Chronology of Data Breaches
Security Breaches 2005 - Present

Posted Date: April 20, 2005
Updated Date: December 31, 2013

Is this your first visit to our Chronology of Data Breaches?

  • Read our FAQ about what we define as a breached record, how we calculate the "total" records breached, our data sources, state breach notice laws, studies and other resources

  • Learn how to use our Chronology and take advantage of its sophisticated search and sort features

  • Get our RSS Feed to see when we add new breaches to the list

What would you like to do?


Click or unclick the boxes then select go.


Select features, then click GO.



Help Guide

Can't find the sort feature you're looking for? Click here to download a CSV file of the data breach list as it exisits today.
Breach Total
864,188,052 RECORDS BREACHED
(Please see explanation about this total.)
from 4,252 DATA BREACHES made public since 2005

Save or Print PDF of Entire Breach List including introduction.Save or Print a PDF of Entire Breach List (including introductory FAQ)

Filter breach list before saving or printing PDF. Conduct a search of the Chronology using its sorting features, and Save or Print a PDF of your search results (Select filters)

If you do not have access to PDF, you can print the Chronology in landscape view.

Date Made Publicsort icon Name Entity Type
January 25, 2007 Wahiawa Women, Infants and Children program (WIC)
Honolulu, Hawaii
GOV INSD

11,500 current and former clients

  (808) 586-8080, http://www.hawaii.gov/dcca/quicklinks/id_theft_info

A WIC employee apparently stole the personal information of agency clients, including SSNs, and committed identity theft on at least 3 families and perhaps 2 more. The Health Director said the agency will no longer use SSNs in its data base.

 
Information Source:
Dataloss DB
records from this breach used in our total: 11,500

January 25, 2007 Visiting Nurse Service of New York (VNSNY)
New York, New York
MED PORT

52

A tablet computer was stolen from a registered nurse. Patient Social Security numbers, names, addresses and telephone numbers were on the tablet. VNSNY warned patients that people might use the information and tablet to pose as VNSNY employees.

 
Information Source:
Dataloss DB
records from this breach used in our total: 52

January 26, 2007 Indiana Department of Transportation (INDOT)
Indianapolis, Indiana
GOV DISC

4,000

The names and SSNs of INDOT employees were inadvertently posted on an internal network computer drive sometime between Sept. 6 and Dec. 4, 2006.

 
Information Source:
Dataloss DB
records from this breach used in our total: 4,000

January 26, 2007 Vanguard University
Costa Mesa, California
EDU STAT

5,105 financial aid applicants

(800) 920-7312

On Jan. 16, 2 computers were discovered stolen from the financial aid office. Data included names, SSNs, dates of birth, phone numbers, driver's license numbers, and lists of assets.  Affected financial aid applicants from 2005-2006 and 2006-2007 school years.

 
Information Source:
Dataloss DB
records from this breach used in our total: 5,105

January 26, 2007 WellPoint's Anthem Blue Cross Blue Shield
Richmond, Virginia
MED PORT

50,000

(800) 284-9779

Cassette tapes containing customer information were stolen from a lock box held by one of its vendors. Data included names and SSNs.

 
Information Source:
Dataloss DB
records from this breach used in our total: 50,000

January 26, 2007 Chase Bank and the former Bank One, now merged
Shreveport, Louisiana
BSF PHYS

4,100 current and former employees from all over Louisiana

A Bossier woman bought a used desk from a furniture store. She discovered a 165-page spread sheet in a drawer that included names and SSNs of bank employees. The document was returned to the bank.

 
Information Source:
Media
records from this breach used in our total: 4,100

January 26, 2007 Eastern Illinois University
Charleston, Illinois
EDU STAT

1,400 currently enrolled students

A desktop computer was stolen from the Student Life office containing membership rosters -- including SSNs, birthdates, and addresses -- of the University's 23 fraternities and sororities. A hard drive and memory from 2 other computers were also stolen.

 
Information Source:
Dataloss DB
records from this breach used in our total: 1,400

January 26, 2007 The Bombay Company
Fort Worth, Texas
BSR PORT

60

A laptop that contained customer names, credit card types, last four digits of credit card numbers and phone numbers was stolen. Information about purchase amounts and dates was also on the laptop.

