Chronology of Data Breaches
Security Breaches 2005 - Present

Posted Date: April 20, 2005
Updated Date: December 31, 2013

Is this your first visit to our Chronology of Data Breaches?

  • Read our FAQ about what we define as a breached record, how we calculate the "total" records breached, our data sources, state breach notice laws, studies and other resources

  • Learn how to use our Chronology and take advantage of its sophisticated search and sort features

  • Get our RSS Feed to see when we add new breaches to the list

What would you like to do?


Click or unclick the boxes then select go.


Select features, then click GO.



Help Guide

Can't find the sort feature you're looking for? Click here to download a CSV file of the data breach list as it exisits today.

display_id:page_1

display_id:page_1

Breach Total
816,044,756 RECORDS BREACHED
(Please see explanation about this total.)
from 4,506 DATA BREACHES made public since 2005
Date Made Publicsort ascending Name Entity Type
June 18, 2007 Parisexposed.com
Bellevue, Washington
BSO DISC

750

Investigation by The Smoking Gun Web site said that by changing a few characters on the web page URL it was possible to see the subscriber's name, email address, password, phone number, mailing address and credit card number.

 
Information Source:
Dataloss DB
records from this breach used in our total: 750
June 18, 2007 Shamokin Area School District
Coal Township, Pennsylvania
EDU DISC

Unknown

A local newspaper employee gained unauthorized access to the Shamokin Area School District's computer database. It is the same system that stores students' personal information, including Social Security numbers. That newspaper employee brought the security flaw to the attention of school officials.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0
June 18, 2007 Texas A&M University
Corpus Christi, Texas
EDU PORT

8,000

A professor vacationing off the coast of Africa took data with him on a small computer storage device which was lost or stolen. It is thought to contains SSNs and dates of birth for students enrolled in the spring, summer and fall semesters of 2006

 
Information Source:
Dataloss DB
records from this breach used in our total: 8,000
June 15, 2007 Ohio state workers
Columbus, Ohio
GOV PORT

1,000,000

(888) 644-6648(taped-message), (877) 742-5622 (Ohio Consumers' Counsel) or (800) 267-4474

A backup computer storage device with the names and Social Security numbers of every state worker was stolen out of a state intern's car. The tape, which was stolen in June, contains personally identifiable information of nearly 84,000 current and former Ohio state employees and more than 47,000 state taxpayers.

UPDATE (6/20/07) : The storage device also had the names and Social Security numbers of 225,000 taxpayers.

UPDATE (6/22/07) : Previous news stories reported smaller amounts, but the most recent news story shows 500,000.

UPDATE (7/12/07) The State of Ohio increased the data theft estiamte to one million.

 
Information Source:
Dataloss DB
records from this breach used in our total: 1,000,000
June 14, 2007 Division of Workforce Services
Salt Lake City, Utah
GOV UNKN

20,000

(801) 281-1267

Children's Social Security numbers are believed to have been compromised by identity thieves.

 
Information Source:
Media
records from this breach used in our total: 20,000
June 14, 2007 Hamburger Hamlet Restaurant
Los Angeles, California
BSO INSD

40

Former waitress made off with the credit or debit card numbers of at least half a dozen patrons - and possibly as many as 40. Already, about $16,300 in unauthorized charges have been linked to the scam.

 
Information Source:
Media
records from this breach used in our total: 40
June 14, 2007 Georgia Tech University
Atlanta, Georgia
EDU DISC

23,000 Not included in Total because it's not clear SSNs or account numbers were exposed.

An electronic file containing the personal information of current and former Georgia Tech students was exposed briefly.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0
June 14, 2007 Lynchburg City
Lynchburg, Virginia
GOV DISC

1,200 Not included in total because it's not clear SSNs or account numbers were exposed.

Personal information of Lynchburg city employees and retirees was accidentally posted on the city's website among that information employee's prescription medications.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0
June 11, 2007 Pfizer
New York, New York
BSO DISC

17,000

866-274-3891

Installation of certain file sharing software on a Pfizer laptop, exposed files containing names, Social Security numbers, addresses and bonus information of present and former Pfizer colleagues. Investigation revealed that certain files containing data were accessed and copied.

 
Information Source:
Dataloss DB
records from this breach used in our total: 17,000
June 11, 2007 Grand Valley State University
Allendale, Michigan
EDU PORT

3,000

Jann Joseph (616) 331-2110

A flash drive containing confidential information was stolen. Social Security numbers of current and former students were on the flash drive, stolen from the English department.

 
Information Source:
Dataloss DB
records from this breach used in our total: 3,000
June 9, 2007 Concord Hospital, Verus Inc.
Concord, New Hampshire
MED DISC

9,297

Contact mhanna@cmonitor.com for more information.

