Chronology of Data Breaches
Security Breaches 2005 - Present

Posted Date: April 20, 2005
Updated Date: December 31, 2013

Is this your first visit to our Chronology of Data Breaches?

  • Read our FAQ about what we define as a breached record, how we calculate the "total" records breached, our data sources, state breach notice laws, studies and other resources

  • Learn how to use our Chronology and take advantage of its sophisticated search and sort features

  • Get our RSS Feed to see when we add new breaches to the list

What would you like to do?


Click or unclick the boxes then select go.


Select features, then click GO.



Help Guide

Can't find the sort feature you're looking for? Click here to download a CSV file of the data breach list as it exisits today.
Breach Total
815,842,526 RECORDS BREACHED
(Please see explanation about this total.)
from 4,488 DATA BREACHES made public since 2005

Save or Print PDF of Entire Breach List including introduction.Save or Print a PDF of Entire Breach List (including introductory FAQ)

Filter breach list before saving or printing PDF. Conduct a search of the Chronology using its sorting features, and Save or Print a PDF of your search results (Select filters)

If you do not have access to PDF, you can print the Chronology in landscape view.

Date Made Publicsort icon Name Entity Type
August 31, 2007 AW Direct Inc.
Berlin, Connecticut
BSR HACK

Unknown

An unauthorized person accessed AW Direct's website. Customer order information that included full names, addresses and credit card information was exposed.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

August 31, 2007 Voxant
Reston, Virginia
BSO HACK

4,500

A hacker accessed the website and obtained personal information of customers.

 
Information Source:
Dataloss DB
records from this breach used in our total: 4,500

August 30, 2007 Maryland Department of the Environment
Annapolis, Maryland
GOV PORT

Unknown

A laptop computer containing personal information on people with state licenses has been stolen from a vehicle. It contains four databases that include personal information related to licenses issued by four state boards.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

August 30, 2007 AT&T
San Antonio, Texas
BSO PORT

Unknown

A laptop containing unencrypted personal data on current and former employees of the former AT&T Corp. was stolen recently from the car of an employee of a professional services firm doing work for the company. That theft prompted the company to notify an unspecified number of individuals about the potential compromise of their Social Security numbers, names and other personal details.

 
Information Source:
Media
records from this breach used in our total: 0

August 28, 2007 Connecticut Department of Revenue Services
Hartford, Connecticut
GOV PORT

106,000

A computer laptop with the names and Social Security numbers of more than 100,000 Connecticut taxpayers has been stolen. The Department of Revenue Services intends to launch a web page soon that residents can search to determine whether their personal information was stored on the laptop.

UPDATE (9/14/07): More than 2 dozen state laptops have gone missing since July 2006.

UPDATE (10/19/07): A supervisor at the state Department of Revenue Services was suspended without pay. His computer was stolen from his car in August at a hotel in New York. Police say it was possible the vehicle was not locked because there were no signs of a break-in.

 
Information Source:
Dataloss DB
records from this breach used in our total: 106,000

August 27, 2007 University of Illinois
Champaign-Urbana, Illinois
EDU DISC

5,247 Not added to total. It does not appear that SSNs or financial account numbers were exposed.

An e-mail sent Aug. 24 to about 700 University of Illinois engineering students contained a spreadsheet listing personal information, including addresses and grade point averages, of thousands of students. The spreadsheet attached to the mass mail did not contain Social Security numbers or the students' university identification numbers. But, the person who sent the mass e-mail attached a spreadsheet containing information on all 5,247 students in the College of Engineering. The spreadsheet included each student's name, e-mail address, major, gender, race and ethnicity, class, date admitted, spring 2007 grade point average, cumulative GPA, plus local address and phone number.

 
Information Source:
Media
records from this breach used in our total: 0

August 26, 2007 American Ex-Prisoners of War
, Texas
NGO UNKN

35,000

Personal records including addresses and Social Security numbers of more than 35,000 veterans and their families were stolen this month from the offices of a POW support organization in Texas. Digital and paper records included information on the group's entire membership, including addresses, dates of birth, Social Security numbers and VA claims data.

