Chronology of Data Breaches
Security Breaches 2005 - Present

Posted Date: April 20, 2005
Updated Date: December 31, 2013

Is this your first visit to our Chronology of Data Breaches?

  • Read our FAQ about what we define as a breached record, how we calculate the "total" records breached, our data sources, state breach notice laws, studies and other resources

  • Learn how to use our Chronology and take advantage of its sophisticated search and sort features

  • Get our RSS Feed to see when we add new breaches to the list

What would you like to do?


Click or unclick the boxes then select go.


Select features, then click GO.



Help Guide

Can't find the sort feature you're looking for? Click here to download a CSV file of the data breach list as it exisits today.
Breach Total
815,842,526 RECORDS BREACHED
(Please see explanation about this total.)
from 4,489 DATA BREACHES made public since 2005

Save or Print PDF of Entire Breach List including introduction.Save or Print a PDF of Entire Breach List (including introductory FAQ)

Filter breach list before saving or printing PDF. Conduct a search of the Chronology using its sorting features, and Save or Print a PDF of your search results (Select filters)

If you do not have access to PDF, you can print the Chronology in landscape view.

Date Made Public Name Entity Type
May 6, 2014 Molina Healthcare
Long Beach, California
MED PHYS

5,000

Molina Healthcare has communicated to former members about a data breach that included their Social Security numbers.

Molina said it contracted with a printing company to print postcards that contained information about benefits offered. Unfortunately the postcards did not contain names of the individuals, but addresses and Social Security numbers of the individual.

 

 

 
Information Source:
Media
records from this breach used in our total: 5,000

September 23, 2009 Eastern Kentucky University
Richmond, Kentucky
EDU DISC

5,045

(859) 622-7777, ecert@eku.edu

The names and Social Security numbers of about 5,000 Eastern Kentucky University faculty, staff and student workers were posted inadvertently on the Internet last September, where they have been displayed for a year.

 
Information Source:
Dataloss DB
records from this breach used in our total: 5,045

January 6, 2013 Oldcastle APG, Inc.
Atlanta, Georgia
BSR PORT

5,083

A laptop was stolen from an employee's car on or around December 10.  APG employees may have had their names, Social Security numbers, bank account information, and other information exposed.  

 
Information Source:
Databreaches.net
records from this breach used in our total: 5,083

October 29, 2007 New England School of Law
Boston, Massachusetts
EDU DISC

5,098

Personal information of alumni was available on the page of the School's website through a Google Internet search. The information included names, Social Security numbers, dates of birth, addresses and telephone numbers. The information was immediately removed from the website after the mid-October discovery.

 
Information Source:
Dataloss DB
records from this breach used in our total: 5,098

July 10, 2008 Williamson County (TN) Schools
Franklin, Tennessee
EDU DISC

5,100

Social Security numbers and other personal information of 4,000 children were posted on the Internet.

UPDATE 7/11/08 : 5, 100 students' information may be compromised.

 
Information Source:
Dataloss DB
records from this breach used in our total: 5,100

February 16, 2007 Brunswick Corp.
Lake Forrest, Illinois
BSR HACK

5,100

An unauthorized person obtained access to employee information stored on Brunswick's computer systems. Names, Social Security numbers and addresses may have been exposed during the April incident.

 
Information Source:
Dataloss DB
records from this breach used in our total: 5,100

January 26, 2007 Vanguard University
Costa Mesa, California
EDU STAT

5,105 financial aid applicants

(800) 920-7312

On Jan. 16, 2 computers were discovered stolen from the financial aid office. Data included names, SSNs, dates of birth, phone numbers, driver's license numbers, and lists of assets.  Affected financial aid applicants from 2005-2006 and 2006-2007 school years.

 
Information Source:
Dataloss DB
records from this breach used in our total: 5,105

September 21, 2007 Citigroup, ABN Amro Mortgage Group
Norridge, Illinois
BSF DISC

5,208

Three spreadsheets containing 5,200 Social Security numbers and other personal details about customers were inadvertently leaked over an online file-sharing network by a former employee. Tiversa, a company that monitors P2P networks, found Excel spreadsheets from the desktop of a financial analyst at ABN Amro Mortgage Group running LimeWire. Although Tiversa found over 10,000 files, deduplication revealed only 5,208 unique Social Security numbers, along with names and what type of mortgage each customer had.