 
Information Source:
Dataloss DB
records from this breach used in our total: 60

January 26, 2007 UPS Capital Business Credit, U.S. Farm Credit Administration (FCA)
Windsor, Connecticut
BSF PORT

48

An FCA employee's laptop and USB memory drive were lost on November 3. UPS credit loans were being reviewed by FCA. Taxpayer identification numbers, Social Security numbers and loan information may have been exposed.

 
Information Source:
Dataloss DB
records from this breach used in our total: 48

January 28, 2007 Salina Regional Health Center
Salina, Kansas
MED PORT

1,100

A laptop was stolen from a Hospital office.  It contained names, Social Security numbers and medical histories of patients.  Only patients treated by the laptop user are at risk for identity theft.

 
Information Source:
Dataloss DB
records from this breach used in our total: 1,100

January 28, 2007 New York Academy of Medicine
New York, New York
EDU STAT

7,460 (0 complete SSNs)

A computer was stolen during an office burglary in October 28. The last four digits of research participants' Social Security numbers, full names and dates of birth were on a database on the computer. Some participants also had their addresses and laboratory data exposed.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

January 29, 2007 Mendoza College of Business, Notre Dame University
Notre Dame, Indiana
EDU DISC

Unknown

Additional location: South Bend, Indiana

A file of individuals who took the GMAT test (Graduate Management Admissions Test) was mistakenly left on a computer that was decommissioned. The computer was later reactivated and plugged into the Internet. Its files were available through a file-sharing program. Data included names, scores, SSNs and demographic information from 2001.

 
Information Source:
Media
records from this breach used in our total: 0

January 29, 2007 Vermont Agency of Human Services
Waterbury, Vermont
GOV HACK

70,000

Customers of New England Federal Credit Union, Central Vermont Public Service Employees Credit Union, First Brandon National Bank, Federal Family Credit Union, Granite Hills Credit Union, Merchants Bank, Northfield Savings Bank, Opportunities Credit Union and the Vermont State Employees Credit Union were affected.

A state computer that contained the names, Social Security numbers and bank account information was hacked into. Some of the information came from noncustodial parents who owed back child support while most of the people affected were customers of New England Federal Credit Union with no history of owing child support. The information is from 2004 and 2005 credit union members.

 
Information Source:
Dataloss DB
records from this breach used in our total: 70,000

January 29, 2007 Public Storage Inc.
Glendale, California
BSO HACK

Unknown

Someone gained unauthorized access to electronic company personnel files. The files included Social Security numbers, dates of birth, home addresses and other active employee information.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

February 2, 2007 Massachusetts Department of Industrial Accidents
Boston, Massachusetts
GOV INSD

1,200 people who submitted claims

800) 323-3249 ext. 560, www.mass.gov/dia

A former state contractor allegedly accessed a workers' compensation data file and stole personal information, including SSNs. The thief used the data to commit identity theft on at least 3 individuals.

 
Information Source:
Dataloss DB
records from this breach used in our total: 1,200

February 2, 2007 Indian Consulate via Haight Ashbury Neighborhood Council recycling center
San Francisco, California
GOV PHYS

Unknown

Visa applications and other sensitive documents were accessible for more than a month in an open yard of a recycling center. Information included applicants' names, addresses, phone numbers, birthdates, professions, employers, passport numbers, and photos. A sampling of documents indicated that the paperwork included everyone who applied in the Western states from 2002-2005. Applicants were current and former executives of major Bay Area companies that have operations in India.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

February 2, 2007 Wisconsin Assembly
Madison, Wisconsin
GOV PHYS

150 Assembly members and aides

A document containing personal information of Wisconsin Assembly members was stolen from a legislative employee's car while she was exercising at a local gym. It contained names, addresses, and SSNs.

 
Information Source:
Dataloss DB
records from this breach used in our total: 150

February 2, 2007 University of Missouri, Research Board Grant Application System
Columbia, Missouri
EDU HACK

1,220

A hacker broke into a UM computer server mid-January and might have accessed personal information, including SSNs, of 1,220 researchers on 4 campuses. The passwords of 2,579 individuals might also have been exposed.