Patient names, addresses, dates of birth and Social Security numbers were exposed on the internet for a period of time.  A subcontractor names Verus that handles Concord's online billing was responsible for the breach.

UPDATE (6/20/07): The Washington-based company that managed Concord's online billing system was fired. Hospital officials now are asking for an audit to verify that Verus Incorporated has removed all of its patient information from its servers.

 
Information Source:
Dataloss DB
records from this breach used in our total: 9,297
June 9, 2007 Verus Inc., Concord Hospital
,
MED DISC

9,297

Patient names, addresses, Social Security numbers and dates of birth were unprotected on the Internet. A subcontractor named Verus that handles Concord's online billing was responsible for the breach.

 
Information Source:
Dataloss DB
records from this breach used in our total: 9,297
June 8, 2007 University of Virginia
Charlottesville, Virginia
EDU HACK

5,735

http://www.virginia.edu/uvatoday/newsRelease.php?id=2217, identity-assistance@virginia.edu, (866) 621-5948

A breach in one of the computer applications resulted in exposure of sensitive information belonging to current and former U.Va. faculty members. The information included names, Social Security numbers and dates of birth. The investigation has revealed that on 54 separate days between May 20, 2005, and April 19, 2007, hackers tapped into the records of 5,735 faculty members.

 
Information Source:
Dataloss DB
records from this breach used in our total: 5,735
June 8, 2007 University of Iowa
Iowa City, Iowa
EDU HACK

1,100

Social Security numbers of faculty, students and prospective students were stored on the Web database program that was compromised.

 
Information Source:
Dataloss DB
records from this breach used in our total: 1,100
June 6, 2007 Cedarburg High School
Cedarburg, Wisconsin
EDU DISC

Unknown

Students obtained names, addresses and Social Security numbers and might have accessed personal bank account information of current and former district employees.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0
June 6, 2007 Dearfield Medical Building
Greenwich, Connecticut
MED PHYS

Unknown

A box was discovered at inside a trash bin in May and contains information about lab tests and insurance approvals as well as other medical issues, documents are not medical charts, but do contain patient names and contact information.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0
June 5, 2007 vFinance Investments Inc.
Boca Raton, Florida
BSF HACK

29,000

A database that contained customer information was accessed through the www.vfinance.com website by an unauthorized person. The goal of the attack seems to have been to deface the website.  

 
Information Source:
Dataloss DB
records from this breach used in our total: 29,000
June 4, 2007 Stevens Hospital
Edmonds, Washington
MED DISC

550

 (425) 673-3745

Personal information including names, addresses, and Social Security numbers were exposed online due to a lapse in the data security procedures by a subcontractor. An Internet search engine was able to access the information while the subcontractor's laptop was unsecured.

 
Information Source:
Dataloss DB
records from this breach used in our total: 550
June 4, 2007 GFK NOP LLC
New York, New York
BSO PORT

Unknown

An employee's laptop was stolen from her car on May 29.  A payroll-related Excel file that contained the names, Social Security numbers, dates of birth, state of residence and base rate of pay for employees.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0
June 3, 2007 Gadsden State Community College
College Gadsden, Alabama
EDU PHYS

400

Students who took an Art Appreciation class at the Ayers Campus between 2005 and 2006 had their names, grades and Social Security numbers scattered across a local business' driveway.

 
Information Source:
Dataloss DB
records from this breach used in our total: 400
June 1, 2007 Fresno County, Refined Technologies Inc., DHL
Fresno, California
GOV HACK

10,000

A missing computer disk contains names, addresses and Social Security numbers. The County sent it by courier to a software vendor's office in San Jose to determine workers' eligibility for health care benefits. The software company, Refined Technologies Inc., said they never received the disk. The courier service, DHL, told County officials that the file was delivered May 10, though the County didn't require anyone to sign for the delivery.

 
Information Source:
Dataloss DB
records from this breach used in our total: 10,000
June 1, 2007 Jax Federal Credit Union
Jacksonville, Florida
BSF DISC

7,766

Social Security numbers and account numbers of clients were accidentally posted on the Internet, then indexed by Google. JFCU was transmitting information to a printer for a preapproved auto loan mailing when the information was picked up by Google from the printer's Web site. JFCU normally transmits information on an encrypted disk delivered by courier, but when the printer couldn't open the disk, the information was sent again, but wasn't encrypted and included Social Security numbers and account numbers.

 
Information Source:
Dataloss DB
records from this breach used in our total: 7,766
June 1, 2007 Northwestern University
Evanston, Illinois
BSO DISC

4,000

c-loebbaka@northwestern.edu

Files containing personal information of students and applicants were available online.

 
Information Source:
Dataloss DB
records from this breach used in our total: 4,000
June 1, 2007 JAX Federal Credit Union
Jacksonville, Florida
BSF DISC

7,500

Auto loan mailing list information that was being transmitted to a printer was picked up by Google through the printer's website. Social Security numbers and account numbers were exposed. The information was supposed to be encrypted.

