis sent out notification letters of two separate incidents. A law enforcement customer noticed that an account was used in an unauthorized way. Searches that revealed names, Social Security numbers and driver's license numbers may have been performed by an unauthorized user or without proper reason. The second incident involves a government agency employee who may have used his account in an unauthorized manner to view names, Social Security numbers, addresses and driver's license numbers. Over 220 New York residents were affected by the breaches, but the total number of affected customers nationwide was not revealed.

 
Information Source:
Dataloss DB
records from this breach used in our total: 220
February 8, 2007 District Council 37 Health and Security Plan of New York City
New York, New York
GOV PORT

31,500

A CD containing prescription drug data was discovered missing from the organization's files.  People who had their prescription drugs filled through DC 37's prescription drug benefits plan may have had their names and Social Security numbers exposed.  Prescription information from between February 13 and February 22 of 2006 (the previous year) was also exposed.

 
Information Source:
Dataloss DB
records from this breach used in our total: 31,500
February 7, 2007 University of Nebraska
Lincoln, Nebraska
EDU DISC

72

An employee accidentally posted SSNs of 72 students, professors, and staff on UNL's public Web site where they remained for 2 years. They have since been removed.

 
Information Source:
Dataloss DB
records from this breach used in our total: 72
February 7, 2007 Johns Hopkins University and Johns Hopkins Hospital
Baltimore, Maryland
MED PORT

52,000 past and present employees plus 83,000 patients

Johns Hopkins reported the disappearance of 9 backup computer tapes containing personal information of employees and patients.  Eight of the tapes contained payroll information on 52,000 past and present employees, including SSNs and in some cases bank account numbers. The 9th tape contained less sensitive information about 83,000 hospital patients.

 
Information Source:
Dataloss DB
records from this breach used in our total: 135,000
February 7, 2007 Central Connecticut State University
New Britain, Connecticut
EDU DISC

750 students

Social Security numbers of about 750 CCSU students were exposed in the name and address window on envelopes mailed to them. The envelopes were not folded correctly. They contained IRS 1098T forms.

 
Information Source:
Dataloss DB
records from this breach used in our total: 750
February 6, 2007 New York Department of Labor
Glenn Falls, New York
GOV PHYS

537

A laptop computer annd documents were stolen from a state tax auditor's apartment. While the laptop had security features and had little personal information on it, the documents contained personal information for people who were employed by 13 Capital Region businesses.

 
Information Source:
Dataloss DB
records from this breach used in our total: 537
February 6, 2007 Metro Credit Services
Hurst, Texas
BSF PHYS

Unknown

Thousands of files from the defunct bill collection company containing medical records, phone bills and Social Security numbers were found in a trash bin.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0
February 6, 2007 Merchant America
Camarillo, California
BSR HACK

130,000

A hacker gained access to a customer database. Customers who made transactions with merchants that Merchant America provides payment processing services to may have had their names, bank account numbers and driver's license numbers exposed.

 
Information Source:
Dataloss DB
records from this breach used in our total: 130,000
February 3, 2007 CTS Tax Service
Cassopolis, Michigan
BSO STAT

800

The computer and hard drive of a tax preparation company were stolen. Data included names, bank account numbers, routing numbers, birthdates, SSNs, and addresses.

 
Information Source:
Dataloss DB
records from this breach used in our total: 800
February 2, 2007 Massachusetts Department of Industrial Accidents
Boston, Massachusetts
GOV INSD

1,200 people who submitted claims

800) 323-3249 ext. 560, www.mass.gov/dia

A former state contractor allegedly accessed a workers' compensation data file and stole personal information, including SSNs. The thief used the data to commit identity theft on at least 3 individuals.

 
Information Source:
Dataloss DB
records from this breach used in our total: 1,200
February 2, 2007 Indian Consulate via Haight Ashbury Neighborhood Council recycling center
San Francisco, California
GOV PHYS

Unknown

Visa applications and other sensitive documents were accessible for more than a month in an open yard of a recycling center. Information included applicants' names, addresses, phone numbers, birthdates, professions, employers, passport numbers, and photos. A sampling of documents indicated that the paperwork included everyone who applied in the Western states from 2002-2005. Applicants were current and former executives of major Bay Area companies that have operations in India.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0
February 2, 2007 Wisconsin Assembly
Madison, Wisconsin
GOV PHYS

150 Assembly members and aides

A document containing personal information of Wisconsin Assembly members was stolen from a legislative employee's car while she was exercising at a local gym. It contained names, addresses, and SSNs.

 
Information Source:
Dataloss DB
records from this breach used in our total: 150
February 2, 2007 University of Missouri, Research Board Grant Application System
Columbia, Missouri
EDU HACK

1,220

A hacker broke into a UM computer server mid-January and might have accessed personal information, including SSNs, of 1,220 researchers on 4 campuses. The passwords of 2,579 individuals might also have been exposed.

 
Information Source:
Dataloss DB
records from this breach used in our total: 1,220
February 2, 2007 New York Department of State
Albany, New York
GOV DISC

Unknown

The agency's Web site posted commercial loan documents that mistakenly contained SSNs. The forms are posted to let lenders know the current financial status of loan recipients.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0
Breach Total
816,324,756 RECORDS BREACHED
(Please see explanation about this total.)
from 4,517 DATA BREACHES made public since 2005

Pages

Showing 3801-3850 of 4517 results