Chronology of Data Breaches
Security Breaches 2005 - Present

Posted Date: April 20, 2005
Updated Date: December 31, 2013

Is this your first visit to our Chronology of Data Breaches?

  • Read our FAQ about what we define as a breached record, how we calculate the "total" records breached, our data sources, state breach notice laws, studies and other resources

  • Learn how to use our Chronology and take advantage of its sophisticated search and sort features

  • Get our RSS Feed to see when we add new breaches to the list

What would you like to do?


Click or unclick the boxes then select go.


Select features, then click GO.



Help Guide

Can't find the sort feature you're looking for? Click here to download a CSV file of the data breach list as it exisits today.
Breach Total
815,842,526 RECORDS BREACHED
(Please see explanation about this total.)
from 4,489 DATA BREACHES made public since 2005
Date Made Public Name Entity Type
December 4, 2009 MedSolutions
Raleigh, North Carolina
MED DISC

Unknown

For a period of time that has not been clearly defined the name, address, email, and taxpayer ID number (which in some cases is the physician’s Social Security number) for an undetermined number of NC physicians could be viewed on the MedSolutions website. Access to this information apparently was not limited to physicians or physician staff. Based on the information available at the time of this posting, any person with an email address could enter physician names and view the information.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

July 1, 2006 American Red Cross, Farmers Branch
Dallas, Texas
NGO PORT

Unknown

Sometime in May, three laptops were stolen, one of them containing encrypted personal information including names, SSNs, dates of birth, and medical information of all regional donors. They also report losing a laptop with encrypted donor information in June 2005.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

July 6, 2006 Automatic Data Processing (ADP)
Roseland, New Jersey
BSO UNKN

0

Payroll service company ADP gave scam-artist names, addresses, and number of shares held of investors, although apparently not SSNs or account numbers. The leak occurred from Nov. '05 to Feb. '06 and involved individual investors with 60 companies including Fidelity, UBS, Morgan Stanley, Bear Stearns, Citigroup, Merrill Lynch. Hundreds of thousands of investors may have been affected.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

July 7, 2006 Montana Public Health and Human Services Department
Helena, Montana
MED STAT

Unknown

A state government computer was stolen from the office of a drug dependency program during a 4th of July break-in. It was not known if sensitive information such as SSNs was compromised.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

July 14, 2006 Hampton Circuit Court Clerk - Treasurer's computer
Hampton, Virginia
GOV DISC

Over 100,000 records (The number containing SSNs is not known yet and not included in total below.)

Public computer in city government building containing taxpayer information was found to display SSNs of many residents -- those who paid personal property and real estate taxes. It was shut down and confiscated by the police on July 12th.

UPDATE (7/27/2006) Investigation concluded that the data was exposed due to software problem.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

July 17, 2006 Vassar Brothers Medical Center
Poughkeepsie, New York
MED PORT

257,800 (revised to 0)

(845) 483-6990

An analysis by Kroll later determined that the laptop contained no personal information, though 257,800 patients were initially notified.  This number is not included in the total below.

Laptop was stolen from the emergency department between June 23-26. It contained information on patients dating back to 2000, including SSNs and dates of birth.

UPDATE (10/5/06) Private investigators determined the laptop did not contain personally identifiable patient information.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

July 26, 2006 West Virginia Division of Rehabilitation Services
Beckley, West Virginia
GOV PORT

Unknown

A laptop was stolen July 24 containing clients' names, addresses, SSNs, and phone numbers. Data was password protected.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

July 27, 2006 Kaiser Permanente Northern California Office
Oakland, California
MED PORT

160,000 records. Because the data file did not include SSNs, this number is not added to the total below.

