Chronology of Data Breaches
Security Breaches 2005 - Present

Posted Date: April 20, 2005
Updated Date: December 31, 2013

Is this your first visit to our Chronology of Data Breaches?

  • Read our FAQ about what we define as a breached record, how we calculate the "total" records breached, our data sources, state breach notice laws, studies and other resources

  • Learn how to use our Chronology and take advantage of its sophisticated search and sort features

  • Get our RSS Feed to see when we add new breaches to the list

What would you like to do?


Click or unclick the boxes then select go.


Select features, then click GO.



Help Guide

Can't find the sort feature you're looking for? Click here to download a CSV file of the data breach list as it exisits today.
Breach Total
864,188,052 RECORDS BREACHED
(Please see explanation about this total.)
from 4,252 DATA BREACHES made public since 2005

Save or Print PDF of Entire Breach List including introduction.Save or Print a PDF of Entire Breach List (including introductory FAQ)

Filter breach list before saving or printing PDF. Conduct a search of the Chronology using its sorting features, and Save or Print a PDF of your search results (Select filters)

If you do not have access to PDF, you can print the Chronology in landscape view.

Date Made Publicsort icon Name Entity Type
February 21, 2007 Fidelity Investments, Dairy Farmers of America
,
BSF PORT

69

A Fidelity laptop used by a former Fidelity employee was discarded and recovered by a non-affiliated person. The employee had taken the laptop home after believing it had been decommissioned from business use by Fidelity. Participants and beneficiaries of participants in the Dairy Farmers of America Defined Benefit plan had their names and Social Security numbers exposed. At least 69 New York residents were affected by the breach, but the total number of affected individuals nationwide was not revealed.

 
Information Source:
Dataloss DB
records from this breach used in our total: 69

February 22, 2007 Speedmark
Woodlands, Texas
BSO STAT

35,000

Thieves stole several computers, one of which contained a database with personally identifying information including names, addresses, e-mail accounts, and Social Security numbers of Speedmark's mystery shopper employees and contractors.

 
Information Source:
Dataloss DB
records from this breach used in our total: 35,000

February 23, 2007 Rabun Apparel Inc., former subsidiary of Fruit of the Loom
Rabun Gap, Georgia
BSR DISC

1,006

Names and Social Security numbers of former employees were accessible on the Internet from Jan. 15 until Feb. 20.

 
Information Source:
Dataloss DB
records from this breach used in our total: 1,006

February 23, 2007 ADC Telecommunications Inc., Flex Compensation
St. Louis Park, Minnesota
BSR PORT

63,400

A laptop was stolen from ADC's benefits administrator. Current and former employee names, Social Security numbers, bank account numbers, dates of birth, addresses and other private information were on the laptop.  It is not clear if employees from other companies that use Flex Compensation for benefits administration are among the 63,400 affected individuals.

 
Information Source:
Dataloss DB
records from this breach used in our total: 63,400

February 27, 2007 CBCInnovis Inc., Hudiburg Chevrolet
Midwest City, Oklahoma
BSR UNKN

138

An unauthorized person gained access to Hudiburg Chevrolet's CBCInnovis account. The person or persons would have been able to obtain customer names, Social Security numbers, addresses and credit information.

 
Information Source:
Dataloss DB
records from this breach used in our total: 138

February 28, 2007 Gulf Coast Medical Center
Tallahassee, Florida
MED PORT

8,000

Patient information including names and Social Security numbers were compromised when a computer went missing in February in Tallahassee, FL. A very similar and previously uncovered breach happened in November of 2006.

 
Information Source:
Dataloss DB
records from this breach used in our total: 8,000

February 28, 2007 Gulf Coast Medical Center
Nashville, Tennessee
MED PORT

1,900

Patient information including names and Social Security numbers were compromised when a computer went missing in November 2006 from Nashville, TN. This breach drew media attention when an additional 8,000 patients' information was compromised during a February 2007 breach in Tallahassee, FL.