 
Information Source:
Dataloss DB
records from this breach used in our total: 7,500
May 31, 2007 Priority One Credit Union
South Pasadena, California
BSF DISC

Unknown

Priority One Credit Union sent out election ballots to members with Social Security numbers and account numbers printed on the outside of the envelopes

 
Information Source:
Dataloss DB
records from this breach used in our total: 0
May 30, 2007 OfficeTeam
Manchester, New Hampshire
BSO DISC

237

A staffing professional from OfficeTeam sent an email to individuals. The email included the email addresses and Social Security numbers of all the recipients of the email. At least 237 New Hampshire residents were affected by the incident, but the total number of individuals affected nationwide was not reported.

 
Information Source:
Dataloss DB
records from this breach used in our total: 237
May 29, 2007 Mytreo.net
Sunnyvale, California
BSR UNKN

679

The location listed is the headquarters of Palm Inc. Mytreo.com is a division of Palm.

Mytreo.net store customers may have had their personal information compromised. An individual may have viewed names, Social Security numbers, addresses and encrypted credit card information. The criminal had not been caught at the time of the report, and their method for accessing customer information was not revealed.

 
Information Source:
Dataloss DB
records from this breach used in our total: 679
May 26, 2007 Cover Tennessee
Nashville, Tennessee
MED DISC

279

A computer error at the Cover Tennessee health insurance program caused small business owners who chose not to print out their forms from the Web site to have their personal information including Social Security numbers added to the next user's printout request.

 
Information Source:
Dataloss DB
records from this breach used in our total: 279
May 25, 2007 North Carolina Department of Transportation
Raleigh, North Carolina
GOV UNKN

25,000

https://apps.dot.state.nc.us/pio/releases/details.aspx?r=1179

A computer server used to back up employee identification badge records that included the names and Social Security numbers of NCDOT employees, contractors and other state employees was compromised.

 
Information Source:
Dataloss DB
records from this breach used in our total: 25,000
May 25, 2007 Booker T. Washington Community Center
Auburn, New York
NGO PORT

Unknown

A laptop computer with personal information of individuals who applied for Family Health Plus or Child Health Plus state health insurance program benefits was recovered when a woman tried to sell it at a pawn shop.

 
Information Source:
Media
records from this breach used in our total: 0
May 24, 2007 Beacon Medical Services
Aurora, Colorado
MED DISC

5,000

Private medical and financial information including patient records from at least 10 Colorado clinics and hospitals, and one hospital in Peoria, Illinois that should have been only accessible through VPN access were inadvertently available on the Internet.

 
Information Source:
Dataloss DB
records from this breach used in our total: 5,000
May 24, 2007 Home Depot
Atlanta, Georgia
BSR PORT

204

A consultant's laptop was stolen. It contained the names and Social Security numbers of Home Depot associates.

 
Information Source:
Dataloss DB
records from this breach used in our total: 204
May 23, 2007 Waco Independent School District
Waco, Texas
EDU HACK

17,400

Two high school seniors recently hacked into the district's computer network potentially compromising the personal information including Social Security numbers of students and employees.

 
Information Source:
Dataloss DB
records from this breach used in our total: 17,400
May 23, 2007 Check into Cash
Champaign, Illinois
BSF PHYS

Unknown

Consumer loan documents and related reports were found in a trash bin behind the shopping center where Check into Cash is located. Documents contained Social Security numbers, addresses, copies of driver's licenses and other personal information of the company's customers.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0
May 23, 2007 Mountain Xpress (Greenline Media Inc.)
Asheville, North Carolina
BSO HACK

6,540

Someone launched a dictionary attack on the email server. The hacker obtained a user name and password that allowed access to an internal database that stored credit card numbers.

 
Information Source:
Dataloss DB
records from this breach used in our total: 6,540
May 22, 2007 University of Pittsburgh Medical Center
Pittsburgh, Pennsylvania
MED DISC

6,000

UPMC mailed a fundraising letter to 6,000 former patients on May 7. The donor response cards inadvertently included each individual's SSN in the tracking code, visible through the envelope window.

 
Information Source:
Dataloss DB
records from this breach used in our total: 6,000
May 22, 2007 University of Colorado, Boulder
Boulder, Colorado
EDU HACK

45,000

 Hotline: (303) 492-1655

A hacker launched a worm that attacked a University computer server used by the College of Arts and Sciences. Information for 45,000 students enrolled at UC-B from 2002 to the present was exposed, including SSNs. The breach was discovered May 12. Apparently anti-virus software had not been properly configured.