(866) 453-3934

A laptop was stolen containing names, phone numbers, and the Kaiser number for each HMO member. The data file did not include SSNs. The data was being used to market Hearing Aid Services to Health Plan members.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

February 15, 2010 West Memphis Police Department
Memphis, Tennessee
GOV INSD

Unknown

FBI is investigating, after the security of the West Memphis Police Department's computer network was apparently compromised. The FBI had information that somebody had used a computer that shouldn't have used it. The suspect in the breach was a detective in the police department. Files containing the names and Social Security numbers of police department employees were stored on the computer network, making the employees vulnerable to identity theft.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

July 27, 2006 Los Angeles County Department Community Senior Services
Los Angeles, California
GOV PORT

Unknown

In May, a laptop was stolen from the home of a community and senior services employee. It contained information on LA County employees.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

July 27, 2006 Los Angeles County, Community Development Commission (CDC)
Monterey Park, California
GOV HACK

4,800 records (No SSNs or financial information reported)

Earlier in July, a computer hacker located in Germany gained access to the CDC's computer system, containing personal information on 4,800 public housing residents.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

July 27, 2006 Los Angeles County, Adult Protective Services
Burbank, California
GOV PORT

Unknown

Last weekend 11 laptops were stolen from the Burbank office. It is not clear what type of personal information was included.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

July 28, 2006 Matrix Bancorp Inc.
Denver, Colorado
BSF PORT

Unknown

(877) 250-7742

Two laptop computers were stolen during daytime while staffers were away from their desks. One computer contained customers' account information. The bank says data is encrypted and password protected.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

August 31, 2006 CoreLogic for ComUnity Lending
Sacramento, California
BSO STAT

Unknown

(877) 510-3700, identityprotection@corelogic.com. Exact date in August 2006 unknown.

In early August, CoreLogic notified customers of ComUnity Lending that a computer with customers' data was stolen from its office. Data included names, SSNs, and property addresses related to an existing or anticipated mortgage loan.

 
Information Source:
Security Breach Letter
records from this breach used in our total: 0

August 1, 2006 US Bank
Covington, Kentucky
BSF PHYS

Unknown

A bank employee's briefcase was stolen from the employee's car with documents containing names, phone numbers, and SSNs of customers.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

March 1, 2010 US Bank
Cleveland, Ohio
BSF PORT

Unknown

A laptop was stolen from the desk of a financial adviser. The laptop contained personal information about bank customers.

 
Information Source:
Databreaches.net
records from this breach used in our total: 0

August 1, 2006 Wichita State University
Wichita, Kansas
EDU HACK

40 (not included in total below because it is not known if SSNs were included in breached data)

An intrusion into a WSU Psychology Department's server was discovered July 16. It contained information on about 40 applicants to the doctoral program.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

August 1, 2006 Dollar Tree
Carmichael, California
BSR HACK

Unknown

Additional locations: Modesto, CA and Ashland, OR. Other locations may also be involved.

Customers of the discount store have reported money stolen from their bank accounts due to unauthorized ATM withdrawals. Data may have been intercepted by a thief's use of a wireless laptop computer with the thief then creating counterfeit ATM cards and using them to withdraw money.

UPDATE (10/5/06): Parkev Krmoian was indicted by a federal grand jury for allegedly using phony ATM cards made from gift cards. The case is tied to the Dollar Tree customer bank account thefts.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

February 17, 2010 Cardiology Consultant Inc.
Pensacola, Florida
MED PORT

8,000 Not included in total because Social Security numbers and financial information not involved.

Cardiology Consultants Inc. today reported that a laptop used to process ultrasound images was stolen from one of its Pensacola offices. The computer did not contain patient financial information or Social Security numbers. The stolen computer did contain the first and last names, dates of birth, medical record numbers, exam dates and in some cases, the reason for the ultrasound.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

February 16, 2010 Eclipse Property Solutions
St. Petersburg, Florida
BSO INSD

Unknown

A St. Petersburg man has been charged with stealing customers' credit card numbers from a marketing company he worked for to buy nearly $30,000 in dinners, limos and other luxuries. The man and another employee listened from their cubicles as co-workers repeated customer credit card information aloud to confirm accounts.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

August 6, 2006 American Online (AOL)
New York, New York
BSO DISC

650,000 (Unknown number of high-risk personal records)

Other locations: nationwide

In late July AOL posted on a public web site data on 20 million web queries from 650,000 users. Some search records exposed SSNs, credit card numbers, or other pieces of sensitive information.