 
Information Source:
Dataloss DB
records from this breach used in our total: 1,220

February 2, 2007 New York Department of State
Albany, New York
GOV DISC

Unknown

The agency's Web site posted commercial loan documents that mistakenly contained SSNs. The forms are posted to let lenders know the current financial status of loan recipients.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

February 2, 2007 U.S. Department of Veterans Affairs, VA Medical Center
Birmingham, Alabama
MED PORT

48,000 veterans plus 535,000

(877) 894-2600, http://www1.va.gov/opa/pressrel/pressrelease.cfm?id=1294

An employee reported a portable hard drive stolen or missing that might contain personal information about veterans including Social Security numbers.

UPDATE (2/10/07): VA increases number of affected veterans to 535,000, included in the total below.

UPDATE (2/12/07): VA reported that billing information for 1.3 million doctors was also exposed, including names and Medicare billing codes, not included in the total below.

UPDATE (3/19/07): The VA's Security Operations Center has referred 250 incidents since July 2006 to its inspector general, which has led to 46 separate investigations.

UPDATE (6/18/07):More than $20 million to respond to its latest data breach, the breach potentially puts the identities of nearly a million physicians and VA patients.

 
Information Source:
Dataloss DB
records from this breach used in our total: 583,000

February 3, 2007 CTS Tax Service
Cassopolis, Michigan
BSO STAT

800

The computer and hard drive of a tax preparation company were stolen. Data included names, bank account numbers, routing numbers, birthdates, SSNs, and addresses.

 
Information Source:
Dataloss DB
records from this breach used in our total: 800

February 6, 2007 New York Department of Labor
Glenn Falls, New York
GOV PHYS

537

A laptop computer annd documents were stolen from a state tax auditor's apartment. While the laptop had security features and had little personal information on it, the documents contained personal information for people who were employed by 13 Capital Region businesses.

 
Information Source:
Dataloss DB
records from this breach used in our total: 537

February 6, 2007 Metro Credit Services
Hurst, Texas
BSF PHYS

Unknown

Thousands of files from the defunct bill collection company containing medical records, phone bills and Social Security numbers were found in a trash bin.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

February 6, 2007 Merchant America
Camarillo, California
BSR HACK

130,000

A hacker gained access to a customer database. Customers who made transactions with merchants that Merchant America provides payment processing services to may have had their names, bank account numbers and driver's license numbers exposed.

 
Information Source:
Dataloss DB
records from this breach used in our total: 130,000

February 7, 2007 University of Nebraska
Lincoln, Nebraska
EDU DISC

72

An employee accidentally posted SSNs of 72 students, professors, and staff on UNL's public Web site where they remained for 2 years. They have since been removed.

 
Information Source:
Dataloss DB
records from this breach used in our total: 72

February 7, 2007 Johns Hopkins University and Johns Hopkins Hospital
Baltimore, Maryland
MED PORT

52,000 past and present employees plus 83,000 patients

Johns Hopkins reported the disappearance of 9 backup computer tapes containing personal information of employees and patients.  Eight of the tapes contained payroll information on 52,000 past and present employees, including SSNs and in some cases bank account numbers. The 9th tape contained less sensitive information about 83,000 hospital patients.

 
Information Source:
Dataloss DB
records from this breach used in our total: 135,000

February 7, 2007 Central Connecticut State University
New Britain, Connecticut
EDU DISC

750 students

Social Security numbers of about 750 CCSU students were exposed in the name and address window on envelopes mailed to them. The envelopes were not folded correctly. They contained IRS 1098T forms.

 
Information Source:
Dataloss DB
records from this breach used in our total: 750

February 8, 2007 Piper Jaffrey
Minneapolis, Minnesota
BSF DISC

More than 1,000 employees

W-2s sent to current and former employees in January included employees' Social Security numbers on the outside of the envelope. Though the numbers were not identified as Social Security numbers, they followed the standard XXX-XX-XXXX format. Executives indicated the mishap was an error by a third-party vendor.

 
Information Source:
Dataloss DB
records from this breach used in our total: 1,000

February 8, 2007 St. Mary's Hospital
Leonardtown, Maryland
MED PORT

130,000

A laptop was stolen in December that contained names, SSNs, and birthdates for many of the Hospital's patients.