 
Information Source:
Dataloss DB
records from this breach used in our total: 35,000

August 23, 2007 New York City Financial nformation Services Agency
New York, New York
GOV PORT

280,000 Not added to total. It is not clear that SSNs or financial account numbers were exposed.

A laptop loaded with financial information on as many as 280,000 city retirees was stolen from a consultant who took the computer to a restaurant.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

August 23, 2007 Loomis Chaffee School
Windsor, Connecticut
EDU UNKN

Unknown

Valuable computer equipment, including two large storage devices were stolen during a night time burglary from the locked IT facility on campus. The stolen storage devices contained information about some recent graduates of the school, including their names, Social Security numbers, and contact information from their days as students at the school.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

August 23, 2007 Monster.com
Maynard, Massachusetts
BSO HACK

Unknown

http://help.monster.com/besafe/

Monster announced that the details of some 1.6 million job seekers had been stolen. Fewer than 5,000 of those 1.6 million users affected are based outside the United States. The information stolen was limited to names, addresses, phone numbers and email addresses, and no other details including bank account numbers were uploaded.

UPDATE (8/29/07) : Hackers have stolen the names, e-mail addresses and telephone numbers of about 146,000 subscribers to USAJOBS.gov. The hackers accessed the information from the resume database run by Monster.com, which provides the technology for USAJOBS.gov. Monster Worldwide told OPM that no Social Security numbers were compromised.

 
Information Source:
Media
records from this breach used in our total: 0

August 22, 2007 California Public Employees' Retirement System (CalPERS)
Sacramento, California
GOV DISC

445,000

Roughly 445,000 retirees in California received brochures announcing an upcoming election to fill a rare vacancy on the board of the California Public Employees' Retirement System. All or a portion of each person's Social Security number appeared without hyphens on the address panel.

 
Information Source:
Dataloss DB
records from this breach used in our total: 445,000

August 22, 2007 PrintPack Inc.
Atlanta, Georgia
BSR PORT

Unknown

Five laptops were stolen from Printpack's corporate headquarters during a nighttime burglary on or around August 16.  One laptop was taken from the finance department and had human resources information from current and former employees.  Names, Social Security numbers, dates of birth, marital status, addresses and other information may have been exposed.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

August 21, 2007 Walter Reed Army Institute of Research
Silver Spring, Maryland
GOV PHYS

Unknown

Boxes of documents containing personal information were supposed to be shredded but instead turned up last week in an off-base trash bin. Police do not believe anyone had access to the information other than the person who found the records. An investigation is under way to determine precisely what information they held and why they appeared off base.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

August 21, 2007 West Virginia Board of Barbers and Cosmetologists
Charleston, West Virginia
BSO UNKN

Unknown

Every barber and cosmetologist licensed in the state of West Virginia since 1986 could now potentially be a victim of identity theft. Someone broke into the second floor office of the Board of Barbers and Cosmetologists and stole a safe. The director of the agency says the safe contains the personal information of thousands of hair dressers.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

August 20, 2007 University of Toledo
Toledo, Ohio
EDU PORT

Unknown

A laptop computer has been stolen from an office in the Student Recreation Center that contained some student and employee names and Social Security numbers.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

August 20, 2007 Celgene Corporation
Summit, New Jersey
BSR PORT

1,951

Four external computer hard drives used to back up information were discovered missing from a locked information technology workroom. The hard drives contained personal information about Celgene's current and former employees. Names, Social Security numbers, addresses, phone numbers, dates of birth, bank and financial accounts, compensation information and some driver's license numbers were on the hard drives.

