Chronology of Data Breaches
Security Breaches 2005 - Present

Posted Date: April 20, 2005
Updated Date: December 31, 2013

Is this your first visit to our Chronology of Data Breaches?

  • Read our FAQ about what we define as a breached record, how we calculate the "total" records breached, our data sources, state breach notice laws, studies and other resources

  • Learn how to use our Chronology and take advantage of its sophisticated search and sort features

  • Get our RSS Feed to see when we add new breaches to the list

What would you like to do?


Click or unclick the boxes then select go.


Select features, then click GO.



Help Guide

Can't find the sort feature you're looking for? Click here to download a CSV file of the data breach list as it exisits today.
Breach Total
815,842,526 RECORDS BREACHED
(Please see explanation about this total.)
from 4,488 DATA BREACHES made public since 2005

Save or Print PDF of Entire Breach List including introduction.Save or Print a PDF of Entire Breach List (including introductory FAQ)

Filter breach list before saving or printing PDF. Conduct a search of the Chronology using its sorting features, and Save or Print a PDF of your search results (Select filters)

If you do not have access to PDF, you can print the Chronology in landscape view.

Date Made Public Name Entity Type
January 10, 2007 Advent Software Inc.
San Francisco, California
BSR PORT

Unknown

A laptop was stolen from the office on or around November 20. It contained employee Social Security numbers and addresses. Employees were notified in December. At least 21 New Hampshire residents were affected, but the total number of affected individuals nationwide was not revealed.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

January 9, 2007 Mercer Health and Benefits
,
BSF PORT

10,500 (No SSNs or financial information reported)

A laptop computer was stolen from a vehicle.  

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

January 29, 2007 Public Storage Inc.
Glendale, California
BSO HACK

Unknown

Someone gained unauthorized access to electronic company personnel files. The files included Social Security numbers, dates of birth, home addresses and other active employee information.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

January 28, 2007 New York Academy of Medicine
New York, New York
EDU STAT

7,460 (0 complete SSNs)

A computer was stolen during an office burglary in October 28. The last four digits of research participants' Social Security numbers, full names and dates of birth were on a database on the computer. Some participants also had their addresses and laboratory data exposed.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

February 8, 2007 Fresenius Medical Care Holdings Inc., Fresenius Medical Care North America (FMCNA)
Waltham, Massachusetts
MED PORT

10 (No SSNs or financial information reported)

A laptop was stolen from the locked car of an employee on December 13 while it was parked outside of a restaurant. The laptop contained patient names, dates of birth, dates of service and insurance information.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

December 19, 2010 Stony Brook University
Stony Brook, New York
EDU DISC

61,001 (No SSNs or financial information reported)

Student and faculty network and student IDs were posted online on sbuchat.com. A file with all registered student and faculty ID numbers could be downloaded in a PDF or Excel format. A systems engineer undergraduate discovered a flaw in the SOLAR system that allowed him to change students' NetID passwords without knowledge of the original password. The student then accessed the complete list of student and faculty IDs and posted the information.

 
Information Source:
Databreaches.net
records from this breach used in our total: 0

December 17, 2010 Integrated Biometrics Technology (IBT)
Waco, Texas
BSO INSD

Unknown

A former employee who had worked as a live scan operator took thousands of background check applications she had processed and used them to obtain fraudulent credit cards and financial accounts.  The applications were from Fingerprint Applicant Services of Texas (FAST) and used for Texas licensing and certification. The former employee is alleged to have conspired with at least three other people.

 
Information Source:
Databreaches.net
records from this breach used in our total: 0

December 17, 2010 deviantART, Silverpop Systems Inc.
Hollywood, California
BSO HACK

13,000,000 (No SSNs or financial information exposed)

Mirroring the Gawker an McDonald's breaches earlier this month, hackers exposed the email addresses, user names and birth dates of the entire deviantART user database.  Hackers were able to breach deviantART's marketing company Silverpop Systems Inc. Passwords and sensitive information were not exposed, but the breach is expected to increase spam for registered users.

