Chronology of Data Breaches
Security Breaches 2005 - Present

Posted Date: April 20, 2005
Updated Date: December 31, 2013

Is this your first visit to our Chronology of Data Breaches?

  • Read our FAQ about what we define as a breached record, how we calculate the "total" records breached, our data sources, state breach notice laws, studies and other resources

  • Learn how to use our Chronology and take advantage of its sophisticated search and sort features

  • Get our RSS Feed to see when we add new breaches to the list

What would you like to do?


Click or unclick the boxes then select go.


Select features, then click GO.



Help Guide

Can't find the sort feature you're looking for? Click here to download a CSV file of the data breach list as it exisits today.
Breach Total
864,188,052 RECORDS BREACHED
(Please see explanation about this total.)
from 4,252 DATA BREACHES made public since 2005

Save or Print PDF of Entire Breach List including introduction.Save or Print a PDF of Entire Breach List (including introductory FAQ)

Filter breach list before saving or printing PDF. Conduct a search of the Chronology using its sorting features, and Save or Print a PDF of your search results (Select filters)

If you do not have access to PDF, you can print the Chronology in landscape view.

Date Made Publicsort icon Name Entity Type
April 3, 2007 College Loan Corporation
San Diego, California
BSF PORT

Unknown

A laptop was stolen from an employee's vehicle in a parking lot on March 24. It contained names, Social Security numbers and loan data.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

April 4, 2007 University of California, San Francisco (UCSF)
San Francisco, California
EDU HACK

46,000

(415) 353-8100, isecurity@ucsf.edu

An unauthorized party may have accessed the personal information including names, Social Security numbers, and bank account numbers of students, faculty, and staff associated with UCSF or UCSF Medical Center over the past two years by compromising the security of a campus server.

 
Information Source:
Dataloss DB
records from this breach used in our total: 46,000

April 4, 2007 Guilford Technical Community College
Greensboro, North Carolina
EDU PHYS

550 (No SSNs or financial information reported)

A surplus file cabinet that was temporarily stored in a warehouse area prior to an auction held sensitive paper documents.  Anyone entering the warehouse could have viewed or taken the files.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

April 5, 2007 DCH Health Systems
Tuscaloosa, Alabama
MED PORT

6,000

An encrypted disc and hardcopy documents containing retirement benefit information including Social Security numbers and other personal information were lost. Tracking data indicates the package was delivered to the addressee's building, but the intended recipient never received the package.

 
Information Source:
Dataloss DB
records from this breach used in our total: 6,000

April 5, 2007 Security Title Agency
Phoenix, Arizona
BSF HACK

Unknown

Hackers "defaced" the company's Web site and may have accessed customer information which is stored on the same server as the site.

 
Information Source:
Media
records from this breach used in our total: 0

April 5, 2007 Thomson Elite
Los Angeles, California
BSF STAT

409

Eleven computers were stolen during a March 25 office burglary. One of the computers contained a file of travel and expense information of certain individuals. Credit card information and Social Security numbers may have been exposed.

 
Information Source:
Dataloss DB
records from this breach used in our total: 409

April 6, 2007 Hortica (Florists’ Mutual Insurance Company), UPS
Edwardsville, Illinois
BSF PORT

268,000

http://www.hortica-insurance.com/hotTopics/26.PDF, (800) 851-7740, securedata@hortica-insurance.com

A locked shipping case of backup tapes containing personal information including names, Social Security numbers, drivers' license numbers, and bank account numbers went missing while in transit with UPS.

 
Information Source:
Dataloss DB
records from this breach used in our total: 268,000

April 6, 2007 Chicago Public Schools
Chicago, Illinois
EDU PORT

40,000

(773) 553-1142

Two laptop computers contain the names and Social Security numbers of current and former employees was stolen from Chicago Public Schools headquarters.

 
Information Source:
Dataloss DB
records from this breach used in our total: 40,000

April 9, 2007 TurboTax
San Diego, California
BSO DISC

Unknown

The location listed is the headquarters of TurboTax's developer Intuit Consumer Tax Group.

Using TurboTax online to access previous returns, a Nebraska woman was able to access tax returns for other Turbo Tax customers in different parts of the country. The returns contained personal information needed to e-file including bank account numbers with routing digits and Social Security numbers.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

April 10, 2007 Georgia Department of Community Health, Affiliated Computer Services (ACS)
Atlanta, Georgia
GOV PORT

2,900,000

http://dch.georgia.gov/vgn/images/portal/cit_1210/19/38/80010015Public_Notice-Missing_Personal_Data.pdf, (866) 213-3969

A computer disk containing personal information including addresses, birthdates, dates of eligibility, full names, Medicaid or children's health care recipient identification numbers, and Social Security numbers went missing from a private vendor, Affiliated Computer Services (ACS), contracted to handle health care claims for the state.