 
Information Source:
Media
records from this breach used in our total: 5,208

May 25, 2010 City of Charlotte
Charlotte, North Carolina
GOV PHYS

5,220

(888) 435-6031

The city of Charlotte says the personal information of 5,220 current and former city employees and elected officials has been lost. The loss affects individuals who received health insurance from the city in early 2002. Two DVDs containing the Social Security numbers of the affected individuals failed to arrive at the offices of Towers Watson & Co., the city’s benefits consulting firm, in Atlanta. The discs also contained prescription-drug information for five individuals.

 
Information Source:
Dataloss DB
records from this breach used in our total: 5,220

October 31, 2013 Paragon Benefits Inc, TSYS Employee Health Plan
Columbus, Georgia
BSO INSD

5,232

An employee of a temporary staffing agency who was working at Paragon Benefits Inc. emailed personal information to his own Gmail account for fraudulent purposes.  The information came from TSYS employees. The dishonest employee was arrested and charged with felony identity theft.  Two spreadsheets that contained names, Social Security numbers, dates of birth, and home addresses were sent.  At least 1,000 TSYS former employees and 11 family members had their information exposed.

 
Information Source:
Media
records from this breach used in our total: 5,232

October 18, 2007 First Banks Inc, iWire Inc
Jericho, New York
BSF HACK

5,234

iWire's Payroll Passport/IC Settlement database was breached on September 29.  A database of cardholder account records was accessed.  It contained Social Security numbers.

 
Information Source:
Dataloss DB
records from this breach used in our total: 5,234

April 28, 2010 The Medical Center
Bowling Green, Kentucky
MED PORT

5,418

The Medical Center at Bowling Green is notifying 5,418 patients whose medical information may have been breached when a computer hard drive was stolen. The computer hard drive was taken from the hospital's mammography suite and contained information from patients who underwent bone density testing between 1997 and 2009.

 
Information Source:
Dataloss DB
records from this breach used in our total: 5,418

March 13, 2010 Beecher Carlson
Boston, Massachusetts
BSO PORT

5,432

Two laptops were stolen from employees attending an off-site company meeting in January. The laptops contained names and Social Security numbers for employees of Beecher Carlson’s clients, including 1,012 people who live in Massachusetts.

UPDATE (8/17/10): The number is closer to 5,432 with an additional 2,824 living in New York, 66 living in Maine and 1,530 living in Maryland.

 
Information Source:
Databreaches.net
records from this breach used in our total: 5,432

April 5, 2010 John Muir Physician Network
Walnut Creek, California
MED PORT

5,450

John Muir Health, the Walnut Creek-based hospital system, has begun notifying 5,450 patients by mail of a potential breach of their personal and health information. Two months ago two laptop computers at the John Muir Physician Network Perinatal office in Walnut Creek were stolen. The laptops were password protected and contained data in a format that would not be readily accessible. External vendors and internal experts discovered that the missing laptops contained personal and health information going back more than three years.

 
Information Source:
Dataloss DB
records from this breach used in our total: 5,450

December 12, 2005 Iowa State University
Ames, Iowa
EDU HACK

5,500

At least one ISU computer was hacked. Social Security numbers and encrypted credit card numbers may have been obtained. Between 2,000 and 2,500 Social Security numbers are at risk and between 2,300 and 3,000 credit card numbers are at risk. Student, alumni, employee and volunteer information was put at risk. 

 
Information Source:
Dataloss DB
records from this breach used in our total: 5,500

July 21, 2007 University of Michigan
Ann Arbor, Michigan
EDU HACK

5,500

University databases were hacked. Names, addresses, Social Security numbers, birth dates, and in some cases, the school districts where former students were teaching were exposed.

 
Information Source:
Dataloss DB
records from this breach used in our total: 5,500

October 22, 2013 Seton McCarthy Clinic, Seton Healthcare Family
Austin, Texas
MED PORT

5,500

The clinic theft of a laptop on October 4 resulted in the exposure of patient information.  The stolen laptop contained names, Social Security numbers, addresses, phone numbers, dates of birth, Seton medical record numbers, patient account numbers, diagnosis information, immunization information, and insurance information of patients who visited the Seton Total Health Partners program, Seton McCarthy, Seton Topfer, and Seton Kozmetsky community health centers.

 
Information Source:
Media
records from this breach used in our total: 5,500

April 30, 2007 Home Depot
Atlanta, Georgia
BSR PORT

5,563

A laptop was stolen on March 23. Home Depot associates may have had their Social Security number and amount of Home Depot incentive program bonus exposed. Names and addresses were not on the laptop. Employees were notified on April 30.

 
Information Source:
Dataloss DB
records from this breach used in our total: 5,563

April 19, 2007 New Mexico State University
Las Cruces, New Mexico
EDU DISC

5,600

The names and Social Security numbers of students who registered online to attend their commencement ceremonies from 2003 to 2005 were accidentally posted on the school's Web site when an automated program moved what was supposed to be a private file into a public section of the Web site.

