Chronology of Data Breaches
Security Breaches 2005 - Present

Posted Date: April 20, 2005
Updated Date: December 31, 2013

Is this your first visit to our Chronology of Data Breaches?

  • Read our FAQ about what we define as a breached record, how we calculate the "total" records breached, our data sources, state breach notice laws, studies and other resources

  • Learn how to use our Chronology and take advantage of its sophisticated search and sort features

  • Get our RSS Feed to see when we add new breaches to the list

What would you like to do?


Click or unclick the boxes then select go.


Select features, then click GO.



Help Guide

Can't find the sort feature you're looking for? Click here to download a CSV file of the data breach list as it exisits today.
Breach Total
864,188,052 RECORDS BREACHED
(Please see explanation about this total.)
from 4,252 DATA BREACHES made public since 2005

Save or Print PDF of Entire Breach List including introduction.Save or Print a PDF of Entire Breach List (including introductory FAQ)

Filter breach list before saving or printing PDF. Conduct a search of the Chronology using its sorting features, and Save or Print a PDF of your search results (Select filters)

If you do not have access to PDF, you can print the Chronology in landscape view.

Date Made Publicsort icon Name Entity Type
November 11, 2006 Hertz Global Holdings, Inc.
Oklahoma City, Oklahoma
BSO INSD

Unknown

1-888-222-8086

The names and Social Security numbers of Hertz employees dating back to 2002 were discovered on the home computer of a former employee.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

November 13, 2006 Connors State College
Warner, Oklahoma
EDU PORT

Considerably more than 22,500

(918) 463-6267, perline@connorsstate.edu

On Oct. 15, a laptop computer was discovered stolen from the college. (It has since been recovered by law enforcement). The computer contains Social Security numbers and other data for Connors students plus 22,500 high school graduates who qualify for the Oklahoma Higher Learning Access Program scholarships.

 
Information Source:
Dataloss DB
records from this breach used in our total: 22,500

November 15, 2006 Internal Revenue Service (IRS)
Washington, District Of Columbia
GOV PORT

2,359

According to document s obtained under the Freedom of Information Act, 478 laptops were either lost or stolen from the IRS between 2002 and 2006. 112 of the computers held sensitive taxpayer information such as SSNs.

UPDATE (04/05/07): A report by the Treasury Inspector General for Tax Administration noted that at least 490 IRS computers have been stolen or lost since 2003 in 387 security breach incidents that potentially jeopardized tax payers' personal information.

UPDATE (04/17/07): The Inspector General's assessment of 20 buildings in 10 cities discovered four separate locations at which hackers could have easily gained access to IRS computers and taxpayer data using wireless technology.

 
Information Source:
Media
records from this breach used in our total: 2,359

November 15, 2006 Boeing, Co
Chicago, Illinois
BSO PORT

762

A laptop was stolen from an employee's home on or around November 6.  The laptop contained salary planning files from 2002 that had Social Security numbers, names, driver's licenses and state identification numbers.  Credit and debit card numbers, security codes and passwords for financial accounts may have also been exposed.

 
Information Source:
Dataloss DB
records from this breach used in our total: 762

November 15, 2006 Look Tours LLC
North Las Vegas, Nevada
BSR STAT

300,000

A number of computers were stolen during a September 28 office burglary. Some of the information on the computers included name, address, email address and credit card number and information. Customers and some current and former employees and consultants were affected.

 
Information Source:
Dataloss DB
records from this breach used in our total: 300,000

November 15, 2006 Stony Brook University
Stony Brook, New York
EDU STAT

2,000

A computer stolen on August 15 contained names and Social Security numbers. People involved in the Professional Teachers Program were affected. An employee of a moving company used by the University is believed to be responsible for the theft. The computer was returned on October 6 and was used by unauthorized persons during its absence.

 
Information Source:
Dataloss DB
records from this breach used in our total: 2,000

November 15, 2006 Expedia Corporate Travel (now Egencia)
Bellevue, Washington
BSO INSD

47

A former call center employee somehow gained access to credit card numbers and may have misused the information. The former employee attempted to make unauthorized charges at least twice. The discovery was made on October 24.

 
Information Source:
Dataloss DB
records from this breach used in our total: 47

November 16, 2006 American Cancer Society (ACS)
Louisville, Kentucky
NGO PORT

Unknown

Headquarters in Atlanta, GA.  If you have tips, call (502) 574-5673

An unspecified number of laptop computers were stolen from the Louisville offices of the American Cancer Society. It is not clear what personal information was exposed, if any.

