Chronology of Data Breaches
Security Breaches 2005 - Present

Posted Date: April 20, 2005
Updated Date: December 31, 2013

Is this your first visit to our Chronology of Data Breaches?

  • Read our FAQ about what we define as a breached record, how we calculate the "total" records breached, our data sources, state breach notice laws, studies and other resources

  • Learn how to use our Chronology and take advantage of its sophisticated search and sort features

  • Get our RSS Feed to see when we add new breaches to the list

What would you like to do?


Click or unclick the boxes then select go.


Select features, then click GO.



Help Guide

Can't find the sort feature you're looking for? Click here to download a CSV file of the data breach list as it exisits today.
Breach Total
867,188,052 RECORDS BREACHED
(Please see explanation about this total.)
from 4,253 DATA BREACHES made public since 2005

Save or Print PDF of Entire Breach List including introduction.Save or Print a PDF of Entire Breach List (including introductory FAQ)

Filter breach list before saving or printing PDF. Conduct a search of the Chronology using its sorting features, and Save or Print a PDF of your search results (Select filters)

If you do not have access to PDF, you can print the Chronology in landscape view.

Date Made Publicsort icon Name Entity Type
December 19, 2006 Mississippi State University
Jackson, Mississippi
EDU DISC

2,400 students and emplolyees

SSNs and other personal information were inadvertently posted on a publicly accessible MSU Web site. The breach was discovered last week and the information has since been removed.

 
Information Source:
Dataloss DB
records from this breach used in our total: 2,400

December 19, 2006 Velocita Wireless, Sprint Nextel
Woodbridge, New Jersey
BSR PORT

255

A laptop from the human resources department was stolen during an office burglary on or around October 24. It contained current and former employee names, dates of birth, Social Security numbers and salary information. Affected individuals were contacted between December 13 and 15.

 
Information Source:
Dataloss DB
records from this breach used in our total: 255

December 20, 2006 Lakeland Library Cooperative
Grand Rapids, Michigan
GOV DISC

15,000 (No SSNs or financial information reported)

Lakeland Library Cooperative serves 80 libraries in eight counties.

Personal information of 15,000 library users in West Michigan was displayed on the Cooperative's Web site due to a technical problem. Information exposed included names, phone numbers, e-mail addresses, street addresses, and library card numbers. Children's names were also listed along with their parents' names on a spreadsheet document. The information has since been removed.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

December 20, 2006 Big Foot High School
Walworth, Wisconsin
EDU DISC

87

Personal information was accidentally exposed on the High School's Web site for a short time, perhaps for about 36 minutes, according to a report. Information included last names, SSNs, and birthdates.  Current and former employees were affected.

 
Information Source:
Dataloss DB
records from this breach used in our total: 87

December 20, 2006 Lake County residents and Major League Baseball players
Northbrook, Illinois
BSO PHYS

27 residents of Lake County, 90 Major League Baseball players

A Chicago man apparently removed documents from a trash bin outside SFX Baseball Inc., a sports agency that deals with Major League Baseball. Some current and former MLB players and county residents were affected.He used information from the documents to commit identity theft. Information found during a search of the thief's home included SSNs, dates of birth, canceled paychecks, obituaries, and infant death records.

 
Information Source:
Dataloss DB
records from this breach used in our total: 117

December 20, 2006 Deb Shops, Inc.
Philadelphia, Pennsylvania
BSR HACK

Unknown

(800) 460-9704

A hacker illegally accessed company Web pages and a related data base used for Internet-based purchases. The intruder may have accessed customers' credit card information including names on cards and credit card numbers.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

December 21, 2006 Santa Clara County employment agency
Santa Clara County, California
GOV STAT

2,500

A computer stolen from the agency holds the SSNs of approximately 2,500 individuals.

 
Information Source:
Dataloss DB
records from this breach used in our total: 2,500

December 21, 2006 Goal Financial, LLC
San Diego, California
BSF STAT

34,000

The location listed is the headquarters. It is not clear where the incident took place.