 
Information Source:
Dataloss DB
records from this breach used in our total: 5,600

January 15, 2011 South Carolina State Budget and Control Board Employee Insurance Program
Columbia, South Carolina
GOV HACK

5,600

People who are covered by South Carolina's state insurance program may have had their personal information obtained. A virus affected one of the Insurance Program's computers. The breach occurred sometime between November 8 and November 18. Insured current and former employees, dependents and survivors may have had their names, Social Security numbers, health information, addresses and dates of birth exposed.

 
Information Source:
Databreaches.net
records from this breach used in our total: 5,600

May 29, 2013 University of Florida
Gainesville, Florida
MED INSD

5,682

The University of Florida's statement can be read here: http://news.ufl.edu/2013/05/29/potential-identity-theft-2/

A dishonest employee working at University of Florida Health Pediatrics at Tower Square is suspected of participating in an identity theft ring.  The former employee had access to pediatric patient records that included names, Social Security numbers, addresses, and dates of birth. The University of Florida learned about the issue on April 11.

 
Information Source:
Media
records from this breach used in our total: 5,682

June 25, 2013 Foundations Recovery Network, Sebastopol Sea Serpents
Nashville, Tennessee
MED PORT

5,690

The June 15 theft of an employee's laptop resulted in the exposure of patient information.  Names, Social Security numbers, dates of birth, addresses, medical information, and telephone numbers were on the laptop.

UPDATE (08/28/2013): A total of 5,690 patients were affected by the breach.

UPDATE (11/25/2013): Level of care, dates of service, health insurance information, and other medical information were also on the laptop.

 
Information Source:
PHIPrivacy.net
records from this breach used in our total: 5,690

October 22, 2008 KRM Management
Fresno, California
BSO PORT

5,700

Offices of KRM Management were broken into and stole two dozen computers, on one of those hard drives were Social Security numbers, birthdates and addresses. One missing laptop computer is causing the most concern. It contained sensitive and confidential information on close to 5700 city employees who filed worker's comp claims dating back to 1973. Hundreds are or were police officers.

 
Information Source:
Dataloss DB
records from this breach used in our total: 5,700

March 14, 2012 Humboldt State University
Arcata, California
EDU DISC

5,700

The personal information of students was accidentally sent in an email attachment as a response to a request for data.  The mistake was noticed immediately and all copies of the file were removed from the system of the party requesting data.  Student names, addresses, and Social Security numbers were exposed. Humboldt State University warned students to be vigilant about phishing, but stated that it is unlikely the data was misused.

 
Information Source:
Databreaches.net
records from this breach used in our total: 5,700

June 8, 2007 University of Virginia
Charlottesville, Virginia
EDU HACK

5,735

http://www.virginia.edu/uvatoday/newsRelease.php?id=2217, identity-assistance@virginia.edu, (866) 621-5948

A breach in one of the computer applications resulted in exposure of sensitive information belonging to current and former U.Va. faculty members. The information included names, Social Security numbers and dates of birth. The investigation has revealed that on 54 separate days between May 20, 2005, and April 19, 2007, hackers tapped into the records of 5,735 faculty members.

 
Information Source:
Dataloss DB
records from this breach used in our total: 5,735

September 1, 2007 Johns Hopkins Hospital
Baltimore, Maryland
MED STAT

5,783

A desktop computer containing the personal information of 5,783 Johns Hopkins Hospital patients was stolen. The computer included patients' names, Social Security numbers, birth dates and medical histories.

 
Information Source:
Dataloss DB
records from this breach used in our total: 5,783

June 22, 2005 Eastman Kodak
Rochester, New York
BSO PORT

5,800

A password-protected laptop containing former employee names, Social Security numbers, birth dates, and benefits information was stolen from a consultant's car trunk. The consulting company has been identified as Hewitt Associates. Kodak sent letters and offered one-year of credit monitoring services and identity theft insurance covering up to $50,000 in fraud.

 
Information Source:
Dataloss DB
records from this breach used in our total: 5,800

November 7, 2006 City of Lubbock
Lubbock, Texas
GOV HACK

5,800

Hackers broke into the city's web site and compromised the online job application database, which included Social Security numbers.

 
Information Source:
Dataloss DB
records from this breach used in our total: 5,800

August 10, 2007 Loyola University
Chicago, Illinois
EDU STAT

5,800

A computer with the Social Security numbers of 58 hundred students was discarded before its hard drive was erased, forcing the school to warn students about potential identify theft.