 
Information Source:
Media
records from this breach used in our total: 0

November 17, 2006 Jefferson College of Health Sciences
Roanoke, Virginia
EDU DISC

143

An email containing the names and SSNs of 143 students intended for one employee was inadvertently sent to the entire student body of 900.

 
Information Source:
Dataloss DB
records from this breach used in our total: 143

November 17, 2006 Paetec Communications
Charlotte, North Carolina
BSR PORT

1095

The October 27 theft of an employee's laptop exposed employee information. A list of employees dating back to December 2004 was on the hard drive of the laptop. Employee names, Social Security numbers and salary information may have been exposed.

 
Information Source:
Dataloss DB
records from this breach used in our total: 1,095

November 18, 2006 KeyCorp
Cleveland, Ohio
BSF DISC

17

An email containing a spreadsheet with the SSN, name, address and closed account number of 17 NY residents was accidentally emailed to an external client distribution list of 159 businesses and individuals on or around November 9. The recipients were asked to destroy the email. It is not clear if the 17 New York residents were the only people affected by this incident.

 
Information Source:
Dataloss DB
records from this breach used in our total: 17

November 20, 2006 Administration for Children's Services
New York, New York
GOV PHYS

200 (No reports of SSNs or financial information)

More than 200 case files from the Emergency Children's Services Unit of ACS were found on the street in a plastic garbage bag. The files contain sensitive information of families, social workers and police officers.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

November 20, 2006 Haywood Mortgage Associates Inc.
Bethesda, Maryland
BSF INSD

228

A former employee is believed to have downloaded confidential client information to a USB device shortly before leaving the company.  Client names, Social Security numbers, addresses, dates of birth, driver's license numbers, credit card account numbers, mortgage loan account numbers, auto and personal loan numbers, employment information and credit reports could have been taken.  The incident occurred sometime around September 7.  Clients were notified on January 8 of 2007.

 
Information Source:
Dataloss DB
records from this breach used in our total: 228

November 20, 2006 Bank of Jena, Experian
Jena, Louisiana
BSF HACK

Unknown

An unauthorized user was able to access Experian consumer information through the Bank of Jena. Names, Social Security numbers, addresses, dates of birth and account numbers could have been accessed. At least 29 New York residents were affected, but the total number of residents affected nationwide was not revealed.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

November 25, 2006 Family Health Center of Clark County
Jeffersonville, Indiana
MED STAT

7,700

Two computers stolen from an Indiana state health department contractor, the Family Health Center of Clark Count, contained the names, addresses, birth dates, SSNs and medical and billing information for more than 7,500 women. The data were collected as part of the state's Breast and Cervical Cancer Program.

 
Information Source:
Dataloss DB
records from this breach used in our total: 7,700

November 27, 2006 Johnston County, NC
Johnston County, North Carolina
GOV DISC

About 39,000 North Carolina residents

Personal data, including SSNs, of thousands of taxpayers, were inadvertently posted on the county web site. The information was removed from the site within an hour after officials became aware of the situation.

 
Information Source:
Dataloss DB
records from this breach used in our total: 39,000

November 27, 2006 Greenville County School District
Greenville, South Carolina
EDU STAT

At least 101,000 students and employees

School district computers sold to the WH Group at auctions between 1999 and early 2006 contained the birth dates, SSNs, driver's license numbers and Department of Juvenile Justice records of approximately 100,000 students. The computers also held sensitive data for more than 1,000 school district employees.

UPDATE(12/10/06): A judge ordered the WH Group to return the computers and the confidential data on them to the school district.

 
Information Source:
Dataloss DB
records from this breach used in our total: 101,000

November 27, 2006 Chicago Public Schools via All Printing & Graphics, Inc.
Chicago, Illinois
EDU DISC

1,740 former Chicago Public School employees

A company hired to print and mail health insurance information to former Chicago Public School employees mistakenly included a list of the names, addresses and SSNs of the nearly 1,740 people receiving the mailing. Each received the 125-page list of the 1,740 former employees.

 
Information Source:
Dataloss DB
records from this breach used in our total: 1,740

November 28, 2006 Kaiser Permanente Colorado-- Skyline and Southwest offices
Denver, Colorado
MED PORT

38,000 (No SSNs or financial information reported)

 For members who have questions: (866) 529-0813

A laptop was stolen from the personal car of a Kaiser employee in California on Oct. 4. It contained names, Kaiser ID number, date of birth, gender, and physician information. The data did not include SSNs.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

November 28, 2006 California State University, Los Angeles (Cal State LA), Charter College of Education
Los Angeles, California
EDU PORT

2,534

(800) 883-4029

An employee's USB drive was inside a purse stolen from a car trunk. It contained personal information on 48 faculty members and more than 2,500 students and applicants of a teacher credentialing program. Information included names, SSNs, campus ID numbers, phone numbers, and e-mail addresses.