 
Information Source:
Dataloss DB
records from this breach used in our total: 45,000
May 21, 2007 Columbia Bank
Fair Lawn, New Jersey
BSF HACK

Unknown

Columbia Bank notified its online banking customers of a hacking incident. Names and SSNs were accessed, but account numbers and passwords were not.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0
May 20, 2007 Northwestern University
Chicago, Illinois
EDU PORT

Unknown

A laptop belonging to the financial aid office was stolen. It contained SSNs and other information of some alumni.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0
May 19, 2007 Texas Commission on Law Enforcement Standards and Education
Austin, Texas
GOV PORT

230,000

A laptop computer was stolen from the state agency that licenses police officers. It contained information on every licensed peace officer in Texas, including SSNs, driver's license numbers, and birth dates.

 
Information Source:
Dataloss DB
records from this breach used in our total: 230,000
May 19, 2007 Illinois Dept. of Financial and Professional Regulation
Chicago, Illinois
GOV HACK

300,000

For information about breach www.idfpr.com

A computer server in the office of the Illinois Dept. of Financial and Professional Regulation was breached earlier this year. SSNs, tax numbers, and addresses of banking and real estate licensees and applicants were exposed. The hacking incident was discovered May 3.

 
Information Source:
Dataloss DB
records from this breach used in our total: 300,000
May 19, 2007 Stony Brook University
Stony Brook, New York
EDU DISC

90,000

http://www.stonybrook.edu/sb/disclosure/, Call Center, (866) 645-5830 (available until July 15, 2007)

SSNs and university ID numbers of faculty, staff, students, alumni, and other community members were visible via the Google search engine after they were posted to a Health Sciences Library Web server April 11. It was discovered and removed 2 weeks later.

 
Information Source:
Dataloss DB
records from this breach used in our total: 90,000
May 18, 2007 Alcatel-Lucent
Murray Hill, New Jersey
BSO PORT

Unknown

The telecom and networking equipment maker notified employees that a computer disk containing personal information was lost in transit to Aon Corp., another vendor. It contained names, addresses, SSNs, birth dates, and salary information of current and former employees.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0
May 18, 2007 Yuma Elementary School District No. 1
Yuma, Arizona
EDU PHYS

91

SSNs of 91 substitute teachers were stolen May 7 when a district employee's car was broken into and a brief case was taken containing payroll reports. The reports did not include bank account information..

 
Information Source:
Dataloss DB
records from this breach used in our total: 91
May 18, 2007 Indianapolis Public Schools
Indianapolis, Indiana
EDU DISC

7,500 (No SSNs or financial information reported)

A local newspaper reporter discovered that sensitive personal information was accessible online, including employee performance reviews, student grade books, student special education needs, and essays.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0
May 17, 2007 Georgia Division of Public Health
Atlanta, Georgia
GOV HACK

140,000

The GA Dept. of Human Resources notified parents of infants born between 4/1/06 and 3/16/07 that paper records containing parents' SSNs and medical histories -- but not names or addresses -- were discarded without shredding.

 
Information Source:
Dataloss DB
records from this breach used in our total: 140,000
May 15, 2007 IBM
Armonk, New York
BSO PORT

2226

An unnamed IBM vendor lost computer tapes containing information on IBM employees -- mostly ex-workers -- including SSNs, dates of birth, and addresses. They went missing in transit frm a contractor's vehicle. At least 1468 New Hampshire and 758 Maine residents were affected, but the total number of affected individuals nationwide was not revealed.

 
Information Source:
Dataloss DB
records from this breach used in our total: 2,226
May 14, 2007 Community College of Southern Nevada
North Las Vegas, Nevada
EDU HACK

197,000

A virus attacked a computer server and could have allowed a hacker to access students' personal information including names, Social Security numbers and dates of birth, but the school is not certain whether anything was actually stolen from the school's computer system.

 
Information Source:
Dataloss DB
records from this breach used in our total: 197,000
May 12, 2007 Goshen College
Goshen, Indiana
EDU HACK

7,300

http://www.goshen.edu/news/pressarchive/05-11-07-security.html, info@goshen.edu, (866) 877-3055  

A hacker accessed a college computer that contained the names, addresses, birth dates, Social Security numbers and phone numbers of students and information on some parents with the suspected motivation of using the system to send spam e-mails.

 
Information Source:
Dataloss DB
records from this breach used in our total: 7,300
May 11, 2007 University of California, Irvine Medical Center
Irvine, California
MED PHYS

287

About 1,600 file boxes stored in an off-site university warehouse were discovered missing. Some of the files included patients' names, addresses, Social Security numbers and medical record numbers.

 
Information Source:
Media
records from this breach used in our total: 287
Breach Total
816,044,756 RECORDS BREACHED
(Please see explanation about this total.)
from 4,506 DATA BREACHES made public since 2005

Pages

Showing 3651-3700 of 4506 results