UPDATE (9/26/06): Three individuals whose data were exposed have filed a lawsuit against AOL.

UPDATE (9/27/06): Six men were charged with creating and executing the phishing scheme.  The men collected AOL email addresses and infected the computers of users with a program that asked for their credit card and bank account numbers during the AOL login process. AOL users were also spammed with phony email messages that asked for payment on AOL charges. 

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

February 17, 2010 Dairy Queen
Hanceville, Alabama
BSO HACK

Unknown

Hanceville police are cautioning residents to be on guard against a sophisticated debit card wire scam that has leached hundreds of thousands of dollars from customers whose card numbers have been stolen remotely from pay terminals at one or more local businesses. The primary target in the theft so far has been the Dairy Queen restaurant. It's unsure whether this is ultimately involving other businesses. At the Dairy Queen location, somebody has apparently tapped into the Internet server and hacked into the debit card system. They are printing the customers’ debit card numbers and using them all over California and Georgia.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

August 8, 2006 Virginia Bureau of Insurance
Richmond, Virginia
GOV DISC

Unknown

(804) 726-2630

The Bureau has advised insurance agents in the state that their SSN may have been exposed on its web site from June 13 through July 31, 2006, due to a programming error. The SSNs were not shown on any web page, but could have been found by savvy computer users using the source code tool of a web browser.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

August 15, 2006 U.S. Department of Transportation
Orlando, Florida
GOV PORT

Unknown

On April 24, a DOT employee's laptop computer was stolen from an Orlando hotel conference room. It contained several unencrypted case files. Investigators are determining if it contained sensitive personal information.

 
Information Source:
Media
records from this breach used in our total: 0

August 16, 2006 Chevron
San Ramon, California
BSO PORT

Unknown

Total employees affected is unclear. Nearly half of Chevron's 59,000 workers are from North America, but it is not known if that number includes employees from Canada.

Chevron informed its U.S. workers on Aug. 14 that a laptop was stolen from an employee of an independent public accounting firm who was auditing its benefits plans. The theft apparently occurred Aug. 5. Files contained SSNs and sensitive information related to health and disability plans.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

August 17, 2006 HCA, Inc. Hospital Corporation of America
Nashville, Tennessee
MED STAT

thousands of files

(800) 354-1036, http://www.hcahealthcare.com

10 computers containing Medicare and Medicaid billing information and records of employees and physicians from 1996-2006 were stolen from one of the company's regional offices. Some patient names and SSNs were exposed, but details are vague. Records for patients in hospitals in the following states were affected: CO, KS, LA, MS, OK, OR, TS, WA.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

August 25, 2006 Dominion Resources
Richmond, Virginia
BSO PORT

Unknown

Two laptops containing employee information were stolen earlier in August. It was not clear what type of data were included. No customer records were on the computers. Dominion operates a gas and electric energy distribution company.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

August 25, 2006 U.S. Department of Transportation, Federal Motor Carrier Safety Administration
Baltimore, Maryland
GOV PORT

193 (not added to total)

(800) 832-5660

A laptop that might contain personal information of people with commercial driver's licenses was stolen Aug. 22. FMCSA said the data might include names, dates of birth, and commercial driver's license numbers of 193 individuals from 40 trucking companies.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

August 25, 2006 Sovereign Bank
New Bedford, Massachusetts
BSF PORT

thousands of customers

Personal data may have been compromised when 3 managers' laptops were stolen from 2 separate locations in early August. Customers were notified Aug. 21. Sovereign serves New England and the Mid-Atlantic. The bank said the data included unspecified customer information, but not account data.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

April 9, 2010 Hollywood Video
Sparks, Nevada
BSR PHYS

Unknown

This Hollywood Video like many others has closed. Hundreds, perhaps thousands of pieces of paper, receipts, records and worst of all membership forms, were exposed.  It appears they were not even placed in the dumpster, but left out in the open and scattered everywhere by the wind. On these forms were names, addresses, birth dates, I-D numbers, credit card numbers and signatures.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