 
Information Source:
Dataloss DB
records from this breach used in our total: 1,951

August 19, 2007 Applera
Norwalk, Connecticut
BSO PORT

Unknown

A laptop was stolen from the car of an employee while it was in a parking lot on August 9. The laptop contained full names and Social Security numbers of employees. It is not clear if all 5,530 of Applera's employees were affected by the incident. At least 24 New Hampshire residents were affected.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

August 17, 2007 Mercury Interactive, Hewlett-Packard
Atlanta, Georgia
BSO PORT

1,425

A laptop belonging to an HP director was lost during a business trip to Atlanta, GA. The breach occurred in late July and involved the names, Social Security numbers, addresses, dates of birth, citizenship status and compensation information of Mercury Interactive employees.  Mercury Interactive was acquired by HP in November of 2006.

 
Information Source:
Dataloss DB
records from this breach used in our total: 1,425

August 17, 2007 University of New Hampshire
Durham, New Hampshire
EDU DISC

29

An MS Excel spreadsheet containing names and Social Security numbers of graduate students at the University was posted within the University's website on or around April 17, 2007.  Specifically, the spreadsheet contained the credit hour and tuition information associated with "inter-college" graduate programs.  In addition to the credit hour and tuition information that were visible at the top of the spreadsheet, the bottom of the report also included the names and Social Security numbers of students. A staff member recognized the mistake on July 27.

 
Information Source:
Dataloss DB
records from this breach used in our total: 29

August 16, 2007 Utica Title and Escrow
Bixby, Oklahoma
BSF PHYS

Unknown

Boxes belonging to Utica Title and Escrow had been stored at a storage unit in Bixby. When Utica quit paying rent the storage company went through the legal process to be able to sell everything left behind. No one wanted to buy the boxes of paper so the boxes were thrown out. The boxes contained private information, including Social Security numbers, bank accounts and pay stubs.

 
Information Source:
Media
records from this breach used in our total: 0

August 16, 2007 Nationwide Mutual Insurance
Woodbury, New York
BSF PORT

140

A laptop was stolen from the car of a claims representative.  It contained the names, Social Security numbers and driver's license numbers of clients.  

 
Information Source:
Dataloss DB
records from this breach used in our total: 140

August 15, 2007 Idaho Army National Guard
Boise, Idaho
GOV PORT

3,400

http://www.idahoarmyguard.org/, or call the Idaho National Guard Joint Operations Center

A small computer drive containing Social Security numbers and other personal information about every Army National Guard soldier in Idaho has been stolen.

 
Information Source:
Dataloss DB
records from this breach used in our total: 3,400

August 15, 2007 Greater Detroit Hospital
Detroit, Michigan
MED PHYS

Unknown

It's a repeat of a problem that emerged late last year at the Greater Detroit Hospital where metal thieves stripped everything from copper piping to windows, exposing rows of abandoned patient files. Neighbors said there are hundreds of boxes of patient files and payroll records inside, full of credit card and Social Security numbers.

 
Information Source:
Media
records from this breach used in our total: 0

August 15, 2007 Sky Lakes Medical Center, Verus Inc.
Klamath Falls, Oregon
MED DISC

30,000

The company that maintained the hospital's online bill payment system, transferred patient information from one server to another to perform maintenance but didn't take security measures, leaving information such as names, addresses and Social Security numbers exposed.

 
Information Source:
Dataloss DB
records from this breach used in our total: 30,000

August 13, 2007 Pfizer, Axia Ltd.
New York, New York
BSO PORT

950

 (866) 274-3891

Axia Ltd. had notified Pfizer on June 14 of an incident in which two Pfizer laptops were stolen from a locked car. The laptops, which disappeared May 31 in Boston, included the names and Social Security numbers of health-care professionals who were providing or considering providing contract services for Pfizer, according to the letter.

 
Information Source:
Dataloss DB
records from this breach used in our total: 950

August 11, 2007 Providence Alaska Medical Center
Anhorage, Alaska
MED PORT

250

(888) 387-3392

A laptop computer that contains the personal information of patients is missing. On the laptop there maybe names, medical record numbers, dates of birth, patient diagnoses, Social Security numbers and addresses.

 
Information Source:
Dataloss DB
records from this breach used in our total: 250

August 10, 2007 Loyola University
Chicago, Illinois
EDU STAT

5,800

A computer with the Social Security numbers of 58 hundred students was discarded before its hard drive was erased, forcing the school to warn students about potential identify theft.