 
Information Source:
Dataloss DB
records from this breach used in our total: 1,900

February 28, 2007 First Advantage SBS
Saint Petersburg, Florida
BSO HACK

Unknown

Subscriber user-IDs and passwords were compromised. Unauthorized individuals may have accessed names, Social Security numbers, addresses and other information related to employment credit reports. At least 11 New York residents were affected by this breach, but the total number of affected individuals nationwide was not revealed.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

March 1, 2007 Westerly Hospital
Westerly, Rhode Island
MED DISC

2,200

Patient names, Social Security numbers, contact information as well as insurance information were posted on a publicly-accessible Web site.

 
Information Source:
Dataloss DB
records from this breach used in our total: 2,200

March 2, 2007 California Department of Health Services
Sacramento, California
GOV DISC

54

http://www.cchealth.org/press_releases/dhs_breach_03_2007.php, http://www.applications.dhs.ca.gov/pressreleases/store/PressReleases/07-...

Benefit notification letters containing names addresses, Medicare Part D plan names and premium payment amounts of some individuals enrolled in the California AIDS Drug Assistance Program (ADAP) were erroneously mailed to another enrollee.

 
Information Source:
Media
records from this breach used in our total: 54

March 3, 2007 Metropolitan State College of Denver
Denver, Colorado
EDU PORT

988

http://www.mscd.edu/securityalert/, 866-737-6622

A faculty member's laptop computer that contained the names and Social Security numbers of former students was stolen from its docking station on campus.

 
Information Source:
Dataloss DB
records from this breach used in our total: 988

March 3, 2007 Johnny's Selected Seeds
Winslow, Maine
BSR HACK

11,500

Hacker accessed credit card account information of online customers. About 20 credit cards have been used fraudulently.

 
Information Source:
Dataloss DB
records from this breach used in our total: 11,500

March 7, 2007 Los Rios Community College
Sacramento, California
EDU DISC

2,000

Student information including Social Security numbers were accessible on the Internet after the school used actual data to test a new online application process in October.

 
Information Source:
Dataloss DB
records from this breach used in our total: 2,000

March 7, 2007 U.S. Census Bureau
Washington, District Of Columbia
GOV DISC

302 households

http://www.census.gov/Press-Release/www/releases/archives/miscellaneous/009732.html

Personal information of 302 households including names, addresses, phone numbers, birth dates and family income ranges were posted on a public Internet site multiple times over a five-month period from October 2006 to Feb. 15, 2007 when Census employees working from home tested new software records.

 
Information Source:
Dataloss DB
records from this breach used in our total: 302

March 7, 2007 Right Media Inc.
New York, New York
BSO HACK

34

An unauthorized person or persons accessed the computer system.  Customer names, Social Security numbers, email addresses, addresses and employee ID numbers may have been accessed.  

 
Information Source:
Dataloss DB
records from this breach used in our total: 34

March 7, 2007 North Carolina Department of Correction
Raleigh, North Carolina
GOV PHYS

16 (No SSNs or financial information reported)

Paper documents with sensitive information were thrown into the trash and may have been recovered by an inmate working as a janitor.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

March 7, 2007 Eastern Suffolk BOCES
Patchogue, New York
GOV HACK 1,500
A file server in the Eastern Suffolk BOCES computer area was hacked. Data from the Free and Reduced Lunch Database was compromised. The names of parents and children, Social Security numbers, addresses, home and work phone numbers, salary information and income information that were related to the program may have been accessed.  
Information Source:
Dataloss DB
records from this breach used in our total: 1,500

March 9, 2007 California National Guard
Sacramento, California
GOV PORT

1,300

A computer hard drive containing Social Security numbers, home addresses, birth dates and other identifying information of California National Guard troops deployed to the U.S.-Mexico border was stolen.

 
Information Source:
Dataloss DB
records from this breach used in our total: 1,300

March 10, 2007 University of Idaho
Moscow, Idaho
EDU DISC

2,700

888-900-3783

A data file posted to the school's Web site contained personal information including names, birthdates and Social Security numbers of University employees.

 
Information Source:
Dataloss DB
records from this breach used in our total: 2,700

March 12, 2007 Dai Nippon
,
BSO INSD

Unknown

The incident occurred outside of the U.S. and the companies affected were not disclosed.