August 29, 2006 Valley Baptist Medical Center
Harlingen, Texas
MED DISC

Unknown

 (877) 840-5999

A programming error on the hospital's web site exposed names, birth dates, and SSNs of healthcare workers in late August. The error was fixed but it is not known how long the personal information was compromised. The affected individuals are workers from outside the hospital who provide services and bill the hospital via an online form.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

March 6, 2010 Westin Bonaventure Hotel & Suites
Los Angeles, California
BSO HACK

Unknown

Westin Bonaventure Hotel & Suites four restaurants in Lake View Bistro, Lobby Court Bar, Bonavista Lounge and L.A. Prime., along with its valet parking operation, may have been hacked at some time between April and December, disclosing names, credit card numbers and expiration dates printed on customers' debit and credit cards.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

August 29, 2006 Compass Health
Everett, Washington
MED PORT

Unknown

(800) 508-0059

Compass Health notified some of its clients that a laptop containing personal information, including SSNs, was stolen June 28. The agency serves people who suffer from mental illness.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

August 31, 2006 Labcorp
Monroe, New Jersey
MED STAT

Unknown

 (800) 788-9091 x3925

During a break-in June 4 or 5, a computer was stolen that contained names and SSNs, but according to the company did not have birth dates or lab test results.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

March 10, 2010 Atlanta Veterans Affairs Medical Center
Atlanta, Georgia
MED INSD

Unknown

An assistant allegedly recorded two sets of patient data on to a personal laptop for research purposes. One set included three years' worth of patient data and another held 18 years of medical information. The physician assistant's laptop was never connected to the VA network and any data she recorded on her laptop was hand entered. The department has not disclosed the number of patients involved in the incident, what kind of personal data was copied, or whether it plans to notify the veterans whose records were downloaded.

 
Information Source:
Media
records from this breach used in our total: 0

August 31, 2006 Diebold, Inc., GE Capital
Canton, Ohio
BSO PORT

Unknown

An employee's laptop was stolen containing employee information, including name, SSN, and if applicable, corporate credit card number.

 
Information Source:
Security Breach Letter
records from this breach used in our total: 0

September 1, 2006 Wells Fargo via unnamed auditor
San Francisco, California
BSF PORT

Unknown

In a letter dated Aug. 28, the company notified its employees that a laptop and data disk were stolen from the locked trunk of an unnamed auditor, hired to audit the employees' health plan. Data included names, SSNs, and information about drug claim cost and dates from 2005, but no prescription information said the company.

 
Information Source:
Security Breach Letter
records from this breach used in our total: 0

March 11, 2010 monoprice.com
Rancho Cucamonga, California
BSR HACK

Unknown

The company took their web site offline, after it received e-mails and phone calls from several customers complaining about fraudulent charges on their debit and credit cards that they had used on monoprice.com.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

September 8, 2006 Linden Lab, Second Life
San Francisco, California
BSO HACK

Unknown

http://blog.secondlife.com/2006/09/08/urgent-security-announcement/

On Sept. 6, Linden Lab discovered that a hacker accessed its Second Life database through web servers. The affected data included unencrypted account names, real life names, and contact information, plus encrypted account passwords and payment information. Second Life is a 3-D virtual world.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

September 11, 2006 Telesource via Veksta
Indianapolis, Indiana
BSO PHYS

Unknown

Employees discovered their personnel files in a Dumpster after the company had been bought out by another company Vekstar. The files were discarded when the office was being cleaned out and shut down. Files contained SSNs, dates of birth and photocopies of SSN cards and driver's licenses.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

September 15, 2006 Whistle Junction restaurant
Orlando, Florida
BSO PHYS

Unknown

Personnel files of employees of the now-closed restaurant were found in a nearby Dumpster. Papers included names and SSNs of former employees,

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

March 19, 2010 PNC Financial Services Group Inc.
Dayton, Ohio
BSF CARD

Unknown

PNC Financial Services Group is investigating a possible security breach involving some debit cards issued by the former National City Corp., which it acquired in December 2008. The problem surfaced when former National City customers began reporting unauthorized charges on their accounts. The breach involves a small number of cards in the Cincinnati area, and it appears to have been committed by someone outside PNC or National City prior to the merger. It doesn’t involve any PNC-branded cards or longtime PNC customers. PNC has shut down National City debit cards in the Cincinnati area and asks that customers who have not yet done so activate their PNC debit cards. PNC is working one-on-one with customers to refund accounts, and has been returning funds within 24 hours.