 
Information Source:
Databreaches.net
records from this breach used in our total: 0

December 16, 2010 Azteca
Okeechobee, Florida
BSR INSD

Unknown

A convenience store clerk was indicted on federal conspiracy, wire fraud, credit card fraud and aggravated identity theft charges. He is accused of using a skimmer device to obtain credit card information during normal customer credit card transactions. The stolen information was used to recode gift cards and other credit cards with magnetic strips to create counterfeits. The employee was outed after selling a card to someone who then informed the FBI.

 
Information Source:
Databreaches.net
records from this breach used in our total: 0

December 16, 2010 Wackenhut
Palm Beach Garden, Florida
BSO PORT

Unknown

Hard drives were stolen during shipment between Iraq and the US. The company became aware of the loss on November 29. The hard drives contained former employee full names, Social Security numbers, passport numbers, addresses and dates of birth.

 
Information Source:
Databreaches.net
records from this breach used in our total: 0

December 14, 2010 McDonald's, Arc Worldwide, Silverpop Systems Inc.
Atlanta, Georgia
BSR HACK

Unknown

The location listed is Silverpop's headquarters.

Hackers were able to access the information of McDonald's customers.  People who signed up for online promotions or newsletter subscriptions may have had their email addresses, contact information and birth dates exposed.  McDonald's uses a company called Arc Worldwide for its marketing services.  The breach was through Arc Worldwide's business partner Silverpop Systems Inc.

 
Information Source:
Databreaches.net
records from this breach used in our total: 0

December 20, 2010 Saint Louis University
St. Louis, Missouri
EDU HACK

Unknown

St. Louis University's network was breached during the week. At least some Social Security numbers and personal information of employees were exposed, but students also received notification of the breach. Employees who had been with the University for at least five years were affected.

 
Information Source:
Databreaches.net
records from this breach used in our total: 0

February 28, 2007 First Advantage SBS
Saint Petersburg, Florida
BSO HACK

Unknown

Subscriber user-IDs and passwords were compromised. Unauthorized individuals may have accessed names, Social Security numbers, addresses and other information related to employment credit reports. At least 11 New York residents were affected by this breach, but the total number of affected individuals nationwide was not revealed.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

February 17, 2007 Albany Medical Center
Albany, New York
MED PORT

12,000 (Unknown number of SSNs)

A laptop was stolen from the Employee Health Services center.  It contained software used to track information required for N95 fit testing at Albany Med.  Staff names and Social Security numbers were also exposed.  Anyone who had N95 fit testing at Albany Med between January 2005 and February 2007 may have had their personal information exposed.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

March 29, 2007 Experian, Vallarta Auto Sales
Las Vegas, Nevada
BSR UNKN

Unknown

An unauthorized person gained access to Vallarta's Experian account and may have obtained consumer information.  Affected individuals may have had their names, Social Security numbers, dates of birth and addresses exposed. Fourteen New York residents were affected, but the total number of people affected nationwide was not reported.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

March 13, 2007 The New Teachers Project
New Orleans, Louisiana
NGO PORT

Unknown

The January 13 theft of a laptop exposed personal information of current and former practitioner teachers. The laptop was stolen from an office. It contained names, Social Security numbers, addresses and telephone numbers. Seven New York residents were affected, but the number of affected employees nationwide was not revealed.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

March 7, 2007 North Carolina Department of Correction
Raleigh, North Carolina
GOV PHYS

16 (No SSNs or financial information reported)

Paper documents with sensitive information were thrown into the trash and may have been recovered by an inmate working as a janitor.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

March 23, 2007 Homeland Funding Solutions Inc.
Cranston, Rhode Island
BSF STAT

Unknown

Two laptops and 13 desktop computers were stolen from the main office of Homeland Funding Solutions, Inc. over the weekend of March 17. Loan information that had been sent via email may have been on the hard drives of the stolen computers.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

April 4, 2007 Guilford Technical Community College
Greensboro, North Carolina
EDU PHYS