A former contract worker of a Japanese commercial printing company stole nearly 9 million pieces of private data on customers from 43 clients, including U.S. companies. The stolen data includes confidential information such as names, addresses and credit card numbers intended for use in direct mailing and other printing services. Customers of U.S.-based American Home Assurance Co. and Toyota Motor were affected.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

March 13, 2007 U.S. Department of Agriculture (USDA)
Washington, District Of Columbia
GOV UNKN

Unknown

http://www.usda.gov/oig/webdocs/50501-8-FM.pdf

A total of 95 USDA computers were lost or stolen between Oct. 1, 2005, and May 31, 2006. Some may have contained personal information such as names, addresses, Social Security numbers and payment information. Two-thirds of the computers contained unencrypted data.

 
Information Source:
Media
records from this breach used in our total: 0

March 13, 2007 The New Teachers Project
New Orleans, Louisiana
NGO PORT

Unknown

The January 13 theft of a laptop exposed personal information of current and former practitioner teachers. The laptop was stolen from an office. It contained names, Social Security numbers, addresses and telephone numbers. Seven New York residents were affected, but the number of affected employees nationwide was not revealed.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

March 14, 2007 WellPoint's Empire Blue Cross and Blue Shield unit in NY
Indianapolis, Indiana
MED PORT

75,000

800-293-3443

An unencrypted disc containing patient's names, Social Security numbers, health plan identification numbers and description of medical services back to 2003 was lost en route to a subcontractor.

UPDATE (3/14/07): The subcontrator reported that the CD that was reported missing on Feb. 9 has been found.

 
Information Source:
Dataloss DB
records from this breach used in our total: 75,000

March 16, 2007 Springfield City Schools, Ohio State Auditor
Springfield, Ohio
EDU PORT

1,950

http://www.spr.k12.oh.us/, http://www.spr.k12.oh.us./ourboard/treasdocs/notificationofDataTheft.pdf

A laptop containing personal information of current and former employees of Springfield City Schools including their names and Social Security numbers was stolen from a state auditor employee's vehicle while parked at home in a garage.

 
Information Source:
Dataloss DB
records from this breach used in our total: 1,950

March 16, 2007 Henry Schein, Financial Services, Inc., ChoiceHealth Leasing
Chicago, Illinois
BSF PORT

340

A laptop was stolen from a Henry Schein agent during a trade show in Chicago, IL. The laptop may have contained the names and Social Security numbers of people who had a leasing or loan transaction with Choice Health Leasing were affected.

 
Information Source:
Dataloss DB
records from this breach used in our total: 340

March 16, 2007 Laser Pros International Corp
Rhinelander, Wisconsin
BSO HACK

434

Someone gained access to transaction data from the Laser Pros website.  Customer names, addresses, email addresses, credit card numbers and security codes for credit cards may have been accessed.  Some customers reported fraudulent charges.  The total number of credit cards accessed was 434, though customers may have had multiple credit cards.

 
Information Source:
Dataloss DB
records from this breach used in our total: 434

March 19, 2007 Science Applications International Corp. (SAIC)
Boise, Idaho
BSO PHYS

Unknown

Barrels filled with thousands of sensitive documents including printed copies of e-mail and performance evaluations along with documents marked “internal use only – not for public release” and “for official use only” were found on the curb outside of SAIC's local office.

 
Information Source:
Media
records from this breach used in our total: 0

March 19, 2007 Pitney Bowes
Stamford, Connecticut
BSF PORT

83

An employee's laptop was stolen from her home on or around March 2.  The laptop may have contained employee names and Social Security numbers.

 
Information Source:
Dataloss DB
records from this breach used in our total: 83

March 19, 2007 Electronic Data Systems Corp. (EDS)
Sacramento, California
BSF PORT

30

An EDS employee working on a project involving processing workers' compensation related medical bills for Fireman's Fund had his laptop stolen from his car on January 19. Names and Social Security numbers were exposed.

 
Information Source:
Dataloss DB
records from this breach used in our total: 30

March 20, 2007 Tax Service Plus
Santa Rosa, California
BSF STAT

4,000

Thieves stole the company's backup computer, which contained financial data on thousands of tax returns dating back three years.