 
Information Source:
Dataloss DB
records from this breach used in our total: 5,800

January 16, 2006 New York City Teachers Retirement System
New York, New York
GOV INSD

5,800

A dishonest employee and two others were arrested for their part in writing and cashing fraudulent checks. Police found fraudulent checks with the names of 19 pension members and beneficiaries in the apartment of the former employee. The employee was originally hired as a temp and had worked for the company for three years. He had access to the information of 5,800 pension members.

 
Information Source:
Dataloss DB
records from this breach used in our total: 5,800

May 21, 2014 Hanover Foods Corporation
Hanover, Pennsylvania
BSO DISC

5,867

Hanover Foods Inc, who is a Paytime client has learned that over 5,800 of it's employees were part of the over 216,000 individuals affected by the Paytime breach. Hanover's representing law firm has also sent a letter to those affected and has reported the incident to those individuals affected.

The information breached included names, Social Security numbers, direct deposit bank account information, dates of birth, hire dates, wage information, home and cell phone numbers, and other payroll information when hackers obtained usernames and passwords associated with the Paytime system.

 
Information Source:
Maryland Attorney General
records from this breach used in our total: 5,867

May 28, 2005 Merlin Information Services
Kalispell, Montana
BSO INSD

5,875

An individual fraudulently obtained personal information about thousands of victims from Merlin Information Services and used that information to commit identity theft by opening up credit card accounts. He posed as a private investigator, thus giving Merlin the impression that he was a legitimate user of their services. He conducted at least 1,873 queries through the Merlin system to obtain information on approximately 5,875 people.

 
Information Source:
Media
records from this breach used in our total: 5,875

June 10, 2005 Federal Deposit Insurance Corp. (FDIC)
Washington, District Of Columbia
GOV UNKN

6,000

Personal information including the names, birthdays, salaries, and Social Security numbers of former Federal Deposit Insurance Corporation employees was stolen.  Some of the information was used for fraudulent purposes.  Affected employees from as far back as July 2002 were notified.

 
Information Source:
Dataloss DB
records from this breach used in our total: 6,000

February 18, 2006 University of Northern Iowa
Cedar Falls, Iowa
EDU HACK

6,000

A laptop computer holding W-2 forms of student employees and faculty was illegally accessed.  The University warned students and faculty to monitor their bank accounts.

 
Information Source:
Dataloss DB
records from this breach used in our total: 6,000

August 26, 2006 University of South Carolina
Columbia, South Carolina
EDU HACK

6,000

TheState.com reported that the University of South Carolina warned 6,000 current and former students that their information, including Social Security numbers and birth dates, may have been breached when a server was accessed from outside the system.

 
Information Source:
Media
records from this breach used in our total: 6,000

February 9, 2010 Ohio Department of Administrative Services
Columbus, Ohio
GOV DISC

6,000

Personal banking information for 6,000 state employees was inadvertently included in an e-mail distributed to dozens of payroll officers of state agencies. The e-mail from an unnamed administrative-services employee included an attached spreadsheet listing 6,000 state employees whose bank accounts are to be moved from National City Bank, which was bought by PNC Bank.

 
Information Source:
Media
records from this breach used in our total: 6,000

August 11, 2006 Madrona Medical Group
Bellingham, Washington
MED INSD

At least 6,000 patients

On Dec. 17, 2005, a former employee accessed and downloaded patient files onto his laptop computer. Files included name, address, SSN, and date of birth. The former employee has since been arrested.

 
Information Source:
Dataloss DB
records from this breach used in our total: 6,000

April 5, 2007 DCH Health Systems
Tuscaloosa, Alabama
MED PORT

6,000

An encrypted disc and hardcopy documents containing retirement benefit information including Social Security numbers and other personal information were lost. Tracking data indicates the package was delivered to the addressee's building, but the intended recipient never received the package.

 
Information Source:
Dataloss DB
records from this breach used in our total: 6,000

April 24, 2007 Baltimore County Department of Health
Baltimore, Maryland
GOV PORT

6,000

A laptop containing personal information including names, date of birth, Social Security numbers, telephone numbers and emergency contact information of patients who were seen at the clinic between Jan. 1, 2004 and April 12 was stolen.

 
Information Source:
Dataloss DB
records from this breach used in our total: 6,000

May 22, 2007 University of Pittsburgh Medical Center
Pittsburgh, Pennsylvania
MED DISC

6,000

UPMC mailed a fundraising letter to 6,000 former patients on May 7. The donor response cards inadvertently included each individual's SSN in the tracking code, visible through the envelope window.