 
Information Source:
Dataloss DB
records from this breach used in our total: 2,900,000

April 11, 2007 New Horizons Community Credit Union, Protiviti
Denver, Colorado
BSF PORT

9,000

http://www.ncua.gov/news/press_releases/2007/MR07-0411.htm

A laptop computer that contained personal information of members who had loans with the credit union was stolen from Protiviti, a consultant employed by Bellco Credit Union conducting due diligence to prepare a possible acquisition bid.

 
Information Source:
Dataloss DB
records from this breach used in our total: 9,000

April 11, 2007 ChildNet
Ft. Lauderdale, Florida
NGO PORT

12,000

An organization responsible for managing Broward County's child welfare system believes a dishonest former employee stole a laptop from the agency's office. It contains personal information of adoptive and foster-care parents including financial and credit data, Social Security numbers, driver's license data and passport numbers.

 
Information Source:
Dataloss DB
records from this breach used in our total: 12,000

April 11, 2007 Black Hills State University
Spearfish, South Dakota
EDU STAT

56

http://www.bhsu.edu/AboutBHSU/NewsEvents/tabid/3454/articleType/ArticleView/articleId/339/Default.aspx, (605) 642-6215

Names and Social Security numbers of scholarship winners were inadvertently posted and publicly available on the university's web site.

 
Information Source:
Dataloss DB
records from this breach used in our total: 56

April 11, 2007 Midas International Corporation
Itasca, Illinois
BSR DISC

546

Two emails were sent to a group of Company employees. They contained an attachment with the names, Social Security numbers, addresses, dates of birth, job titles and pay rates of all employees. Some of the email recipients had authorization to view the information, but most did not.

 
Information Source:
Dataloss DB
records from this breach used in our total: 546

April 12, 2007 Bank of America
Charlotte, North Carolina
BSF PORT

Unknown

A laptop containing personal information of current, former and retired employees including names, addresses, dates of birth and Social Security numbers was stolen when an employee was a victim of a recent break-in. A limited number of people were affected.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

April 12, 2007 University of Pittsburgh Medical Center
Pittsburgh, Pennsylvania
MED DISC

88

Personal information including names, Social Security numbers, and radiology images of patients were previously included in two medical symposium presentations that were posted on UPMC's Web site. Though the presentation was later removed in 2005, the presentations were apparently inadvertently re-posted on the site and only recently removed again.

 
Information Source:
Dataloss DB
records from this breach used in our total: 88

April 12, 2007 Georgia Secretary of State
Atlanta, Georgia
GOV PHYS

75,000

http://sos.georgia.gov/pressrel/20070411a.htm

30 boxes of Fulton County voter registration cards that contain names, addresses and Social Security numbers were found in a trash bin.

 
Information Source:
Dataloss DB
records from this breach used in our total: 75,000

April 15, 2007 CVS Pharmacy
Liberty, Texas
MED PHYS

Over 1,000

The Attorney General of Texas filed a complaint against CVS Pharmacy for illegally disposing of personal information including active debit and credit card numbers, complete with expiration dates and medical prescription forms with customer's name, address, date of birth, issuing physician and the types of medication prescribed. The information was found in a dumpster behind a store that apparently was being vacated. 

 
Information Source:
Dataloss DB
records from this breach used in our total: 1,000

April 18, 2007 Ohio State University
Columbus, Ohio
EDU HACK

14,000

http://www.osu.edu/news/newsitem1673

A hacker accessed the names, Social Security numbers, employee ID numbers and birth dates of 14,000 current and former staff members.

 
Information Source:
Dataloss DB
records from this breach used in our total: 14,000

April 18, 2007 University of California, San Francisco (UCSF)
San Francisco, California
EDU STAT

3,000

(866) 485-8777, http://news.ucsf.edu/releases/ucsf-computer-server-with-research-subject-information-is-stolen/, http://security.ucsf.edu/alert/information.html

A computer file server containing names, contact information, and Social Security numbers for study subjects and potential study subjects related to research on causes and cures for different types of cancer was stolen from a locked UCSF office. For some individuals, the files also included personal health information.

 
Information Source:
Dataloss DB
records from this breach used in our total: 3,000

April 18, 2007 Ohio State University
Columbus, Ohio
EDU PORT

3,500

http://www.osu.edu/news/newsitem1673

The names, Social Security numbers and grades of 3,500 former chemistry students were on class rosters housed on two laptop computers stolen from a professor's home in late February.

 
Information Source:
Dataloss DB
records from this breach used in our total: 3,500

April 19, 2007 New Mexico State University
Las Cruces, New Mexico
EDU DISC

5,600

The names and Social Security numbers of students who registered online to attend their commencement ceremonies from 2003 to 2005 were accidentally posted on the school's Web site when an automated program moved what was supposed to be a private file into a public section of the Web site.