 
Information Source:
Dataloss DB
records from this breach used in our total: 4,000

March 20, 2007 Sungard
Malvern, Pennsylvania
BSR PORT

3,560

A laptop was stolen from an employee's car.  It contained the names and Social Security numbers of employees.  Around 1,700 employees had their bank transfer ABA number and account number exposed, and about 100 had their credit card number exposed.

 
Information Source:
Dataloss DB
records from this breach used in our total: 3,560

March 23, 2007 Group Health Cooperative Health Care System
Seattle, Washington
MED PORT

31,000

http://www.ghc.org/news/news.jhtml?reposid=/common/news/news/20070323-missing_laptops.html

Two laptops containing names, addresses, Social Security numbers and Group Health ID numbers of local patients and employees have been reported missing.

 
Information Source:
Dataloss DB
records from this breach used in our total: 31,000

March 23, 2007 Swedish Urology Group
Seattle, Washington
MED PORT

Unknown

Three computer hard drives with personal files on hundreds of patients, doctors, and staff were stolen.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

March 23, 2007 New York Institute of Technology
Old Westbury, New York
EDU DISC

256

A file with the names, Social Security numbers, addresses, dates of birth, degree types and majors of former NYIT students was posted on NYIT's website.  The information was not accessible via the NYIT website, but could be found through an Internet search.

 
Information Source:
Dataloss DB
records from this breach used in our total: 256

March 23, 2007 Homeland Funding Solutions Inc.
Cranston, Rhode Island
BSF STAT

Unknown

Two laptops and 13 desktop computers were stolen from the main office of Homeland Funding Solutions, Inc. over the weekend of March 17. Loan information that had been sent via email may have been on the hard drives of the stolen computers.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

March 26, 2007 Fort Monroe
Fort Monroe, Virginia
GOV PORT

16,000

A laptop computer containing the names, Social Security numbers and payroll information for as many as 16,000 civilian employees was stolen from an employee's personal vehicle. Bank account and bank routing information were not included.  People who work at the U.S. Army Training and Doctrine Command were affected.

 
Information Source:
Dataloss DB
records from this breach used in our total: 16,000

March 26, 2007 United Subcontractors Inc.
Edina, Minnesota
BSO PORT

123

The theft occurred in New Jersey.

Three jump drives and a laptop were stolen from the trunk of a rental car.  The names, Social Security numbers, and dates of birth of employees may have been exposed.

 
Information Source:
Dataloss DB
records from this breach used in our total: 123

March 27, 2007 St. Mary Parish Schools
Centerville, Louisiana
EDU DISC

380

Personal information including Social Security numbers of St. Mary Parish public school employees was available on the Internet when a Yahoo!Web crawler infiltrated the server of the school's technology department.

 
Information Source:
Dataloss DB
records from this breach used in our total: 380

March 28, 2007 City of New York Department of Environmental Protection
Flushing, New York
GOV INSD

2,108

An employee was discovered to have accessed customer names and Social Security numbers.  The employee was terminated. The employee's length of employment and any fraudulent activity related to the breach was not reported.

 
Information Source:
Dataloss DB
records from this breach used in our total: 2,108

March 29, 2007 RadioShack
Portland, Texas
BSR PHYS

Unknown

20 boxes of discarded records including sales receipts with names, addresses, Social Security numbers, credit card information. and personal information of store employees spanning from 2001 to 2005 were found in a dumpster.

UPDATE (04/03/07): The Texas Attorney General's Office filed an action against the Radio Shack store for violating the state's violating the 2005 Identity Theft Enforcement and Protection Act.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

March 29, 2007 Experian, Vallarta Auto Sales
Las Vegas, Nevada
BSR UNKN

Unknown

An unauthorized person gained access to Vallarta's Experian account and may have obtained consumer information.  Affected individuals may have had their names, Social Security numbers, dates of birth and addresses exposed. Fourteen New York residents were affected, but the total number of people affected nationwide was not reported.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

March 30, 2007 Los Angeles County Child Support Services
Los Angeles, California
GOV PORT

243,000

Three laptops containing personal information including about 130,500 Social Security numbers — most without names, 12,000 individuals' names and addresses, and more than 101,000 child support case numbers were apparently stolen from the department's office.