 
Information Source:
Dataloss DB
records from this breach used in our total: 130,000

February 8, 2007 Fresenius Medical Care Holdings Inc., Fresenius Medical Care North America (FMCNA)
Waltham, Massachusetts
MED PORT

10 (No SSNs or financial information reported)

A laptop was stolen from the locked car of an employee on December 13 while it was parked outside of a restaurant. The laptop contained patient names, dates of birth, dates of service and insurance information.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

February 8, 2007 LexisNexis
Boca Raton, Florida
BSO INSD

220

LexisNexis sent out notification letters of two separate incidents. A law enforcement customer noticed that an account was used in an unauthorized way. Searches that revealed names, Social Security numbers and driver's license numbers may have been performed by an unauthorized user or without proper reason. The second incident involves a government agency employee who may have used his account in an unauthorized manner to view names, Social Security numbers, addresses and driver's license numbers. Over 220 New York residents were affected by the breaches, but the total number of affected customers nationwide was not revealed.

 
Information Source:
Dataloss DB
records from this breach used in our total: 220

February 8, 2007 District Council 37 Health and Security Plan of New York City
New York, New York
GOV PORT

31,500

A CD containing prescription drug data was discovered missing from the organization's files.  People who had their prescription drugs filled through DC 37's prescription drug benefits plan may have had their names and Social Security numbers exposed.  Prescription information from between February 13 and February 22 of 2006 (the previous year) was also exposed.

 
Information Source:
Dataloss DB
records from this breach used in our total: 31,500

February 9, 2007 East Carolina University
Greenville, North Carolina
EDU DISC

65,000 students, alumni, and staff members

http://www.ecu.edu/incident/, 877-328-6660

A programming error resulted in personal information of 65,000 individuals being exposed on the University's Web site. The data has since been removed. Included were names, addresses, SSNs, and in some cases credit card numbers.

 
Information Source:
Dataloss DB
records from this breach used in our total: 65,000

February 9, 2007 Radford University, Waldron School of Health and Human Services
Radford, Virginia
EDU HACK

2,400 children

A computer security breach exposed the personal information, including SSNs, of children enrolled in the FAMIS program, Family Access to Medical Insurance Security.

 
Information Source:
Dataloss DB
records from this breach used in our total: 2,400

February 9, 2007 General Electric
Louisville, Kentucky
BSR PORT

80

A GE service technician's laptop was stolen. It contained customer names and credit card numbers.

 
Information Source:
Dataloss DB
records from this breach used in our total: 80

February 10, 2007 State of Indiana Official Website www.IN.gov
Indianapolis, Indiana
GOV HACK

76,600

  (888) 438-8397, Email: securityconcerns @www.IN.gov

A hacker gained access to the State Web site and obtained credit card numbers of individuals who had used the site's online services and gained access to Social Security numbers for 71,000 healthcare workers and 5,600 individuals and businesses.

UPDATE (3/22/07): Investigators have identified a teen they believe hacked into the IN.gov as a prank.

 
Information Source:
Dataloss DB
records from this breach used in our total: 76,600

February 14, 2007 Kaiser Medical Center
Oakland, California
MED PORT

22,000 patients, but apparently only 500 records contained SSNs

(866) 529-0779

A doctor's laptop was stolen from the Medical Center containing medical information of 22,000 patients. But only 500 records contained SSNs.

 
Information Source:
Dataloss DB
records from this breach used in our total: 500

February 14, 2007 Iowa Department of Education
Des Moines, Iowa
GOV HACK

600

Up to 600 files of G.E.D. recipients were viewed when the online database was hacked. Files included names, addresses, birthdates, and SSNs of G.E.D. graduates from 1965 to 2002.

 
Information Source:
Dataloss DB
records from this breach used in our total: 600

February 14, 2007 Conneticut Office of the State Comptroller
Hartford, Connecticut
GOV DISC

1,753

Personal information of state employees including names and Social Security numbers was inadvertently posted on the Internet in a spreadsheet of vendors used by the state.

 
Information Source:
Dataloss DB
records from this breach used in our total: 1,753

February 15, 2007 City College of San Francisco
San Francisco, California
EDU DISC

11,000 students

 (800) 436-0108, www.ccsf.edu/securityalert

Names, grades, and SSNs were posted on an unprotected Web site after summer session in 1999. CCSF stopped using SSNs as studens IDs in 2002.