 
Information Source:
Dataloss DB
records from this breach used in our total: 2,534

November 29, 2006 Gundersen Lutheran Medical Center
LaCrosse, Wisconsin
MED INSD

unknown

A Medical Center employee used patient information, including SSNs and dates of birth, to apply for credit cards in their names. As patient liaison, her duties included insurance coverage, registration, and scheduling appointments. She was arrested for 37 counts of identity theft, and was convicted of identity theft and uttering forged writing, according to the criminal complaint.

 
Information Source:
Media
records from this breach used in our total: 0

November 29, 2006 Computershare Shareholder Services Inc., Republic Bank Limited
Providence, Rhode Island
BSF DISC

90

Shareholders of Republic Bank Limited were mailed letters with their Social Security numbers visible through the address window of the envelope. Computershare is the registered transfer agent for Republic Bank common stock.

 
Information Source:
Dataloss DB
records from this breach used in our total: 90

November 30, 2006 Pennsylvania Department of Transportation (PennDOT)
Dunmore, Pennsylvania
GOV STAT

11,384

Affected individuals can call (800) PENNDOT if you have questions.

Thieves stole equipment from a driver's license facility late evening Nov. 28, including computers containing personal information on more than 11,000 people. Information included names, addresses, dates of birth, driver's license numbers and both partial and complete SSNs (complete SSNs for 5,348 people). Also stolen were supplies used to create drivers licenses and photo IDs. The state maintains 97 driver's license facilities.

 
Information Source:
Dataloss DB
records from this breach used in our total: 11,384

November 30, 2006 TransUnion Credit Bureau, Kingman, AZ, court office
Chester, Pennsylvania
BSF HACK

1,700

Four different scam companies downloaded the credit information of more than 1,700 individuals, including their credit histories and SSNs. They were able to illegitimately obtain the password to the TransUnion account held by the Kingman, AZ, court office, which apparently has a subscription to the bureau's services.

 
Information Source:
Dataloss DB
records from this breach used in our total: 1,700

December 1, 2006 TD Ameritrade
Omaha, Nebraska
BSF PORT

300

 (201) 369-8373

According to a letter sent to around 300 current and former employees, a laptop was removed (presumably stolen) from the office Oct. 18, 2006, that contained unencrypted information including names, addresses, dates of birth, and SSNs.

 
Information Source:
Dataloss DB
records from this breach used in our total: 300

December 1, 2006 First Banks Inc
Louisville, Kentucky
BSF PORT

Unknown

A laptop was stolen from the locked office of an employee during a nighttime burglary on November 20. Loan applications, financial statements and credit reports with client names, addresses and Social Security numbers were on the laptop. At least two New York residents were affected, but the total number of affected clients nationwide was not revealed.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

December 3, 2006 City of Grand Prairie
Grand Prairie, Texas
GOV DISC

hundreds of employees (at least 200)

Employees of the city of Grand Prairie were notified that personal records were exposed on the city's website for at least a year. Included were the names and SSNs of hundreds of employees. The information has since been removed. The city had been working with a contractor on a proposal for workers' compensation insurance. Along with the proposal, names and SSNs were mistakenly listed.

 
Information Source:
Dataloss DB
records from this breach used in our total: 200

December 5, 2006 Army National Guard 130th Airlift Wing
Charleston, West Virginia
GOV PORT

Unknown

A laptop was stolen from a member of the unit while he was attending a training course. It contained names, SSNs, and birth dates of everyone in the 130th Airlift Wing.

 
Information Source:
Media
records from this breach used in our total: 0

December 5, 2006 Nassau Community College
Garden City, New York
EDU PHYS

21,000

A printout is missing that contains information about each of NCC's 21,000 students, including names, SSNs, addresses, and phone numbers. It disappeared from a desk in the Student Activities Office.

 
Information Source:
Dataloss DB
records from this breach used in our total: 21,000

December 6, 2006 Premier Bank
Columbia, Missouri
BSF PHYS

1,800 customers

 Headquarters in Jefferson City, MO

A report was stolen the evening of Nov. 16 from the car of the bank's VP and CFO while employees were celebrating an award received by the bank. The document contained names and account numbers of customers, but reportedly no SSNs.

 
Information Source:
Dataloss DB
records from this breach used in our total: 1,800

December 7, 2006 CIGNA HealthCare Corp
Pittsburgh, Pennsylvania
MED INSD

Unknown

A former employee used customer credit card information.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

December 7, 2006 Cornell University
Ithica, New York
EDU PORT

210

A laptop was stolen from an employee. Names and Social Security numbers were on the computer.