 
Information Source:
Dataloss DB
records from this breach used in our total: 6,000

December 2, 2008 US Army
Washington, District Of Columbia
GOV PORT

6,000

A possible security breach regarding the personal information stored on a lost laptop computer may have affected more than 6,000 beneficiaries. Names, Social Security numbers and health information of at least 26 individuals were stored on the laptop. However, information on approximately 6,000 other patients also may have been on the missing computer.

 
Information Source:
Dataloss DB
records from this breach used in our total: 6,000

June 30, 2009 Sutter Health
Sacramento, California
MED PORT

6,000

Hundreds of current and former employees with Sutter Health had their personal data compromised. The company's Sacramento Sierra region was contacted by a computer repair shop. "The repair people did the right thing and told us they had our laptop", said Sutter Communication Coordinator. The laptop contained names and Social Security numbers of 6,000 Sutter Health workers.

 
Information Source:
Dataloss DB
records from this breach used in our total: 6,000

July 14, 2009 Canyons School District
Cottonwood Heights, Utah
EDU PORT

6,000

Canyons School District officials are investigating the disappearance of a thumb drive that contained the personal information of more than 6,000 current and recent employees. The USB flash drive is believed to have contained employee addresses, phone numbers, dates of birth and Social Security numbers. A district-level worker was using it to transfer data for apparently legitimate, job-related purposes.

 
Information Source:
Dataloss DB
records from this breach used in our total: 6,000

February 12, 2013 J.P. Morgan Chase, Capital One
New York, New York
BSF CARD

6,000

ATMs in New Jersey, Illinois, and Wisconsin were also compromised.

Two men face charges of conspiracy to commit bank fraud, conspiracy to commit access device fraud, and aggravated identity theft after being indicted for attaching skimming devices to ATMs in New York, New Jersey, Illinois, and Wisconsin.  At least nine other people are believed to have participated in the bank fraud scheme.  Over 6,000 J.P. Morgan Chase and Capital One bank accounts were defrauded for over $3 million.

 
Information Source:
Media
records from this breach used in our total: 6,000

April 9, 2013 Connextions, Anthem Blue Cross Blue Shield of Indiana, Anthem Blue Cross Blue Shield of Ohio, Empire Blue Cross Blue Shield of Indiana
Orlando, Florida
MED INSD

6,000

A Connextions employee used Social Security numbers from a number of other organizations for criminal activity.  At least four members of Anthem Blue Cross and Blue Shield were affected by the criminal activity.  The breach was reported on HHS as affecting 4,814 patients, but more were affected.

 
Information Source:
HHS via PHIPrivacy.net
records from this breach used in our total: 6,000

October 31, 2013 Milwaukee Public School District, Express Scripts
Milwaukee, Wisconsin
EDU DISC

6,000

Social Security numbers were printed on the outside of letters that were sent to a third party vendor.  As many as 6,000 letters were sent to MPS Medicare D recipients. 

 
Information Source:
Media
records from this breach used in our total: 6,000

June 6, 2006 ARAMARK Corporation
Atlanta, Georgia
BSO PORT

6,028

The May 5 theft of a laptop resulted in the exposure of personal information of current and former employees.  Social Security numbers and other personal information were lost.

 
Information Source:
Dataloss DB
records from this breach used in our total: 6,028

March 3, 2011 Missouri State University
Springfield, Missouri
EDU DISC

6,030

Nine student lists were accidentally placed on an unsecured server in October and November of 2010. The problem was noticed on February 22. The College of Education lists of students between 2005 and 2009 contained names and Social Security numbers.

 
Information Source:
Databreaches.net
records from this breach used in our total: 6,030

June 7, 2008 East Tennessee State University
Johnson City, Tennessee
EDU STAT

6,200

6,200 people may have had there identities compromised by the theft of a desktop computer. The computer is password protected and files cannot be easily accessed. But there is a small possibility that the information could be compromised.

 
Information Source:
Dataloss DB
records from this breach used in our total: 6,200

November 2, 2006 Intermountain Health Care
Salt Lake City, Utah
MED PORT

6,244

A computer was purchased at a second-hand store, Deseret Industries, that contained the names, Social Security numbers, employment records, and other personal information about Intermountain Health Care employees employed there in 1999-2000.

 
Information Source:
Dataloss DB
records from this breach used in our total: 6,244

Breach Total
815,842,526 RECORDS BREACHED
(Please see explanation about this total.)
from 4,489 DATA BREACHES made public since 2005
Showing 3601-3650 of 4489 results


X

Sign In!

Loading