UPDATE (10/19/10): Three men were charged with using skimming devices at PNCs in Pittsburgh in April and May.

 
Information Source:
Media
records from this breach used in our total: 0

September 21, 2006 Pima County Health Department
Tucson, Arizona
GOV PHYS

2,500 (no SSNs or financial information reported)

Vaccination records on 2,500 clients had been left in the trunk of a car that was stolen Sept. 12. The car and records have since been recovered. Records included names, dates of birth and ZIP codes, but no SSNs or addresses.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

September 21, 2006 U.S. Department of Commerce and Census Bureau
Washington, District Of Columbia
GOV PORT

Unknown

https://www.census.gov/Press-Release/www/releases/archives/miscellaneous/007497.html

The agency reported that 1,137 laptops have been lost or stolen since 2001. Of those, 672 were used by the Census Bureau, with 246 of those containing personal data. Secretary Gutierrez said the computers had protections to prevent a breach of personal information.

 
Information Source:
Media
records from this breach used in our total: 0

January 5, 2010 Housing Authority of New Orleans (HANO)
Algiers, Louisiana
GOV PHYS

Unknown

Personal documents relating to section 8 were left in an unsecured and abandoned office.  The documents included copies of birth certificates, driver's license numbers, pay stubs, and Social Security cards.

 
Information Source:
NAID
records from this breach used in our total: 0

September 22, 2006 Several Indianapolis pharmacies
Indianapolis, Indiana
MED PHYS

Unknown

Earlier this year a local TV reporter from WTHR found that dozens of pharmacies disposed of customer records in unsecured garbage bins. Now the Indiana Board of Pharmacy has launched an investigation of 30 pharmacies. Both the Board and the Attorney General say that the pharmacies violated state law.

 
Information Source:
Media
records from this breach used in our total: 0

April 13, 2009 Irving Independent School District
Irving, Texas
EDU PHYS

Unknown

Identity thieves using the names and Social Security numbers of Irving Independent School District employees have made thousands of dollars in credit card purchases. At least 64 of the 3,400 teachers and other employees names were on an old benefits report that somehow ended up in the trash.

UPDATE (2/4/10): At least one woman involved in the crime was caught in January of 2009 and sentenced on February 4, 2010.

 
Information Source:
Media
records from this breach used in our total: 0

January 12, 2010 SouthTrust
Bossier, Louisiana
BSF PHYS

Unknown

The financial planning company left sensitive retirement information in a publicly accessible dumpster.  The information included account ID numbers, personal addresses, and Social Security numbers. Information about people living in Shreveport, Haughton, Minden, Monroe, Farmerville, Eros and Downsville, Louisiana was found.  Information from people living in Orange, Port Neches, Vidor and Deweyville, Texas was also found.

 
Information Source:
NAID
records from this breach used in our total: 0

August 29, 2005 Iowa Student Loan
Des Moines, Iowa
BSF PORT

Unknown

A CD-Rom including Social Security numbers, last name and state of residence was lost while in transit from an outside business partner.

 
Information Source:
Security Breach Letter
records from this breach used in our total: 0

October 3, 2006 Willamette Educational Service District (ESD)
Salem, Oregon
EDU STAT

4,500 Oregon high school students [not included in total because not thought to contain sensitive info. such as SSNs]

Seven computers stolen from a Willamette Educational Service District office were believed to contain personal information of 4,500 Oregon high school students. Backup tapes indicate the computers hold information about the students' school clubs but do not contain sensitive information.

 
Information Source:
Media
records from this breach used in our total: 0

Showing 51-100 of 4489 results


X

Sign In!

Loading