 
Information Source:
Dataloss DB
records from this breach used in our total: 5,800

August 10, 2007 Legacy Health System
Portland, Oregon
MED INSD

747

(503) 445-9533

A primary care physician practice has discovered the theft of $13,000 in cash and personal data for patients. Patient receipts, credit card transaction slips and checks are also missing, in addition to Social Security numbers and dates of birth for patients.  The investigation indicated it was a dishonest insider.

 
Information Source:
Dataloss DB
records from this breach used in our total: 747

August 9, 2007 Citigroup
Stamford, Connecticut
BSF PORT

519

A laptop was stolen from a third party vendor during an office burglary. The information on the laptop may have included customer names, Social Security numbers, addresses, telephone numbers and email addresses. The information was related to student loans, but did not include financial account information.

 
Information Source:
Dataloss DB
records from this breach used in our total: 519

August 9, 2007 Penson Worldwide
Dallas, Texas
BSF HACK

11

A person or persons breached Penson's computer network security systems on July 30.  User logins, passwords, email addresses, security questions and answers were compromised.

 
Information Source:
Dataloss DB
records from this breach used in our total: 11

August 8, 2007 Yale University
New Haven, Connecticut
EDU STAT

10,200

Social Security numbers for over 10,000 current and former students, faculty and staff were compromised last month following the theft of two University computers

 
Information Source:
Dataloss DB
records from this breach used in our total: 10,200

August 7, 2007 Electronic Data Systems
Montgomery, Alabama
BSO INSD

498

A former employee was arrested this week for allegedly trafficking in stolen identities she received through her work with the company. She obtained the names and identifying information of 498 Alabama Medicaid recipients and subsequently sold 50 of those identities.

 
Information Source:
Dataloss DB
records from this breach used in our total: 498

August 7, 2007 Merrill Lynch
Hopewell, New Jersey
BSF UNKN

33,000

A computer device apparently was stolen containing sensitive personal information, including Social Security numbers, about some 33,000 employees.

 
Information Source:
Dataloss DB
records from this breach used in our total: 33,000

August 7, 2007 Blue Cross Blue Shield North Carolina
Durham, North Carolina
BSF DISC

2,940

Letters were accidentally mailed with subscriber Social Security numbers visible through envelope windows.

 
Information Source:
Dataloss DB
records from this breach used in our total: 2,940

August 6, 2007 Verisign
Mountain View, California
BSO PORT

Unknown

A laptop containing extensive personal information on an undisclosed number of VeriSign employees was stolen from an employee's car. The information included names, addresses, Social Security numbers, dates of birth, telephone numbers, and salary records.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

August 4, 2007 Kellogg Community Federal Credit Union
Battle Creek, Michigan
BSF STAT

Unknown

A computer containing personal information on an undisclosed number members was stolen. A file containing some members' names, addresses, telephone numbers, birth dates, Social Security numbers and account numbers was on the computer's hard drive.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

August 3, 2007 WorkCare Orem
Pleasant Grove, Utah
MED PHYS

Unknown

A truck driver found medical documents containing personal information in his truck and on the ground while he picked up a load at a garbage transfer station. The documents contained names, addresses, telephone numbers, Social Security numbers and birth dates.

 
Information Source:
Media
records from this breach used in our total: 0

August 3, 2007 Wabash Valley Correctional Facility
Indianapolis, Indiana
GOV DISC

Unknown

A database containing Social Security numbers, dates of birth and names of people employed at the facility between 1997 and 2002 was unintentionally moved from a secure private drive that was accessible only by the human resources department to a shared directory that could be accessed by other employees here.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

August 2, 2007 E.On - U.S.(energy services)
Louisville, Kentucky
BSO PORT

Unknown

A laptop with names, Social Security numbers and birth dates of most E.On U.S. employees and some retirees was stolen last month.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