A portion of borrowers' names and Social Security numbers were on four hard drives that were accidentally sold before being wiped clean. Employees transferred more than 7,000 files with consumer information to third parties without authorization, and one employee sold the hard drives to the public surplus. The hard drives were retrieved after the mistake was realized on June 13. Affected individuals were notified in June. The student loan company agreed to settle FTC charges in December. The company violated the FTC's Privacy Rule by failing to take reasonable and appropriate measures to protect personal information.

 
Information Source:
Dataloss DB
records from this breach used in our total: 34,000

December 21, 2006 Hunter College of the City University of New York
New York, New York
EDU DISC

140

The full names and Social Security numbers of certain individuals were on a spreadsheet that an employee emailed to a group of students on November 8. Students were instructed to delete the file after the discovery.  At least 140 New York residents were affected, but the total number of people affected nationwide was not revealed.

 
Information Source:
Dataloss DB
records from this breach used in our total: 140

December 21, 2006 Wake County Public School System
Raleigh, North Carolina
EDU PORT

3,396

A flash drive that contained employee names and Social Security numbers was misplaced. The flash drive was found two days later.

 
Information Source:
Dataloss DB
records from this breach used in our total: 3,396

December 21, 2006 City University of New York
New York, New York
EDU DISC

96

Confidential data from the University server was accidentally made available through a Google search. The error was discovered on October 17 and faculty, students and staff were affected. The information included full names, Social Security numbers, dates of birth, addresses, email addresses and University library identification card numbers. The copy of the file was removed from Google on October 20.

 
Information Source:
Dataloss DB
records from this breach used in our total: 96

December 21, 2006 New York City Human Resources Administration
Brooklyn, New York
GOV PORT

7,800

Information from the Office of Temporary and Disability Assistance and the New York State Department of Health was exposed.

A hard drive with human resources information was discovered to be missing. The hard drive may have had temporary and disability assistance applicant reports with names, Social Security numbers and dates of birth.

 
Information Source:
Dataloss DB
records from this breach used in our total: 7,800

December 22, 2006 Texas Woman's University
Dallas, Texas
EDU DISC

15,000 students

Additional locations: Denton and Houston, TX

A document containing names, addresses and SSNs of 15,000 TWU students was transmitted over a non-secure connection.

 
Information Source:
Media
records from this breach used in our total: 15,000

December 22, 2006 Utah Valley State College
Orem, Utah
EDU DISC

15,000

Social Security numbers and other personal information of students and faculty were accessible via Yahoo's search engine. The information was removed from UVSC's servers. Some Distance Education instructors and some students enrolled in UVSC courses between January 2002 and January 2005 were affected.

 
Information Source:
Dataloss DB
records from this breach used in our total: 15,000

December 27, 2006 Montana State University
Bozeman, Montana
EDU DISC

259

A student working in the loan office mistakenly sent packets containing lists of student names, Social Security numbers, and loan information to other students.

 
Information Source:
Dataloss DB
records from this breach used in our total: 259

December 27, 2006 Deaconess Hospital
Evansville, Indiana
MED PHYS

128 patients

A computer missing from the hospital holds personal information, including SSNs, of 128 respiratory therapy patients.

 
Information Source:
Dataloss DB
records from this breach used in our total: 128

December 28, 2006 U.S. State Department
Washington, District Of Columbia
GOV PHYS

700

A bag containing approximately 700 completed passport applications, which included Social Security numbers, was reported missing on December 1. The bag, which was supposed to be shipped to Charlotte, NC, was found later in the month at Los Angeles International Airport.

 
Information Source:
Dataloss DB
records from this breach used in our total: 700

December 30, 2006 KeyCorp
Cleveland, Ohio
BSF PORT

9,300

A laptop computer stolen from a KeyCorp vendor contains personally identifiable information, including SSNs, of 9,300 customers in six states.

 
Information Source:
Dataloss DB
records from this breach used in our total: 9,300

January 1, 2007 Wisconsin Department of Revenue via Ripon Printers
Madison, Wisconsin
GOV DISC

171,000 taxpayers

(608) 224-5163,  http://privacy.wi.gov/alerts/jan0107.jsp

Tax forms were mailed to taxpayers in which SSNs were inadvertently printed on the front of some Form 1 booklets. Some were retrieved before they were mailed.

