Chronology of Data Breaches
Security Breaches 2005 - Present

Posted Date: April 20, 2005
Updated Date: December 31, 2013

Is this your first visit to our Chronology of Data Breaches?

  • Read our FAQ about what we define as a breached record, how we calculate the "total" records breached, our data sources, state breach notice laws, studies and other resources

  • Learn how to use our Chronology and take advantage of its sophisticated search and sort features

  • Get our RSS Feed to see when we add new breaches to the list

What would you like to do?


Click or unclick the boxes then select go.


Select features, then click GO.



Help Guide

Can't find the sort feature you're looking for? Click here to download a CSV file of the data breach list as it exisits today.
Breach Total
867,217,832 RECORDS BREACHED
(Please see explanation about this total.)
from 4,257 DATA BREACHES made public since 2005

Save or Print PDF of Entire Breach List including introduction.Save or Print a PDF of Entire Breach List (including introductory FAQ)

Filter breach list before saving or printing PDF. Conduct a search of the Chronology using its sorting features, and Save or Print a PDF of your search results (Select filters)

If you do not have access to PDF, you can print the Chronology in landscape view.

Date Made Publicsort icon Name Entity Type
July 19, 2006 Group 1 Automotive Inc, Weinstein Spira & Company, P.C.
Houston, Texas
BSF PORT

14,000

Five laptops were stolen from a Weinstein Spira office sometime between the night of July 10 and the morning of July 11.  The laptops contained personal information of clients and the employees of clients. Names, addresses, Social Security numbers and financial data were accessed. 

 
Information Source:
Dataloss DB
records from this breach used in our total: 14,000

July 24, 2006 New York City Department of Homeless Services
New York, New York
GOV DISC

8,400

The personal information of 8,400 homeless persons, including SSNs, was leaked in an e-mail attachment July 21, when accidentally sent to homeless advocates and city officials.

 
Information Source:
Dataloss DB
records from this breach used in our total: 8,400

July 24, 2006 Wolters Kluwer
Torrance, California
BSO PORT

8,500

A laptop with Social Security numbers, addresses, and some health plan information for current and former employees was stolen from a docking station at a private office on or around May 29. The laptop may have also included bank account information for 600 employees who had joined the company during 2006. Employees were notified in July.

 
Information Source:
Dataloss DB
records from this breach used in our total: 8,500

July 24, 2006 Heritage Centers
Buffalo, New York
MED PHYS

31

An employee's briefcase was stolen from her car on June 18. The briefcase contained a list of the names, addresses, Social Security numbers, phone numbers, dates of birth and genders of 31 individuals.

 
Information Source:
Dataloss DB
records from this breach used in our total: 31

July 25, 2006 Armstrong World Industries, Deloitte & Touche
Lancaster County, Pennsylvania
BSO PORT

12,000

A laptop containing personal information of current and former employers was stolen. The computer was in the possession of the company's auditor, Deloitte & Touche. Data included names, home addresses, phone numbers, SSNs, employee ID numbers, salary data, and bank account numbers of employees who have their checks directly deposited.

 
Information Source:
Dataloss DB
records from this breach used in our total: 12,000

July 25, 2006 Belhaven College
Jackson, Michigan
EDU PORT

300

An employee carrying a laptop was robbed at gunpoint on July 19 while walking to his car. The computer contained the names and SSNs of college employees.

 
Information Source:
Dataloss DB
records from this breach used in our total: 300

July 25, 2006 Georgetown University Hospital
Washington, District Of Columbia
MED DISC

between 5,600 and 23,000 patients were affected (23,000 added to total below)

Patient data was exposed online via the computers of an e-prescription provider, InstantDx. Data included names, addresses, SSNs, and dates of birth, but not medical or prescription data. GUH suspended the trial program with InstantDX.

 
Information Source:
Dataloss DB
records from this breach used in our total: 23,000

July 25, 2006 Old Mutual Capital Inc., subsidiary of United Kingdom-based financial services firm Old Mutual PLC
Kansas City, Missouri
BSF PORT

6,500 fund shareholders

Laptop was stolen sometime in May containing personal information of U.S. clients, including names, addresses, account numbers and some SSNs.