550 (No SSNs or financial information reported)

A surplus file cabinet that was temporarily stored in a warehouse area prior to an auction held sensitive paper documents.  Anyone entering the warehouse could have viewed or taken the files.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

April 19, 2007 Honeywell International
Morristown, New Jersey
BSF PORT

Unknown

A laptop was stolen from a Honeywell HR employee.  It contained the names and Social Security numbers of employees.  At least 20 New York residents were affected, but the total number of people affected nationwide was not revealed.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

April 3, 2007 Waste Management Inc.
Wixom, Michigan
BSO INSD

Unknown

An investigation revealed that an employee was selling customer financial information. The employee's work computer was searched and several spreadsheets with customer names, addresses, credit card numbers and bank account numbers were found.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

April 19, 2007 Valve Software
Bellevue, Washington
BSR HACK

Unknown

A hacker accessed customer information that was stored on the website. Thousands of customers had their information exposed, and the hacker posted some customer credit card information. The hacker claims to have gained access by utilizing login details that were easily found by browsing. Valve asset information was also exposed.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

April 3, 2007 College Loan Corporation
San Diego, California
BSF PORT

Unknown

A laptop was stolen from an employee's vehicle in a parking lot on March 24. It contained names, Social Security numbers and loan data.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

May 8, 2007 EZCORP, EZPAWN
San Antonio, Texas
BSF PHYS Unknown
Several EZPAWN stores in the San Antonio area exposed customers' personal information by discarding business records in easily accessible trash cans behind stores. The Texas Attorney General decided to take legal action against EZCORP Inc. and its subsidiary EZPAWN. Customer records included promissory notes and bank statements that contained names, addresses, Social Security numbers, driver's license numbers and checking account information.  
Information Source:
Dataloss DB
records from this breach used in our total: 0

May 8, 2007 Jones Beauty College
Dallas, Texas
EDU PHYS

Unknown

The Texas Attorney General filed an enforcement action against the College in March.  Student financial aid forms with Social Security numbers and other personal information had been improperly discarded.  

 
Information Source:
Media
records from this breach used in our total: 0

May 11, 2007 Student Loan Funding Resources, The Art Institute of California
San Diego, California
BSF HACK

Unknown

A breach on the Student Loan Funding's eCounselor website may have exposed names and Social Security numbers.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

May 8, 2007 Carus Publishing Company
Petersborough, New Hampshire
BSO HACK

Unknown

Hackers obtained access to customer information located on the Company's website. The breach occurred sometime between April and May. Customer names, addresses, credit card numbers and types of credit cards were downloaded by the hackers.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

May 7, 2007 Arteis
Palo Alto, California
BSO HACK

Unknown

The location listed is Hewlett-Packard Company's headquarters. Hewlett-Packard acquired Arteis in May of 2007.

In January, Arteis discovered that an unauthorized person had accessed certain files. Customer names, addresses and credit card numbers may have been exposed.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

June 4, 2007 GFK NOP LLC
New York, New York
BSO PORT

Unknown

An employee's laptop was stolen from her car on May 29.  A payroll-related Excel file that contained the names, Social Security numbers, dates of birth, state of residence and base rate of pay for employees.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

July 31, 2007 Textron
Providence, Rhode Island
BSF PORT

500 (No SSNs or financial information reported)

An employee's laptop was stolen.  It contained employee information.  At least 475 New Hampshire and 25 Maine residents were affected, but the total number of affected individuals was not revealed.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

July 16, 2007 Intergraph Corporation
Huntsville, Alabama
BSR HACK

Unknown

Confidential information about some transactions was accessed without authority by an unknown person or persons via the Internet.  The information may have included name, address, and credit or debit card number and expiration date, in addition to shipping address and in some cases, a separate credit card address.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

December 23, 2010 Mankato Clinic
Mankato, Minnesota
MED PORT

3,159 (No SSNs or financial information reported)

Patients who received a notification letter may call 1-800-657-6944 X8633 or 625-1811 X8633.