 
Information Source:
Dataloss DB
records from this breach used in our total: 171,000

January 2, 2007 Notre Dame University
Notre Dame, Indiana
EDU PORT

Unknown

Additional location: South Bend, IN

A University Director's laptop was stolen before Christmas. It contained personal information of employees, including names, SSNs, and salary information.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

January 2, 2007 News accounts are not clear as to source, but thought to be a realty office
Las Vegas, Nevada
BSO PHYS

Unknown

About 40 boxes of financial paperwork, thought to be from loan applications, was found in a dumpster. One of the boxes visible to news reporters was said to contain paperwork with bank account details, photocopies of driver's licenses, SSNs and other private information.

 
Information Source:
Media
records from this breach used in our total: 0

January 2, 2007 BayRock Mortgage
Alpharetta, Georgia
BSF PORT

197

The location listed is the BayRock office and may not be where the theft occurred.

A laptop with investor information was lost when an employee's rental car that it was in was stolen.

 
Information Source:
Dataloss DB
records from this breach used in our total: 197

January 3, 2007 Academic Magnet High School
North Charleston, South Carolina
EDU PORT

500 (No SSNs or financial information reported)

A recent burglary makes it the third time that computers were stolen during campus burglaries. Two other incidents occurred in November. Student information was on the laptop stolen in the recent burglary. School officials felt that risk of identity theft was extremely low because the information was password protected and encrypted.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

January 4, 2007 Selma, North Carolina, Water Treatment Plant
Johnston County, North Carolina
GOV PORT

300

A laptop stolen from the water treatment facility holds the names and SSNs of Selma volunteer firefighters.

 
Information Source:
Dataloss DB
records from this breach used in our total: 300

January 5, 2007 Dr. Baceski's office, internal medicine
Somerset, Pennsylvania
MED PORT

hundreds of patients

A hard drive was stolen containing personal information on hundreds of patients.

 
Information Source:
Media
records from this breach used in our total: 0

January 9, 2007 Towers Perrin
New York, New York
BSF INSD

300,000

 

Around 18,000 past and present employees, presumably of Altria, and 6,300 employees of Philip Morris were affected.

 

Five laptops were stolen from Towers Perrin, allegedly by a former employee. The theft occurred Nov. 27, 2006. The computers contain names, SSNs, and other pension-related information, presumably of several companies, although news reports are not clear. Companies named include Altria (unknown number, possibly 18,000 employees) and Philip Morris (6,300 employees).

UPDATE (1/11/07): NY police arrested a junior-level administrative employee of the company in the theft of the laptops.

UPDATE (2/6/09): It now appears that 300,000 people were affected.  Additional companies include Citigroup, Time Warner, United Technologies, Prudential Financial, Random House, Stanley Inc., Bertelsmann Services Inc., Lloyd's Register Group, AGL Resources Inc., Salvage Association, The Nielsen Company, Major League Baseball, Unilever, Harlequin Holdings, Celanese Americas Corporation, The Interpublic Group, Dover Corporation, Continuum Health Partners, Maersk Inc./P&O Nedlloyd, Roman Catholic Diocese of Brooklyn, Cambrex Corporation, Strategic Industries, Shorewood, Swiss International Air Lines, LTD, Alpharma Inc.

 
Information Source:
Dataloss DB
records from this breach used in our total: 300,000

January 9, 2007 Mercer Health and Benefits
,
BSF PORT

10,500 (No SSNs or financial information reported)

A laptop computer was stolen from a vehicle.  

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

January 10, 2007 University of Arizona
Tucson, Arizona
EDU UNKN

Unknown

Breaches occurred in November and December 2006 that affected services with UA Student Unions, University Library, and UA Procurement and Contracting Services. Some services were shut down for several days.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

January 10, 2007 Advent Software Inc.
San Francisco, California
BSR PORT

Unknown

A laptop was stolen from the office on or around November 20. It contained employee Social Security numbers and addresses. Employees were notified in December. At least 21 New Hampshire residents were affected, but the total number of affected individuals nationwide was not revealed.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

January 10, 2007 New Hope Church
Durham, North Carolina
NGO PORT

45

Current and former employee information was on a stolen laptop.  The laptop was taken from the church offices during a December 31 burglary. Names, Social Security numbers, addresses and payroll information was on the stolen laptop.