 
Information Source:
Dataloss DB
records from this breach used in our total: 6,500

July 25, 2006 Cablevision Systems Corp., ACS, FedEx
Bethpage, New York
BSO PORT

13,700 current and former employees

Additional locations: Dallas, TX, Connecticut, New Jersey and New York

A tape en route to the company's 401(k) plan record-keeper ACS was lost when shipped by FedEx to Dallas, TX. No customer data was on the tape.

 
Information Source:
Dataloss DB
records from this breach used in our total: 13,700

July 26, 2006 U.S. Navy recruitment offices
Trenton, New Jersey
GOV PORT

31,000 records were stolen, with about 4,000 containing SSNs. The latter number is included in the total below.

Additional location: Jersey City, NJ

Two laptop computers with information on Navy recruiters and applicants were stolen in June and July. Also included was information from selective service and school lists. About 4,000 records contained SSNs. Files were password protected.

 
Information Source:
Dataloss DB
records from this breach used in our total: 4,000

July 26, 2006 West Virginia Division of Rehabilitation Services
Beckley, West Virginia
GOV PORT

Unknown

A laptop was stolen July 24 containing clients' names, addresses, SSNs, and phone numbers. Data was password protected.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

July 27, 2006 Kaiser Permanente Northern California Office
Oakland, California
MED PORT

160,000 records. Because the data file did not include SSNs, this number is not added to the total below.

(866) 453-3934

A laptop was stolen containing names, phone numbers, and the Kaiser number for each HMO member. The data file did not include SSNs. The data was being used to market Hearing Aid Services to Health Plan members.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

July 27, 2006 Los Angeles County Department Community Senior Services
Los Angeles, California
GOV PORT

Unknown

In May, a laptop was stolen from the home of a community and senior services employee. It contained information on LA County employees.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

July 27, 2006 Los Angeles County, Community Development Commission (CDC)
Monterey Park, California
GOV HACK

4,800 records (No SSNs or financial information reported)

Earlier in July, a computer hacker located in Germany gained access to the CDC's computer system, containing personal information on 4,800 public housing residents.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

July 27, 2006 Los Angeles County, Adult Protective Services
Burbank, California
GOV PORT

Unknown

Last weekend 11 laptops were stolen from the Burbank office. It is not clear what type of personal information was included.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

July 28, 2006 Matrix Bancorp Inc.
Denver, Colorado
BSF PORT

Unknown

(877) 250-7742

Two laptop computers were stolen during daytime while staffers were away from their desks. One computer contained customers' account information. The bank says data is encrypted and password protected.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

July 28, 2006 City of Riverside, California
Riverside, California
GOV DISC

2,000

The SSNs and financial information regarding 401(k) accounts were accidentally e-mailed to 2,300 city employees due to a computer operator's error. The data was intended for the city payroll department.

 
Information Source:
Dataloss DB
records from this breach used in our total: 2,000

July 28, 2006 Merlin Information Services
Kalispell, Montana
BSO HACK

3,957

The login information for a qualified customer was compromised. This resulted in the possible exposure of customer names, addresses and Social Security numbers.

 
Information Source:
Dataloss DB
records from this breach used in our total: 3,957

July 29, 2006 Sentry Insurance
Stevens Point, Wisconsin
BSF INSD

112,270 

Personal information including SSNs on worker's compensation claimants was stolen, some of which was later sold on the Internet. At least 72 claimants of the 112,270 who may have had their information accessed had their information sold.  No medical records were included. The thief was a lead programmer-consultant who had access to claimants' data. The consultant was arrested and faces felony charges.

 
Information Source:
Dataloss DB
records from this breach used in our total: 112,270

August 1, 2006 US Bank
Covington, Kentucky
BSF PHYS

Unknown

A bank employee's briefcase was stolen from the employee's car with documents containing names, phone numbers, and SSNs of customers.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

August 1, 2006 Wichita State University
Wichita, Kansas
EDU HACK

2,000

WSU learned on June 29 that someone gained unauthorized access into 3 computers in its College of Fine Arts box office, containing credit card information for about 2,000 patrons.