A laptop was stolen from the car of a registered nurse sometime between November 1 and 2. It contained a spreadsheet with patient names, dates of birth, medical record numbers, health provider names and diagnosis information. Patients were notified in late December because it took nearly two months to notify patients because the Clinic was determining what was on the laptop.

 
Information Source:
PHIPrivacy.net
records from this breach used in our total: 0

December 22, 2010 Zarzamora Family Dental Care
San Antonio, Texas
MED STAT

800 (No SSNs or financial information reported)

The October 15 theft of a desktop computer affected 800 patients.

 
Information Source:
HHS via PHIPrivacy.net
records from this breach used in our total: 0

December 22, 2010 Hospital Auxilio Mutuo
Hato Ray, Puerto Rico
MED HACK 1,000 (No SSNs or financial information reported)
The Hospital experienced a breach of one or more computers on or around November 19. The exact nature of the breach was not reported and could have been theft, unauthorized access, hacking, or an IT incident.  
Information Source:
HHS via PHIPrivacy.net
records from this breach used in our total: 0

December 22, 2010 Cook County Health and Hospital Systems
chicago, Illinois
MED STAT

556 (No SSNs or financial information reported)

A desktop computer was found to be missing on or around November 1. It contained the medical record identification numbers, names, dates of birth, clinic names, physician names, and lab results of some patients.

 
Information Source:
PHIPrivacy.net
records from this breach used in our total: 0

December 21, 2010 Department of Veteran's Affairs
Dallas, Texas
GOV PHYS

140 (No full SSNs reported)

The names, Social Security numbers and treatment locations of about 140 veterans were mixed in with other paperwork. The paperwork was sent to an EEOC office and viewed by multiple persons there. It appears that the names should not have been visible.

 
Information Source:
PHIPrivacy.net
records from this breach used in our total: 0

December 21, 2010 Veterans Affairs Chicago HCS
Chicago, Illinois
GOV DISC

878 (No full SSNs or financial information reported)

The Orthopedics Department was using Yahoo.com to keep track of patient scheduling. The information had been stored on Yahoo.com since July of 2007 and multiple current and former residents of the center had access to the password and account. Patients had their name, date and type of surgery and final four digits of Social Security number exposed. The information was deleted from the web page on November 29.

 
Information Source:
PHIPrivacy.net
records from this breach used in our total: 0

December 21, 2010 Newland Medical Associates
Southfield, Michigan
MED INSD

Unknown

A former employee is accused of stealing patient information and using it to commit identity theft.  The former employee is charged with 15 counts of identity theft and criminal enterprise.  Investigators believe the employee stole the information of cancer patients and used it to obtain credit cards.

 
Information Source:
PHIPrivacy.net
records from this breach used in our total: 0

December 20, 2010 Centra
Alpharetta, Georgia
MED PORT

11,982 (No SSNs or financial information reported)

A laptop was stolen from the trunk of an employee's rental car overnight on November 11. Patient names and billing information were on the laptop. The delay in notification occurred because of the time it took to determine what information was on the stolen laptop.

UPDATE (1/14/11): The total number of affected individuals was changed from 13,964 to 11,982.

 
Information Source:
PHIPrivacy.net
records from this breach used in our total: 0

December 20, 2010 Dean Clinic and St. Mary's Hospital
Madison, Wisconsin
MED PORT

3,288 (No SSNs or financial information reported)

Affected patients may go to www.yourpatientprivacy.com 

A laptop was stolen during a home invasion on or around November 8.  Patient names, dates of birth, medical record numbers, dates and types of procedures, diagnoses, and some pathology data were on the laptop.  

 
Information Source:
PHIPrivacy.net
records from this breach used in our total: 0

December 25, 2010 Dallas Police Department
Dallas, Texas
GOV PORT

Unknown

Laptops were stolen from ten decommissioned Dallas police cars.  The decommissioned squad cars were burglarized sometime during the last six months.  The laptops were used to check license plates, receive calls, and check people's records.  Officials believe there is little chance of sensitive information on the laptops or Dallas police network being accessed by unauthorized persons.