 
Information Source:
Dataloss DB
records from this breach used in our total: 45

January 11, 2007 University of Idaho
Moscow, Idaho
EDU STAT

70,000

(866) 351-1860

Over Thanksgiving weekend, 3 desktop computers were stolen from the Advancement Services office containing personal information of alumni, donors, employees, and students. 331,000 individuals may have been exposed, with as many as 70,000 records containing SSNs, names and addresses.

 
Information Source:
Dataloss DB
records from this breach used in our total: 70,000

January 11, 2007 Transamerica Financial Life Insurance Company, Aegon Insurance Group
Cedar Rapid, Iowa
BSF INSD

67

A former employee of an affiliated company accessed customer records and was eventually discovered to be part of a credit card fraud investigation.  The records found included names, addresses, Social Security numbers and dates of birth.

 
Information Source:
Dataloss DB
records from this breach used in our total: 67

January 12, 2007 MoneyGram International
Minneapolis, Minnesota
BSF HACK

79,000

MoneyGram, a payment service provider, reported that a company server was unlawfully accessed over the Internet last month. It contained information on about 79,000 bill payment customers, including names, addresses, phone numbers, and in some cases, bank account numbers.

 
Information Source:
Media
records from this breach used in our total: 79,000

January 13, 2007 North Carolina Department of Revenue
Raleigh, North Carolina
GOV PORT

30,000 taxpayers

A laptop computer containing taxpayer data was stolen from the car of a NC Dept. of Revenue employee in mid-December. The files included names, SSNs or federal employer ID numbers , and tax debt owed to the state.

 
Information Source:
Dataloss DB
records from this breach used in our total: 30,000

January 16, 2007 University of New Mexico
Albuquerque, New Mexico
EDU STAT

Unknown

At least 3 computers and 4 monitors were stolen from the associate provost's office overnight between Jan. 2 and 3. They may have included faculty members' names and SSNs.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

January 17, 2007 TJ stores (TJX), including TJMaxx, Marshalls, Winners, HomeSense, AJWright, KMaxx, and possibly Bob's Stores in U.S. & Puerto Rico -- Winners and HomeGoods stores in Canada -- and possibly TKMaxx stores in UK and Ireland
Framingham, Massachusetts
BSR HACK

100,000,000

U.S.: Call (866) 484-6978, Canada: (866) 903-1408, U.K. & Ireland: 0800 77 90 15, www.tjx.com

The TJX Companies Inc. experienced an unauthorized intrusion into its computer systems that process and store customer transactions including credit card, debit card, check, and merchandise return transactions. It discovered the intrusion mid-December 2006. Transaction data from 2003 as well as mid-May through December 2006 may have been accessed. According to its Web site, TJX is the leading off-price retailer of apparel and home fashions in the U.S. and worldwide.

Note on our total: included in this breach are 45,700,000 credit and debit card account numbers; 455,000 merchandise return records containing customer names and driver's license numbers; recovery of about 200,000 stolen credit card account numbers; records then 1indicated an additional 48 million people have been affected. Totals were estimated at 94 million but now seem to have affected over 100 million accounts.

UPDATE  (2/22/2007):TJX said that while it first thought the intrusion took place from May 2006 to January 2007, it now thinks its computer system was also hacked in July 2005 and on various subsequent dates that year.


UPDATE (3/21/2007): Information stolen from TJX's systems was being used fraudulently in November 2006 in an $8 million gift card scheme, one month before TJX officials said they learned of the breach, according to Florida law enforcement officials.

UPDATE  (3/29/2007): The company reported in its SEC filing that 45.7 million credit and debit card numbers were hacked, along with 455,000 merchandise return records containing customers' driver's license numbers, Military ID numbers or Social Security numbers.