 
Information Source:
Dataloss DB
records from this breach used in our total: 2,000

August 1, 2006 Wichita State University
Wichita, Kansas
EDU HACK

40 (not included in total below because it is not known if SSNs were included in breached data)

An intrusion into a WSU Psychology Department's server was discovered July 16. It contained information on about 40 applicants to the doctoral program.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

August 1, 2006 Dollar Tree
Carmichael, California
BSR HACK

Unknown

Additional locations: Modesto, CA and Ashland, OR. Other locations may also be involved.

Customers of the discount store have reported money stolen from their bank accounts due to unauthorized ATM withdrawals. Data may have been intercepted by a thief's use of a wireless laptop computer with the thief then creating counterfeit ATM cards and using them to withdraw money.

UPDATE (10/5/06): Parkev Krmoian was indicted by a federal grand jury for allegedly using phony ATM cards made from gift cards. The case is tied to the Dollar Tree customer bank account thefts.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

August 1, 2006 Ron Tonkin Nissan
Portland, Oregon
BSR UNKN

Up to 16,000 affected

Questions? Call: (503) 251-3349

Several months ago the car dealership experienced a security breach affecting the personal information of those who bought cars or applied for credit between 2001 and March 2006.

 
Information Source:
Dataloss DB
records from this breach used in our total: 16,000

August 3, 2006 Fiduciary Trust Company International
New York, New York
BSF PORT

53

A laptop that contained the information of current and former clients was stolen from an employee sometime around July 24. The names, account numbers and tax identification or Social Security numbers of clients with claims may have been exposed.

 
Information Source:
Dataloss DB
records from this breach used in our total: 53

August 3, 2006 Franklin Templeton Investments
San Mateo, California
BSF PORT

9

At least nine U.S. citizens were affected by a July 24 incident involving a stolen laptop. The laptop contained information that was assembled for filing claims on behalf of clients in pending class actions. Names, Social Security numbers, tax identification numbers and account numbers may have been exposed.

 
Information Source:
Dataloss DB
records from this breach used in our total: 9

August 4, 2006 Toyota
San Antonio, Texas
BSO PORT

1,500

Laptop belonging to contractor and containing personal information of job applicants and employees of a Toyota plant was stolen. Data included names and SSNs.

 
Information Source:
Dataloss DB
records from this breach used in our total: 1,500

August 4, 2006 PSA HealthCare
Norcross, Georgia
MED PHYS

51,000 current and former patients

(866) 752-5259

A company laptop was stolen from an employee's vehicle in a public parking lot July 15. It contained names, addresses, SSNs, and medical diagnostic and treatment information used in reimbursement claims.

 
Information Source:
Dataloss DB
records from this breach used in our total: 51,000

August 6, 2006 American Online (AOL)
New York, New York
BSO DISC

650,000 (Unknown number of high-risk personal records)

Other locations: nationwide

In late July AOL posted on a public web site data on 20 million web queries from 650,000 users. Some search records exposed SSNs, credit card numbers, or other pieces of sensitive information.

UPDATE (9/26/06): Three individuals whose data were exposed have filed a lawsuit against AOL.

UPDATE (9/27/06): Six men were charged with creating and executing the phishing scheme.  The men collected AOL email addresses and infected the computers of users with a program that asked for their credit card and bank account numbers during the AOL login process. AOL users were also spammed with phony email messages that asked for payment on AOL charges. 

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

August 7, 2006 U.S. Department of Veterans Affairs via contractor Unisys Corporation
Reston, Virginia
GOV INSD

5,000

Five thousand Philadelphia patients, 11,000 Pittsburgh patients and 2,000 deceased patients were affected.  There is a possibility that 20,000 others were also affected.

A computer at contractor's office was reported missing Aug. 3.  It contained billing records with names, addresses, SSNs, and dates of birth of veterans at two Pennsylvania locations.