 
Information Source:
Databreaches.net
records from this breach used in our total: 0

December 23, 2010 Stens Corporation
Jasper, Indiana
BSF INSD

Unknown

Former employees continued to use passwords to access Stens' computer system after they left the company. Both employees left to work for a competitor and are thought to have used information on the computer system for commercial advantage and personal benefit. Stens employees became suspicious and changed the passwords, but the former employees guessed the new passwords. One of the men pleaded guilty to computer intrusion.

 
Information Source:
Databreaches.net
records from this breach used in our total: 0

December 23, 2010 Louisiana Horsemen's Benevolent and Protective Association (HBPA)
New Orleans, Louisiana
NGO INSD

Unknown

A former employee admitted that she conspired with others to send fraudulent votes. The woman falsified election ballots for members unlikely to vote, enclosed them in envelopes and marked the envelopes with the members' Social Security numbers. The purpose was to rig the outcome of the 2008 March HBPA election.

 
Information Source:
Databreaches.net
records from this breach used in our total: 0

December 22, 2010 Digital River Inc., SWReg Inc.
Houston, Texas
BSR HACK

Unknown

The location listed is the residence of the hacker.

A hacker accessed the SWReg computer system.  The SWReg system is used by Digital Rivers to pay contractors.  The system was altered to transfer money to the hacker's bank account instead of the accounts of contractors.  The hacker faces 20 years on wire fraud charges and 10 years on computer hacking charges.

 
Information Source:
Databreaches.net
records from this breach used in our total: 0

August 22, 2007 PrintPack Inc.
Atlanta, Georgia
BSR PORT

Unknown

Five laptops were stolen from Printpack's corporate headquarters during a nighttime burglary on or around August 16.  One laptop was taken from the finance department and had human resources information from current and former employees.  Names, Social Security numbers, dates of birth, marital status, addresses and other information may have been exposed.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

August 31, 2007 AW Direct Inc.
Berlin, Connecticut
BSR HACK

Unknown

An unauthorized person accessed AW Direct's website. Customer order information that included full names, addresses and credit card information was exposed.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

August 19, 2007 Applera
Norwalk, Connecticut
BSO PORT

Unknown

A laptop was stolen from the car of an employee while it was in a parking lot on August 9. The laptop contained full names and Social Security numbers of employees. It is not clear if all 5,530 of Applera's employees were affected by the incident. At least 24 New Hampshire residents were affected.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

September 27, 2007 Kelley Drye and Warren LLP
Washington, District Of Columbia
NGO PORT

Unknown

A laptop was stolen from an external pension auditor on September 12. It contained information related to Kelley's Retirement Savings Plan. This information included names, Social Security numbers, dates of birth, addresses, and/or date of employment.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

December 28, 2010 Apothecary of Colorado
Denver, Colorado
MED PHYS

Unknown

A man handling recyclables near his home found a conspicuous binder in a dumpster.  It turned out that medical marijuana records had been placed there.  The names, Social Security numbers, dates of birth, addresses and phone numbers of patients were in the binder.  The current owners believe the records are from the previous owner or owners.  "Dozens" of people were affected.

 
Information Source:
PHIPrivacy.net
records from this breach used in our total: 0

December 28, 2010 Geisinger Health System
Wilkes-Barre, Pennsylvania
MED DISC

2,928 (No SSNs or financial information reported)

A former physician emailed patient medical information to his home email account in an unencrypted manner. The information included patient names, medical record numbers, procedures and indications. The physician deleted the information from his computer, home network and servers.  The incident occurred on or around November 3.

 
Information Source:
PHIPrivacy.net
records from this breach used in our total: 0

Breach Total
815,842,526 RECORDS BREACHED
(Please see explanation about this total.)
from 4,488 DATA BREACHES made public since 2005
Showing 701-750 of 4488 results


X

Sign In!

Loading