UPDATE (4/22/2007): Initially, TJX said the break-in started seven months before it was discovered. Then, on Feb. 18, the company noted the perpetrators had access to data for 17 months, and apparently began in July 2005.

UPDATE (04/26/2007): Three states' banking associations (MA, CT, and ME) filed a class action lawsuit against TJX to recover the costs of damages totaling tens of millions of dollars incurred for replacing customers' debit and credit cards.

UPDATE (05/04/2007): An article in the WSJ notes that because TJX had an outdated wireless security encryption system, had failed to install firewalls and data encryption on computers using the wireless network, and had not properly install another layer of security software it had bought, thieves were able to access data streaming between hand-held price-checking devices, cash registers and the store's computers. 21 U.S. and Canadian lawsuits seek damages from the retailer for reissuing compromised cards.

UPDATE (07/10/2007): U.S. Secret Service agents found TJX customers' credit card numbers in the hands of Eastern European cyber thieves who created high-quality counterfeit credit cards. Victims are from the U.S., Europe, Asia and Canada, among other places, Several Cuban nationals in Florida were arrested with more than 200,000 credit card account numbers.

UPDATE (08/31/2007): The U.S. Secret Service Agency earlier this week said it has arrested and indicted four members of an organized fraud ring in South Florida, charging each of them with aggravated identity theft, counterfeit credit-card trafficking, and conspiracy.

UPDATE (09/21/2007): A ring leader in the TJX Cos.-linked credit card fraud, was sentenced to five years in prison and has been ordered to pay nearly $600,000 in restitution for damages resulting from stolen financial information.

UPDATE (09/25/2007): TJX announced the terms of a settlement for customers affected by the data breach -- with strings attached. Credit monitoring will be offered to about 455,000 of the 46 million affected. TJX will reimburse customers who had to replace driver's licenses as a result of the breach if they submit documentation for the time and money spent on replacing licenses. The company will give a $30 store voucher to those customers who submit documentation about their lost time and money. And TJX will hold a special 3-day sale with a 15% discount sometime in 2008. The settlement still needs to be approved by the court.

UPDATE (10/23/2007): Court filings in a case brought by banks against TJX say the number of accounts affected by the thefts topped 94 million.

UPDATE (10/23/2007): The total number of records increased from 167 million to 215 million. Recent court filings in a case brought by banks against TJX say the number of accounts affected by the thefts topped 94 million, up considerably from 45,7 million credit and debit card account numbers initially thought to be compromised. Breach costs have been estimated at $216 million.

UPDATE (11/30/2007): Fifth Third Bancorp, the Ohio bank that was fined $880,000 by Visa for its role in the customer data security breach at TJX Cos., the largest ever, also paid fines and compensation totaling $1.4 million following the loss of data from BJ's Wholesale Club Inc.

UPDATE (12/05/2007): An InternetNews.com article estimates TJX expenses at $500 million to $1 billion. In a settlement with VISA USA, TJX will pay a maximum of $40.9 million to fund an alternative recovery payments program for customers affected by the breach. At least 19 lawsuits have been filed, and there are investigations underway by the Federal Trade Commission and 37 state Attorneys General.

UPDATE (12/18/2007): TJX has settled the lawsuit for an undisclosed amount.Although both sides said the settlement total would remain confidential, TJX said the costs were covered by a $107 million reserve that it set aside against its second-quarter earnings.TJX also has said that $107 million would cover the costs of another breach agreement: a Nov. 30 deal with Visa Inc. to help pay a maximum $40.9 million to help the network's card-issuing banks recover expenses to replace customers' Visa cards.

UPDATE (2/10/2008): Notices are going out to millions of customers who may have had credit card information compromised in a data breach. The notices contain information about eligibility for compensation such as vouchers and credit monitoring to be provided under a proposed settlement.

UPDATE (4/2/2008): TJX Cos. reached a settlement with MasterCard Inc. in which it will pay up to $24 million to banks and other institutions to cover fraud losses stemming from a massive data breach disclosed last year. They also struck a similar deal with rival card network Visa in which it agreed to pay up to $40.9 million. As in that deal, TJX said the costs of its MasterCard settlement are included in the $256 million the company has set aside to pay for computer work and other costs associated with the breach.