 
Information Source:
Dataloss DB
records from this breach used in our total: 5,600

April 19, 2007 Honeywell International
Morristown, New Jersey
BSF PORT

Unknown

A laptop was stolen from a Honeywell HR employee.  It contained the names and Social Security numbers of employees.  At least 20 New York residents were affected, but the total number of people affected nationwide was not revealed.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

April 19, 2007 Valve Software
Bellevue, Washington
BSR HACK

Unknown

A hacker accessed customer information that was stored on the website. Thousands of customers had their information exposed, and the hacker posted some customer credit card information. The hacker claims to have gained access by utilizing login details that were easily found by browsing. Valve asset information was also exposed.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

April 20, 2007 Los Alamos National Laboratory
Alburquerque, New Mexico
GOV DISC

550

The names and Social Security numbers of lab workers were posted on a Web site run by a subcontractor working on a security system.

 
Information Source:
Dataloss DB
records from this breach used in our total: 550

April 20, 2007 U.S. Agriculture Department
Washington, District Of Columbia
GOV DISC

38,700

http://www.usda.gov/wps/portal/!ut/p/_s.7_0_A/7_0_1OB?contentidonly=true&contentid=2007/04/0110.xml

The Social Security numbers of people who received loans or other financial assistance from two Agriculture Department programs were disclosed since 1996 in a publicly available database posted on the Internet. Originally, the US Department of Agriculture estimated that the personal information of as many as 150,000 people may be affected, then reduced the number 38,700.

 
Information Source:
Dataloss DB
records from this breach used in our total: 38,700

April 21, 2007 Albertsons (Save Mart Supermarkets)
Alameda, California
BSR CARD

Over 100

(510) 337-8340

Credit and debit card numbers were stolen using bogus checkout-line card readers resulting in card numbers processed at those terminals being captured and some to be misused.

 
Information Source:
Dataloss DB
records from this breach used in our total: 100

April 23, 2007 Federal Emergency Management Agency (FEMA)
Washington, District Of Columbia
GOV DISC

2,300

Social Security numbers of Disaster Assistance Employees were printed on the outside address labels of reappointment letters

 
Information Source:
Dataloss DB
records from this breach used in our total: 2,300

April 24, 2007 Purdue University
West Lafayette, Indiana
EDU DISC

175

(866) 307-8513

Personal information including names and Social Security numbers of students who were enrolled in a freshman engineering honors course was on a computer server connected to the Internet that had been indexed by Internet search engines and consequently was available to individuals searching the Web.

 
Information Source:
Dataloss DB
records from this breach used in our total: 175

April 24, 2007 Baltimore County Department of Health
Baltimore, Maryland
GOV PORT

6,000

A laptop containing personal information including names, date of birth, Social Security numbers, telephone numbers and emergency contact information of patients who were seen at the clinic between Jan. 1, 2004 and April 12 was stolen.

 
Information Source:
Dataloss DB
records from this breach used in our total: 6,000

April 25, 2007 Neiman Marcus Group
Dallas, Texas
BSR STAT

160,000

http://phx.corporate-ir.net/phoenix.zhtml?c=118113&p=irol-recentdata, (800) 456-7019

Computer equipment was stolen containing files with sensitive information including name, address, Social Security number, date of birth, period of employment and salary information of retailer Neiman Marcus Group's current and former employees and their spouses.

 
Information Source:
Dataloss DB
records from this breach used in our total: 160,000

April 26, 2007 Ceridian Corp.
Minneapolis, Minnesota
BSO DISC

150

A former employee had data containing the personal information of employees including ID and bank-account data and then, accidentally posted it on a personal Web site.

 
Information Source:
Dataloss DB
records from this breach used in our total: 150

April 27, 2007 Google Ads
Mountain View, California
BSO HACK

Unknown

Top sponsored Google ads linked to 20 popular search terms were found to install a malware program on users' computers to capture personal information and access online accounts for 100 different banks.

 
Information Source:
Media
records from this breach used in our total: 0

April 27, 2007 Caterpillar, Inc., SBA Inc.
Peoria, Illinois
BSO PORT

Unknown

A laptop computer containing personal data of employees including Social Security numbers, banking information and addresses was stolen from a benefits consultant that works with the company.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

April 27, 2007 Commonwealth Business Media
Newark, New Jersey
BSO DISC

145

An employee accidentally attached a spreadsheet to an email that was sent to other employees. The spreadsheet had the names, Social Security numbers and other personnel information of each of the people it was emailed to.

 
Information Source:
Dataloss DB
records from this breach used in our total: 145

April 28, 2007 Couriers on Demand
Dallas, Texas
BSO DISC

Hundreds

Personal information of job applicants was accidentally published to the Internet.