UPDATE (9/15/06): Law enforcement recovered the computer and arrested an individual who had worked for a company that provides temporary labor to Unisys.

 
Information Source:
Dataloss DB
records from this breach used in our total: 18,000

August 8, 2006 Virginia Bureau of Insurance
Richmond, Virginia
GOV DISC

Unknown

(804) 726-2630

The Bureau has advised insurance agents in the state that their SSN may have been exposed on its web site from June 13 through July 31, 2006, due to a programming error. The SSNs were not shown on any web page, but could have been found by savvy computer users using the source code tool of a web browser.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

August 8, 2006 Linens 'n Things
Sterling, Virginia
BSR PHYS

90

A folder holding about 90 receipts was missing from the store. Receipts included full credit or debit account number and name of the card holder.

 
Information Source:
Dataloss DB
records from this breach used in our total: 90

August 8, 2006 Chautauqua County Department of Social Services
Jamestown, New York
GOV PHYS

12

Paperwork being used in Medicaid fraud investigations was stolen from an employee's car.  The theft occurred sometime between July 31 and August 1.  People who were being investigated may have had their private information exposed.

 
Information Source:
Dataloss DB
records from this breach used in our total: 12

August 9, 2006 U.S. Department of Transportation
Washington, District Of Columbia
GOV PORT

132,470

(800) 424-9071,  hotline@oig.dot.gov

The DOT's Office of the Inspector General reported a special agent's laptop was stolen on July 27 from a government-owned vehicle in Miami, FL, parked in a restaurant parking lot. It contained names, addresses, SSNs, and dates of birth for 80,670 persons issued commercial drivers licenses in Miami-Dade County, 42,800 persons in FL with FAA pilot certificates and 9,000 persons with FL driver's licenses.

UPDATE (11/21/06):A suspect was arrested in the same parking lot where the theft occurred, but the laptop has not been recovered. Investigators found a theft ring operating in the vicinity of the restaurant parking lot.

 
Information Source:
Dataloss DB
records from this breach used in our total: 132,470

August 9, 2006 Hunter College of the City University of New York
New York, New York
EDU STAT

Unknown

A computer was stolen from the Writing Center in Thomas Hunter Hall on or around July 5.  Its hard drive had a file that contained a list of student names and Social Security numbers. Students who participated in the Spring 2006 CPE intervention session were affected.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

August 9, 2006 Hoffman-La Roche Inc, McCladrey and Pullen LLP
Washington, District Of Columbia
BSR PORT

26,000

A laptop computer belonging to an employee of McCladrey and Pullen LLP was stolen on July 18. McCladrey conducts audits of Roche Savings and Pay Deferral Plan. The laptop included names, Social Security numbers, affiliation with the plan, plan account balance and 2005 plan withdrawal amounts.

 
Information Source:
Dataloss DB
records from this breach used in our total: 26,000

August 10, 2006 Bay View Acceptance Corporation
Covina, California
BSF PORT

68

Two disks were missing from a ripped package sent through UPS. The names, Social Security numbers, addresses and phone numbers of account holders were lost. The disks fell out of the package sometime before it arrived on July 12. Sixty-eight New York residents were affected; the total number of affected customers was not released.

 
Information Source:
Dataloss DB
records from this breach used in our total: 68

August 10, 2006 Weyerhaeuser Company
Washington, District Of Columbia
BSR PHYS 1,597
A book containing payroll data was stolen.  
Information Source:
Dataloss DB
records from this breach used in our total: 1,597

August 10, 2006 Manhasset-Lakeville Fire District
Great Neck, New York
GOV STAT

300

A computer was lost or stolen during office renovations.  The computer contained member names, dates of birth, Social Security numbers, addresses and names of beneficiaries. The computer is believed to have been destroyed.

 
Information Source:
Dataloss DB
records from this breach used in our total: 300

August 10, 2006 American Heart Association AHA, KGMG
Dallas, Texas
MED PORT

97

KPMG International was conducting an audit of AHA's retirement accounts when an auditor's laptop was stolen from her car.  KPMG notified AHA of the breach and informed them of which employees had their names and Social Security numbers on the laptop.  The laptop was stolen from the vehicle at the auditor's home on July 21, but the information did not reach AHA employees until August 17.