UPDATE (5/14/2008): The TJX Companies, Inc. today announced that it completed its previously announced settlement with MasterCard International Incorporated and its issuers. Financial institutions representing 99.5% of eligible MasterCard accounts worldwide claimed to have been affected by the unauthorized computer intrusion(s) at TJX accepted the alternative recovery offer under TJX's previously announced Settlement Agreement with MasterCard.

UPDATE (8/5/2008): Eleven perpetrators allegedly involved in the hacking of nine major U.S. retailers have been charged with numerous crimes, including conspiracy, computer intrusion, fraud and identity theft. This is the largest hacking and identity theft case ever prosecuted by the U.S. Department of Justice. An indictment was returned on Aug. 5, 2008. Conspirators obtained the credit and debit card numbers by wardriving and hacking into the wireless computer networks of major retailers -- including TJX Companies, BJ's Wholesale Club, OfficeMax, Boston Market, Barnes & Noble, Sports Authority, Forever 21 and DSW. The indictments are the result of a three-year undercover investigation conducted out of the San Diego Field Office of the U.S. Secret Service.

UPDATE (8/30/2008): TrustCo BankCorp NY sued TJX in August 2008 to recoup costs it incurred from reissuing an estimated 4,000 customer MasterCard debit cards after hackers accessed the TJX computer network. The bank stated its cost for the breach was up to $20 per affected account, explaining that it suffered losses from administrative expenses and lost interest and transaction fees. Later in the month, TJX in turn claimed that Trustco failed to implement policies or procedures that would have enabled the bank to avoid canceling and replacing customer debit cards.

UPDATE (9/22/2008):One of the 11 people arrested last month in connection with the massive data theft at T JX Companies Inc., BJ Wholesale Clubs Inc. and several other retailers pleaded guilty yesterday to four felony counts, including wire and credit card fraud and aggravated identity theft. Many of the Internet attacks that he facilitated were SQL injection attacks, according to court documents. The stolen data was sold to cyber criminals in Eastern Europe and the U.S. or used to make fraudulent credit and debit cards.

UPDATE (6/26/2009): TJX has agreed to pay $9.75 million to 41 states and to implement and maintain a comprehensive information security program, designed to safeguard consumer data and address any weaknesses in TJX's systems in place at the time of the breach. Of the $9.75 million monetary payment under the settlement, $5.5 million is to be dedicated to data protection and consumer protection efforts by the states, and $1.75 million is to reimburse the costs and fees of the investigation. Further, $2.5 million of the settlement will fund a Data Security Trust Fund to be used by the state Attorneys General to advance enforcement efforts and policy development in the field of data security and protecting consumers’ personal information.

UPDATE (7/28/2009): Pennsylvania and 40 other states reached a $9.75 million settlement.

UPDATE (9/4/2009): TJX settles for $525K with four banks. As part of the settlement with AmeriFirst Bank, Trustco Bank, HarborOne Credit Union and SELCO Community Credit Union, the Framingham, Mass.-based retailer paid $525,000. The money primarily will be used to cover the banks' expenses in pursuing the legal action.

UPDATE (12/15/2009):A Miami hacker who had already pleaded guilty to computer fraud and identity theft for breaches at retailers T.J. Maxx, OfficeMax, and many other merchants, pleaded guilty on Tuesday to similar charges related to breaches at Heartland Payment Systems, 7-11, Hannaford Brothers supermarkets, and two other companies. Albert Gonzalez, 28, reiterated terms of a plea agreement in U.S. District Court in Boston. A week earlier, co-conspirator Stephen Watt of New York, appeared in that same court and was ordered to serve two years in prison and pay $171.5 million in restitution for developing a sniffing program used to grab payment card data in the breach at the TJX companies between 2003 and 2008.