 
Information Source:
Dataloss DB
records from this breach used in our total: 100

April 29, 2007 University of New Mexico
Alburquerque, New Mexico
EDU PORT

3,000 not included in total below because SSNs were apparently not compromised)

Employees' personal information including names, e-mail and home addresses, UNM ID numbers and net pay for a pay period for staff, faculty and a few graduate students may have been stored on a laptop computer stolen from the San Francisco office of an outside consultant working on UNM's human resource and payroll systems.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

April 30, 2007 Home Depot
Atlanta, Georgia
BSR PORT

5,563

A laptop was stolen on March 23. Home Depot associates may have had their Social Security number and amount of Home Depot incentive program bonus exposed. Names and addresses were not on the laptop. Employees were notified on April 30.

 
Information Source:
Dataloss DB
records from this breach used in our total: 5,563

May 1, 2007 Healing Hands Chiropractic
Sterling, Colorado
MED PHYS

Unknown

Hundreds of medical records containing the personal information of chiropractic patients including Social Security numbers, birth dates, addresses and, in some cases, credit card information were thrown into a dumpster “due to lack of office space.”

 
Information Source:
Media
records from this breach used in our total: 0

May 1, 2007 JP Morgan
New York, New York
BSF PHYS

Unknown

Documents containing personal financial data of customers including names, addresses and Social Security numbers were found in garbage bags outside five branch offices in New York.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

May 1, 2007 Maine State Lottery Commission
Hallowell, Maine
GOV PHYS

Unknown

Documents containing personal information such as names, Social Security numbers, references to workers compensation claim records, psychiatric and other medical records, and police background checks were found in a dumpster.

 
Information Source:
Media
records from this breach used in our total: 0

May 1, 2007 Champaign Police Officers
Champaign, Illinois
GOV STAT

139

The names and Social Security numbers of Champaign police officers were left on a computer donated to charity.

 
Information Source:
Dataloss DB
records from this breach used in our total: 139

May 1, 2007 JP Morgan
Chicago, Illinois
BSF PORT

47,000

A computer tape containing personal information of wealthy bank clients and some employees was delivered to a secure off-site facility for storage but was later reported missing.

 
Information Source:
Dataloss DB
records from this breach used in our total: 47,000

May 3, 2007 Maryland Department of Natural Resources
Annapolis, Maryland
GOV PORT

1,433

Personal information of current and retired employees including names and Social Security numbers was downloaded to a thumb drive by an employee who wanted to work at home but was lost en route.

 
Information Source:
Dataloss DB
records from this breach used in our total: 1,433

May 3, 2007 Louisiana State University, E..J. Ourso College of Business
Baton Rogue, Louisiana
EDU PORT

750

A laptop stolen from a faculty member's home contained personally identifiable information including may have included students' Social Security numbers, full names and grades of University students.

 
Information Source:
Dataloss DB
records from this breach used in our total: 750

May 3, 2007 Montgomery College
Conroe, Texas
EDU DISC

Unknown

A new employee posted the personal information of all graduating seniors including names, addresses and Social Security numbers on a computer drive that is publicly accessible on all campus computers.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

May 5, 2007 Transportation Security Administration (TSA)
Crystal City, Virginia
GOV PORT

100,000

A computer hard drive containing payroll data from January 2002 to August 2005 including employee names, Social Security numbers, birth dates, bank account and routing information of current and former workers including airport security officers and federal air marshals was stolen.

UPDATE (5/14/07) The American Federation of Government Employees is suing the TSA for the loss of the hard drive. It calls the breach a violation of the Privacy Act.

 
Information Source:
Dataloss DB
records from this breach used in our total: 100,000

May 7, 2007 Indiana Department of Administration
Indianapolis, Indiana
GOV DISC

Unknown

An employee uploaded a list of certified women and minority business enterprises to the department's Web site and inadvertently included their tax identification numbers, which for some businesses and sole proprietor-ships is the owner's Social Security number. Reports indicate that the number of people affected was no more than a couple hundred.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

May 7, 2007 Private Tax Practice
Southold, New York
BSF PORT

60

A laptop with client information was stolen on April 27.  Tax return files were on the laptop, though it was encrypted. Client information also included names, addresses and Social Security numbers.

 
Information Source:
Dataloss DB
records from this breach used in our total: 60

May 7, 2007 Arteis
Palo Alto, California
BSO HACK

Unknown

The location listed is Hewlett-Packard Company's headquarters. Hewlett-Packard acquired Arteis in May of 2007.

In January, Arteis discovered that an unauthorized person had accessed certain files. Customer names, addresses and credit card numbers may have been exposed.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

Breach Total
864,188,052 RECORDS BREACHED
(Please see explanation about this total.)
from 4,252 DATA BREACHES made public since 2005
Showing 751-800 of 4252 results


X

Sign In!

Loading