 
Information Source:
Dataloss DB
records from this breach used in our total: 97

August 11, 2006 Madrona Medical Group
Bellingham, Washington
MED INSD

At least 6,000 patients

On Dec. 17, 2005, a former employee accessed and downloaded patient files onto his laptop computer. Files included name, address, SSN, and date of birth. The former employee has since been arrested.

 
Information Source:
Dataloss DB
records from this breach used in our total: 6,000

August 15, 2006 University of Kentucky
Lexington, Kentucky
EDU DISC

630

The names and SSNs of 630 students were posted on the University's financial aid web site between Friday and Monday, Aug. 11-14.

 
Information Source:
Dataloss DB
records from this breach used in our total: 630

August 15, 2006 University of Kentucky Department of Georgraphy
Lexington, Kentucky
EDU DISC

80

About 80 geography students were notified Aug. 14 that their SSNs were inadvertently listed on an e-mail communication they all received telling them who their academic advisor would be for the coming year.

 
Information Source:
Dataloss DB
records from this breach used in our total: 80

August 15, 2006 U.S. Department of Transportation
Orlando, Florida
GOV PORT

Unknown

On April 24, a DOT employee's laptop computer was stolen from an Orlando hotel conference room. It contained several unencrypted case files. Investigators are determining if it contained sensitive personal information.

 
Information Source:
Media
records from this breach used in our total: 0

August 15, 2006 New Century Mortgage Corporation
Irvine, California
BSF INSD

Unknown

On August 10, a former employee was found to have copied and disseminated customer information to unknown third parties. The information included names, addresses and Social Security numbers.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

August 16, 2006 Chevron
San Ramon, California
BSO PORT

Unknown

Total employees affected is unclear. Nearly half of Chevron's 59,000 workers are from North America, but it is not known if that number includes employees from Canada.

Chevron informed its U.S. workers on Aug. 14 that a laptop was stolen from an employee of an independent public accounting firm who was auditing its benefits plans. The theft apparently occurred Aug. 5. Files contained SSNs and sensitive information related to health and disability plans.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

August 17, 2006 Williams-Sonoma, Deloitte & Touche
San Francisco, California
BSR PORT

1,200 current and former employees

On July 10, a laptop was stolen from the Los Angeles home of a Deloitte & Touche employee who was conducting an audit for W-S. Computer contained employees' payroll information and SSNs.

 
Information Source:
Dataloss DB
records from this breach used in our total: 1,200

August 17, 2006 HCA, Inc. Hospital Corporation of America
Nashville, Tennessee
MED STAT

thousands of files

(800) 354-1036, http://www.hcahealthcare.com

10 computers containing Medicare and Medicaid billing information and records of employees and physicians from 1996-2006 were stolen from one of the company's regional offices. Some patient names and SSNs were exposed, but details are vague. Records for patients in hospitals in the following states were affected: CO, KS, LA, MS, OK, OR, TS, WA.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

August 17, 2006 Q Dental Group PC
Irondequoit, New York
MED PORT

106 (5 cases of financial information)

An employee's car was stolen from the parking lot of a lab. A schedule of patients that included name, reason for visit, date of visit, doctor name and possibly phone number was in the car. The financial information of five patients and more detailed medical information of eight patients was also in the car.

 
Information Source:
Dataloss DB
records from this breach used in our total: 5

August 18, 2006 California Department of Mental Health
Sacramento, California
GOV PORT

9,468

The location listed is the headquarters. It is unknown where the tape was lost.

 (916) 654-2309

A computer tape with employees' names, addresses, and SSNs has been reported missing. Employees were notified Aug. 17 by e-mail.

 
Information Source:
Dataloss DB
records from this breach used in our total: 9,468

Breach Total
867,217,832 RECORDS BREACHED
(Please see explanation about this total.)
from 4,257 DATA BREACHES made public since 2005
Showing 351-400 of 4257 results


X

Sign In!

Loading