UPDATE (3/17/2010): Humza Zaman, a co-conspirator in the hack of TJX and other companies, was sentenced in Boston to 46 months in prison and fined $75,000 for his role in the conspiracy. The sentence matches what prosecutors were seeking. Zaman was charged with laundering between $600,000 and $800,000 for hacker Albert Gonzalez, who is currently awaiting sentencing on charges that he and others hacked into TJX, Office Max, Heartland Payment Systems and numerous other companies to steal data on more than 100 million credit and debit card accounts. Zaman pleaded guilty in April to one count of conspiracy. His sentence includes three years of supervised release with the condition that Zaman must disclose his conviction to any future employer. Upon release, Zaman will not be barred from using computers. Zaman is the second conspirator in the TJX case to be charged. Former Morgan Stanley coder, Stephen Watt, was sentenced in December to two years in prison for his role in the TJX case, which involved supplying Gonzalez with a sniffer program used to siphon card data from the TJX network. 

UPDATE (3/29/2010): A 28-year-old college dropout who became the world’s biggest credit card hacker on Thursday was sentenced to 20 years in prison for stealing millions of credit union and bank account records from TJX Cos., BJ’s Wholesale Club, Office Max, Dave & Busters, Barnes & Noble and a string of other companies – even as he was working as a $75,000-a-year undercover informant for the U.S. government in identity theft cases. But that’s not the end of it, as Albert Gonzalez is scheduled to be sentenced again to additional years behind bars for additional data thefts at Heartland Payment Systems, Hannaford Bros. supermarkets and 7-Eleven convenience stores. The theft of credit card data cost financial institutions, insurers and cardholders an estimated $200 million, according to law enforcement. JC Penney and Wet Seal were both officially added to the list of retail victims of Albert Gonzalez on Friday (March 26) when U.S. District Court Judge Douglas P. Woodlock refused to continue their cloak of secrecy and removed the seal from their names. StorefrontBacktalk had reported last August that $17 billion JC Penney chain was one of Gonzalez.s victims, even though JC Penney's media representatives were denying it. But the $561 million chain Wet Seal, which has 504 stores in 47 states, Washington, D.C. and Puerto Rico, had kept their identity secret. No more and that.s the way Woodlock wanted it. 

UPDATE (4/16/2010): Damon Patrick Toey, the 'trusted subordinate' of TJX hacker Albert Gonzalez, was sentenced in Boston to 5 more years in prison. He also received a $100,000 fine and three years. supervised release, according to the Justice Department.

UPDATE (7/8/2010): TJX has settled another lawsuit.  The Louisiana Municipal Police Employees' Retirement System, a shareholder of TJX stock, settled with TJX for $595,000 in legal fees and enhanced oversight of customer files.

UPDATE (4/8/2011): Albert Gonzalez is appealing his conviction for his role in a large data breach by claiming that his actions were authorized by the Secret Service.  The government acknowledged that Gonzalez was a key undercover Secret Service informant at the time of the breaches.  In a 25-page petition, Gonzalez faulted one of his attorney's for failing to prepare a "Public Authority" defense, which would have argued that he committed crimes with the approval of government authorities.

 
Information Source:
Dataloss DB
records from this breach used in our total: 100,000,000

January 17, 2007 Rincon del Diablo Municipal Water District
Escondido, California
GOV STAT

500

Additional locations:unincorporated neighborhoods outside the city, and parts of San Marcos and San Diego, CA. (760) 745-5522

Two computers were stolen from the district office. One included names and credit card numbers of customers.

 
Information Source:
Dataloss DB
records from this breach used in our total: 500

January 18, 2007 KB Home
Charleston, South Carolina
BSO STAT

2,700

A computer was stolen from one of the home builder's offices. It likely contained names, addresses, and SSNs of people who had visited the sales office for Foxbank Plantation in Berkeley County near Charleston.

 
Information Source:
Dataloss DB
records from this breach used in our total: 2,700

January 18, 2007 Private Medical Practice
Cheektowaga, New York
MED STAT

10,600

The December 15 office burglary of three computers may have exposed patient information. Names, Social Security numbers, addresses, dates of birth, phone numbers, insurance companies and insurance ID numbers were on the computers.