 
Information Source:
Dataloss DB
records from this breach used in our total: 243,000

March 30, 2007 Naval Station San Diego's Navy College Office
San Diego, California
GOV PORT

Unknown

(866) U-ASK-NPC, CSCMailbox@navy.mil

Three laptops were reported missing that may contain Sailors' names, rates and ratings, Social Security numbers, and college course information. The compromise could impact Sailors and former Sailors homeported on San Diego ships from January 2003 to October 2005 and who were enrolled in the Navy College Program for Afloat College Education.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

March 30, 2007 University of Montana Western
Dillon, Montana
EDU PORT

400

A computer disk containing students' Social Security numbers, names, birth dates, addresses and other personal information was stolen from a professor's office. The stolen information belonged to over 400 students enrolled in the TRIO Student Support Services program, which offers financial and personal counseling and other assistance.

 
Information Source:
Dataloss DB
records from this breach used in our total: 400

March 30, 2007 Curb Your Enthusiasm Inc., Home Box Office (HBO)
Santa Monica, California
BSR DISC

16

A software configuration problem caused personnel information stored on a Curb employee's home computer to be accessible through the Internet. Employees may have had their names, Social Security numbers, addresses and telephone numbers exposed.

 
Information Source:
Dataloss DB
records from this breach used in our total: 16

March 30, 2007 Exponent Technologies, Inc.
Dallas, Texas
BSF PORT

3,250

Employees from the following organizations were affected: 4Front Engineered Solutions, Inc., Centerstone Insurance and Financial Services, Inc. DBA BenefitMall, The MPB Group, LLC DBA The Beryl Companies, Central Hardwoods, Inc., FWC Partners Company, L.P. DBA FirstWorthing, Best Circuit Boards, Inc., DBA Global Innovation, Greenhill School, Holiday Fenoglio Fowler, L.P., The Hockaday School, King Supply Company, L.P. DBA King Architectural Metals, Lakeside Manufacturing, Inc., Mortenson, Matzel and Medrum, Inc., Measurement Specialities Inc., MedSynergies, Inc., Meritage Homes Corporation, On-Target Supplies and Logistics, Ltd., F.B.P. Insurance Services, Inc. DBA Precept, Rackspace, Ltd., SevenBar Enterprises, Inc., Stream Gas and Electric, Ltd. DBA Stream Energy, Transnational Financial Network, Inc., Texas Retina Associates, PA, The Ursuline Academy of Dallas.

A laptop was stolen from Exponent's office.  Multiple organizations were affected because Exponent provides human resources services for various companies.  Employee names, Social Security numbers and addresses may have been on the laptop.

 
Information Source:
Dataloss DB
records from this breach used in our total: 3,250

March 30, 2007 New York State Office of the State Comptroller
Albany, New York
GOV DISC

47

A retiree discovered a web page with a list of retirees who had requested a copy of their 1099R tax form.  Names, Social Security numbers, phone numbers and retirement numbers were on the page.  The entire web page and the "tax calculator" feature which the retiree had used to find the information were removed from the website when the Office became aware of the incident.

 
Information Source:
Dataloss DB
records from this breach used in our total: 47

April 3, 2007 Commerce Banc Insurance Services (CBIS)
Cherry Hill, New Jersey
BSF PORT

12,876

A CBIS vendor had a laptop stolen.  CBIS employees may have had their names, Social Security numbers, and possibly health information exposed.

 
Information Source:
Dataloss DB
records from this breach used in our total: 12,876

April 3, 2007 Waste Management Inc.
Houston, Texas
BSO PORT

400

A laptop was stolen from an employee on or around January 10. People who had previously traveled on the company aircraft had their information exposed.

 
Information Source:
Dataloss DB
records from this breach used in our total: 400

April 3, 2007 Waste Management Inc.
Wixom, Michigan
BSO INSD

Unknown

An investigation revealed that an employee was selling customer financial information. The employee's work computer was searched and several spreadsheets with customer names, addresses, credit card numbers and bank account numbers were found.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

Breach Total
864,188,052 RECORDS BREACHED
(Please see explanation about this total.)
from 4,252 DATA BREACHES made public since 2005
Showing 701-750 of 4252 results


X

Sign In!

Loading