 
Information Source:
Dataloss DB
records from this breach used in our total: 11,000

February 15, 2007 The Professional Education Institute
Burr Ridge, Illinois
EDU DISC

34

Customer information was accidentally exposed online because of a data encryption lapse. The Social Security numbers and dates of birth of some customers were viewable on the Millionaire Elite Website. Two New Hampshire, three Maine and 29 New York residents were affected by the breach. The total number of individuals affected nationwide was not revealed.

 
Information Source:
Dataloss DB
records from this breach used in our total: 34

February 16, 2007 Brunswick Corp.
Lake Forrest, Illinois
BSR HACK

5,100

An unauthorized person obtained access to employee information stored on Brunswick's computer systems. Names, Social Security numbers and addresses may have been exposed during the April incident.

 
Information Source:
Dataloss DB
records from this breach used in our total: 5,100

February 17, 2007 Albany Medical Center
Albany, New York
MED PORT

12,000 (Unknown number of SSNs)

A laptop was stolen from the Employee Health Services center.  It contained software used to track information required for N95 fit testing at Albany Med.  Staff names and Social Security numbers were also exposed.  Anyone who had N95 fit testing at Albany Med between January 2005 and February 2007 may have had their personal information exposed.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

February 19, 2007 Seton Healthcare Network
North Austin, Texas
MED PORT

7,800

A laptop with uninsured patients' names, birth dates and Social Security numbers was stolen last week from the Seton hospital system. The uninsured patients had gone to Seton emergency rooms and city health clinics since July 1, 2005.

 
Information Source:
Dataloss DB
records from this breach used in our total: 7,800

February 19, 2007 Clarksville-Montgomery County middle and high schools
Clarksville, Tennessee
EDU DISC

633

Staff and faculty Social Security numbers, used as employee identification numbers, were embedded in file photos by the company that took yearbook pictures and inadvertently placed in a search engine on school system's Web site.

 
Information Source:
Dataloss DB
records from this breach used in our total: 633

February 19, 2007 Stop & Shop Supermarkets
Quincy, Massachusetts
BSR CARD

Unknown

Additional locations: Southern Massachusetts and Rhode Island.  (877) 366-2668

Credit and debit card account information including PIN numbers was stolen by high-tech thieves who apparently broke into checkout-line card readers and PIN pads and tampered with them.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

February 19, 2007 Social Security Administration (SSA)
Milwaukee, Wisconsin
GOV PHYS

13

Files of disability applicants containing Social Security numbers, addresses, phone numbers of family members, dates of birth, work history, and detailed medical information were lost/stolen when a telecommuting employee abandoned them in a locked filing cabinet at home after a threat of domestic violence. Several of the files were mailed back to the local SSA office. Others were found in a dumpster months later.  Four were never recovered.

 
Information Source:
Media
records from this breach used in our total: 13

February 20, 2007 Back and Joint Institute of Texas
San Antonio, Texas
MED PHYS

Unknown

Twenty boxes containing Social Security numbers, photocopies of driver's license numbers, addresses, phone numbers and private medical history of chiropractic patients were found in a dumpster.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

February 20, 2007 Credit Suisse
New York, New York
BSF DISC

3,000

Documents with confidential details of loan applicants were mistakenly posted online.  The documents are routinely posted online without personal information.  Applicant names, Social Security numbers, addresses, monthly incomes and credit scores were exposed.  The exposure first occurred on March 15, 2006.

 
Information Source:
Dataloss DB
records from this breach used in our total: 3,000

February 21, 2007 Georgia Institute of Technology
Atlanta, Georgia
EDU HACK

3,000

404-894-2499, hr@gatech.edu

Personal information of former employees mostly in the School of Electrical and Computer Engineering including name, address, Social Security number, other sensitive information, and about 400 state purchasing card numbers, were compromised by unauthorized access to a Georgia Tech computer account.

 
Information Source:
Dataloss DB
records from this breach used in our total: 3,000

Breach Total
864,188,052 RECORDS BREACHED
(Please see explanation about this total.)
from 4,252 DATA BREACHES made public since 2005
Showing 651-700 of 4252 results


X

Sign In!

Loading