 
Information Source:
Dataloss DB
records from this breach used in our total: 10,600

January 19, 2007 U.S. Internal Revenue Service via City of Kansas City
Kansas City, Missouri
GOV PORT

Unknown

26 IRS computer tapes containing taxpayer information were reported missing after they were delivered to City Hall. They potentially contain taxpayers' names, SSNs, bank account numbers, or employer information. The 26 tapes were the entire shipment received by the City last August. The disappearance was noticed late December 2006.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

January 19, 2007 First Advantage SafeRent, Inc., Z II Investment Group, LLC
Philadelphia, Pennsylvania
BSF INSD

18

A company named Z II Investment Group, LLC had a number of unauthorized credit reports performed.  The unauthorized reports contained name, address, Social Security number, date of birth, and partial credit card number.

 
Information Source:
Dataloss DB
records from this breach used in our total: 18

January 20, 2007 Greenville South Carolina County School District
Greenville, South Carolina
EDU PHYS

Unknown

Boxes of personnel records were inadvertently left unsecured during renovations. Ten boxes held the names and Social Security numbers of teachers employed by the district between 1972 and 1990. Other boxes contained personnel records through 1998. District officials secured the boxes after receiving an anonymous call about the mistake.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

January 22, 2007 U.S. Department of Veterans Affairs
Seattle, Washington
GOV PHYS

Unknown

Folders of veterans' personal information were stolen from a locked car in Bremerton, WA. News stories are not clear on the type of information contained in the folders.

 
Information Source:
Media
records from this breach used in our total: 0

January 22, 2007 Chicago Board of Election
Chicago, Illinois
GOV PORT

1.3 million

About 100 computer discs (CDs) with 1.3 million Chicago voters' SSNs were mistakenly distributed to aldermen and ward committeemen. The CDs also contain birth dates and addresses.

 
Information Source:
Dataloss DB
records from this breach used in our total: 1,300,000

January 22, 2007 Sprint Nextel
Charlotte, North Carolina
BSR PORT

1,608

A laptop computer was stolen from an employee's home during a late November burglary. Information from customers nationwide was stored on the hard drive. Customers' names, addresses, Sprint Nextel account numbers and access codes, credit card numbers and phone numbers may have been exposed.

 
Information Source:
Dataloss DB
records from this breach used in our total: 1,608

January 23, 2007 Rutgers-Newark University, Political Science Department
Newark, New Jersey
EDU PORT

200 students

An associate professor's laptop was stolen, containing names and SSNs of 200 students. Rutgers no longer uses SSNs as student IDs, but student IDs from past years are still SSNs.

 
Information Source:
Dataloss DB
records from this breach used in our total: 200

January 23, 2007 Xerox
Wilsonville, Oregon
BSR PORT

297

A laptop was stolen from a human resources manager's car.  Some of the employees affected by the incident experienced credit problems before being informed that the theft had put them at risk.  One employee had multiple cell phone accounts taken out in his name a month and a half after the theft.

 
Information Source:
Dataloss DB
records from this breach used in our total: 297

January 24, 2007 Cornell University
Detroit, Michigan
EDU PORT

122

An employee laptop was lost after being checked as baggage at Detroit Metropolitan International Airport. It contained names, Social Security numbers and credit card numbers of some people.

 
Information Source:
Dataloss DB
records from this breach used in our total: 122

January 25, 2007 Clay High School
Oregon, Ohio
EDU HACK

Unknown

A former high school student obtained sensitive staff and student information through an apparent security breach. The data was copied onto an iPod and included names, birth dates, SSNs, addresses, and phone numbers.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

January 25, 2007 Ohio Board of Nursing
Columbus, Ohio
GOV DISC

3,031

The agency's Website posted names and SSNs of newly licensed nurses twice in the past two months. The Social Security numbers were supposed to have been removed before posting.

 
Information Source:
Dataloss DB
records from this breach used in our total: 3,031

Breach Total
867,188,052 RECORDS BREACHED
(Please see explanation about this total.)
from 4,253 DATA BREACHES made public since 2005
Showing 601-650 of 4253 results


X

Sign In!

Loading