August 2, 2007 University of Toledo
Toledo, Ohio
EDU STAT

Unknown

(419) 530-4836, (419) 530-3661, (419) 530-1472

Two computers were stolen with hard drives containing student and staff Social Security numbers, names, and grade change information.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

August 1, 2007 Lifetime Fitness
Dallas, Texas
GOV PHYS

Unknown

Staff had discarded customer records in easily accessible trash cans behind Dallas businesses. Information that was discarded contained names, addresses, Social Security numbers, driver's license numbers and credit card information, as well as the date of birth of several children. Lifetime Fitness is based in Minnesota.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

July 31, 2007 Textron
Providence, Rhode Island
BSF PORT

500 (No SSNs or financial information reported)

An employee's laptop was stolen.  It contained employee information.  At least 475 New Hampshire and 25 Maine residents were affected, but the total number of affected individuals was not revealed.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

July 28, 2007 Yuba County Health and Human Services
Yuba County, California
MED PORT

70,000

A laptop stolen from a building contained personally identifiable information of individuals whose cases were opened before May 2001. The laptop was being used as a backup system for the county's computer system. The data include Social Security numbers, birth dates, driver's license numbers and other private information.

 
Information Source:
Dataloss DB
records from this breach used in our total: 70,000

July 27, 2007 City of Virginia Beach, Flexible Benefits Administrators
Virginia Beach, Virginia
GOV INSD

2,000

A former employee allegedly stole Virginia Beach city and school district employees' personal information and used it to commit prescription fraud. Police discovered a list of names and Social Security numbers at the employee's home.

 
Information Source:
Dataloss DB
records from this breach used in our total: 2,000

July 27, 2007 City Harvest
New York, New York
NGO HACK

12,000

 (917) 351-8763

City Harvest is currently investigating a potential improper access of systems that contained credit card information of their donors.

 
Information Source:
Dataloss DB
records from this breach used in our total: 12,000

July 27, 2007 American Education Services, Vista Financial Inc
Harrisburg, Pennsylvania
BSF PORT

5,000

Personal information was on a laptop stolen in a burglary at a subcontractor's headquarters. The information, which was not encrypted, included names, addresses, phone numbers, e-mail addresses and Social Security numbers.

 
Information Source:
Dataloss DB
records from this breach used in our total: 5,000

July 26, 2007 United States Marine Corps, Penn State University
Harrisburg, Pennsylvania
EDU DISC

10,554

Data belonging to 10,554 Marines was “improperly posted” by Penn State University, according to the Marine Corps. Names and Social Security numbers of Marines could be found via Google search engine. Penn State University was under a research contract with the Marine Corps.

 
Information Source:
Dataloss DB
records from this breach used in our total: 10,554

July 25, 2007 Hidalgo County Commissioner's Office
Hidalgo County, Texas
GOV DISC

25

The private medical information, including Social Security numbers and treatment details of people who sought medical assistance from the county was posted on the Hidalgo County Website.

 
Information Source:
Media
records from this breach used in our total: 25

July 25, 2007 Affiliated Computer Services (ACS) Government Systems Inc., Delaware Court Systems
Levington, Kentucky
GOV PORT

2,718

The location listed is an ACS office.  The location of the breach was not reported.

The luggage of an employee of ACS was stolen during airline travel.  The bag contained a hard drive that may have included names, addresses, Social Security numbers and dates of birth.  The information was obtained from the State of Delaware Court System.

 
Information Source:
Dataloss DB
records from this breach used in our total: 2,718

July 24, 2007 St. Vincent Hospital, Verus, Inc.
Indianapolis, Indiana
MED DISC

51,000

Saint Vincent used subcontractor Verus Inc. to set up an online bill payment for patients.  For a "brief" period of time, personal information was left unprotected and available online.  The security lapse compromised names, addresses and Social Security numbers.

 
Information Source:
Dataloss DB
records from this breach used in our total: 51,000

Breach Total
815,842,526 RECORDS BREACHED
(Please see explanation about this total.)
from 4,488 DATA BREACHES made public since 2005
Showing 3551-3600 of 4488 results


X

Sign In!

Loading