 
Information Source:
Dataloss DB
records from this breach used in our total: 210

December 8, 2006 Segal Group of New York, via a Vermont state agency website
Montpelier, Vermont
BSO DISC

1,100

Names and SSNs of several hundred physicians, psychologists and other health care providers were mistakenly posted online by Segal Group, a contractor hired by the state to put its health management contract out for bid. The information was posted from May 12 to June 19. It was discovered when a doctor found her own SSN online.  A Vermont state agency used to call for bids on state contracts was involved.  

UPDATE (1/14/07): SSNS of more than 1,100 doctors, psychothereapists and other health professionals were exposed.

 
Information Source:
Dataloss DB
records from this breach used in our total: 1,100

December 8, 2006 Experian, BMA Credit Union
Mesquite, Texas
BSF INSD

46

46

An unauthorized Experian client accessed consumer personal information. The information included name, Social Security number and address. At least 46 New York residents were affected, but the total number nationwide was not revealed.

 
Information Source:
Dataloss DB
records from this breach used in our total: 46

December 9, 2006 Home Finance & Mortgage, Inc.
Cornelius, North Carolina
BSF PHYS

146

The company dumped files containing names, addresses, Social Security numbers, credit card numbers, and bank account numbers of people who had applied for mortgage loans. Home Finance and its owners have agreed to pay the State of NC $3,000 for their violations.

 
Information Source:
Dataloss DB
records from this breach used in our total: 146

December 9, 2006 Virginia Commonwealth University (VCU)
Richmond, Virginia
EDU DISC

561 students

Personal information of 561 students was inadvertently sent as attachments on Nov. 20 in an e-mail, including names, SSNs, local and permanent addresses and grade-point averages. The e-mail was sent to 195 students to inform them of their eligibility for scholarships.

 
Information Source:
Dataloss DB
records from this breach used in our total: 561

December 12, 2006 University of California at Los Angeles (UCLA)
Los Angeles, California
EDU HACK

800,000

Affected individuals can call UCLA at (877) 533-8082, http://www.identityalert.ucla.edu

Hacker(s) gained access to a UCLA database containing personal information on current and former students, current and former faculty and staff, parents of financial aid applicants, and student applicants, including those who did not attend. Exposed records contained names, SSNs, birth dates, home addresses, and contact information. About 3,200 of those notified are current or former staff and faculty of UC Merced and current and former staff of UC's Oakland headquarters.

 
Information Source:
Media
records from this breach used in our total: 800,000

December 12, 2006 University of Texas, Dallas
Dallas, Texas
EDU HACK

35,000

Affected individuals can call (972) 883-4325, http://www.utdallas.edu/datacompromise/form.html

The University discovered that personal information of current and former students, faculty members, and staff may have been exposed by a computer network intrusion -- including names, SSNs, home addresses, phone numbers and e-mail addresses.

UPDATE (12/14/06): The number of people affected was first thought to be 5,000, but was increased to 6,000.

UPDATE (01/19/07): Officials now say 35,000 individuals may have been exposed.

 
Information Source:
Dataloss DB
records from this breach used in our total: 35,000

December 12, 2006 Aetna, Nationwide, WellPoint Group Health Plans, Humana Medicare, Mutual of Omaha Insurance Company, Anthem Blue Cross Blue Shield via Concentra Preferred Systems
Dayton, Ohio
MED PORT

396,279

A lockbox holding personal information of health insurance customers was stolen Oct. 26. Thieves broke into an office building occupied by insurance company vendor, Concentra Preferred Systems. The lockbox contained computer backup tapes of medical claim data for Aetna and other Concentra health plan clients. Exposed data includes member names, hospital codes, and either SSNs or Aetna member ID numbers. SSNs of 750 medical professionals were also exposed. Officials downplay the risk by stating that the tapes cannot be used on a standard PC.

UPDATE (12/23/06): The lockbox also contained tapes with personal information of 42,000 NY employees insured by Group Health Insurance Inc.)

UPDATE(1/24/07): Personal data of 28,279 Nationwide's Ohio customers were also compromised.  2/11/10 Total changes to 396,279 to reflect final total of records breached in all of the affected companies.

 
Information Source:
Dataloss DB
records from this breach used in our total: 396,279

December 13, 2006 Boeing
Seattle, Washington
BSO PORT

382,000 current and former employees

In early December, a laptop was stolen from an employee's car. Files contained names, salary information, SSNs, home addresses, phone numbers and dates of birth of current and former employees.

UPDATE (12/14/06): Boeing fired the employee whose laptop was stolen.

UPDATE(1/26/07): The laptop was recovered.

 
Information Source:
Dataloss DB
records from this breach used in our total: 382,000

December 13, 2006 Seton Health System
Long Island, New York
MED PORT

14

The December 8 theft of a laptop may have exposed clinical and personal information. The information included names, Social Security numbers, addresses, dates of birth, medical record information, telephone number, and insurance information. The laptop was stolen from a Seton Home Health Care nurse's car.

 
Information Source:
Dataloss DB
records from this breach used in our total: 14

December 14, 2006 Electronic Registry Systems
Atlanta, Georgia
MED PORT

63,000

Additional locations: Danville, Pennsylvania, Nashville, TN

On Nov. 23, 2006, two computers (one desktop, one laptop) were stolen from Electronic Registry Systems, a business contractor in suburban Springdale, OH, that provides cancer patient registry data processing services. It contained the personal information (name, date of birth, Social Security number, address, medical record number, medical data and treatment information) of cancer patients from hospitals in Pennsylvania, Tennessee, Ohio and Georgia, dating back to 1977 at some hospitals. Hospitals include Emory Hospital, Emory Crawford Long Hospital, Grady Memorial Hospital, as well as Geisinger Health System (PA) and Williamson Medical Center (TN).

UPDATE(1/14/07): The number of affected patients was increased from 25,000 to over 63,000.

 
Information Source:
Dataloss DB
records from this breach used in our total: 63,000

December 14, 2006 Riverside High School
Durham, North Carolina
EDU DISC

Thousands of school employees (at least 2,000)

Two students discovered a breach in the security of a Durham Public Schools computer as part of a class assignment. They reported to school officials that they were able to access a database containing SSNs and other personal information of thousands of school employees. The home of one student was searched by Sheriff's deputies and the family computer was seized. 

 
Information Source:
Dataloss DB
records from this breach used in our total: 2,000

December 14, 2006 St. Vrain Valley School District
Longmont, Colorado
EDU PHYS

600 students

Paper records containing student information were stolen, along with a laptop, from a nurse's car Nov. 20. Personal information included students' names, dates of birth, names of their schools, what grade they are in, their Medicaid numbers (presumably SSNs), and their parents' names. The laptop contained no personal data.

 
Information Source:
Dataloss DB
records from this breach used in our total: 600

December 14, 2006 Bank of America
Charlotte, North Carolina
BSF INSD

Unknown

A former contractor for Bank of America unauthorizedly accessed the personal information (name, address, phone number, Social Security number) of an undisclosed number of customers, for the purpose of committing fraud.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

December 15, 2006 University of Colorado, Boulder, Academic Advising Center
Boulder, Colorado
EDU HACK

17,500

http://www.colorado.edu/its/security/awareness/privacy/identitytheft.pdf

A server in the Academic Advising Center was the subject of a hacking attack. Personal information exposed included names and SSNs for individuals who attended orientation sessions from 2002-2004. CU-Boulder has since ceased using SSNs as identifiers for students, faculty, staff, and administrators.

 
Information Source:
Dataloss DB
records from this breach used in our total: 17,500

December 15, 2006 City of Wickliffe
Wickliffe, Ohio
GOV HACK

125 employees

Hackers breached security in one of the city's three computer servers containing personal information on some city employees, including names and SSNs.

 
Information Source:
Dataloss DB
records from this breach used in our total: 125

December 15, 2006 North Bay Regional Center
Napa, California
NGO STAT

3,000

Thieves took 30 computers and electronic devices from the office. Personal information of clients may have been on some of the computers. This included credit card information for some clients.

 
Information Source:
Dataloss DB
records from this breach used in our total: 3,000

December 15, 2006 City University of New York
New York, New York
EDU STAT

445

Two computers were stolen from the York Support Services office. The computers contained databases including full names, Social security numbers and dates of birth.

 
Information Source:
Dataloss DB
records from this breach used in our total: 445

December 15, 2006 LexisNexis, Seisint
Boca Raton, Florida
BSO INSD

618

Unauthorized individuals used the ID and password of a Seisint law enforcement customer to obtain consumers' Social Security numbers, driver's license numbers, names and addresses. The breach was discovered on October 18 and affected individuals were contacted on December 5.

 
Information Source:
Dataloss DB
records from this breach used in our total: 618

Breach Total
864,188,052 RECORDS BREACHED
(Please see explanation about this total.)
from 4,252 DATA BREACHES made public since 2005
Showing 551-600 of 4252 results


X

Sign In!

Loading