Chronology of Data Breaches
Security Breaches 2005 - Present

Posted Date: April 20, 2005
Updated Date: December 31, 2013

Is this your first visit to our Chronology of Data Breaches?

  • Read our FAQ about what we define as a breached record, how we calculate the "total" records breached, our data sources, state breach notice laws, studies and other resources

  • Learn how to use our Chronology and take advantage of its sophisticated search and sort features

  • Get our RSS Feed to see when we add new breaches to the list

What would you like to do?


Click or unclick the boxes then select go.


Select features then click GO. To modify your search, check or uncheck the boxes and click GO.


Reset the checkboxes to the default "all selected."

Help Guide

Can't find the sort feature you're looking for? Click here to download a CSV file of the data breach list as it exisits today.

display_id:page_1

display_id:page_1

Breach Total
816,324,756 RECORDS BREACHED
(Please see explanation about this total.)
from 4,517 DATA BREACHES made public since 2005
Date Made Publicsort ascending Name Entity Type
May 19, 2007 Stony Brook University
Stony Brook, New York
EDU DISC

90,000

http://www.stonybrook.edu/sb/disclosure/, Call Center, (866) 645-5830 (available until July 15, 2007)

SSNs and university ID numbers of faculty, staff, students, alumni, and other community members were visible via the Google search engine after they were posted to a Health Sciences Library Web server April 11. It was discovered and removed 2 weeks later.

 
Information Source:
Dataloss DB
records from this breach used in our total: 90,000
May 18, 2007 Alcatel-Lucent
Murray Hill, New Jersey
BSO PORT

Unknown

The telecom and networking equipment maker notified employees that a computer disk containing personal information was lost in transit to Aon Corp., another vendor. It contained names, addresses, SSNs, birth dates, and salary information of current and former employees.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0
May 18, 2007 Yuma Elementary School District No. 1
Yuma, Arizona
EDU PHYS

91

SSNs of 91 substitute teachers were stolen May 7 when a district employee's car was broken into and a brief case was taken containing payroll reports. The reports did not include bank account information..

 
Information Source:
Dataloss DB
records from this breach used in our total: 91
May 18, 2007 Indianapolis Public Schools
Indianapolis, Indiana
EDU DISC

7,500 (No SSNs or financial information reported)

A local newspaper reporter discovered that sensitive personal information was accessible online, including employee performance reviews, student grade books, student special education needs, and essays.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0
May 17, 2007 Georgia Division of Public Health
Atlanta, Georgia
GOV HACK

140,000

The GA Dept. of Human Resources notified parents of infants born between 4/1/06 and 3/16/07 that paper records containing parents' SSNs and medical histories -- but not names or addresses -- were discarded without shredding.

 
Information Source:
Dataloss DB
records from this breach used in our total: 140,000
May 15, 2007 IBM
Armonk, New York
BSO PORT

2226

An unnamed IBM vendor lost computer tapes containing information on IBM employees -- mostly ex-workers -- including SSNs, dates of birth, and addresses. They went missing in transit frm a contractor's vehicle. At least 1468 New Hampshire and 758 Maine residents were affected, but the total number of affected individuals nationwide was not revealed.

 
Information Source:
Dataloss DB
records from this breach used in our total: 2,226
May 14, 2007 Community College of Southern Nevada
North Las Vegas, Nevada
EDU HACK

197,000

A virus attacked a computer server and could have allowed a hacker to access students' personal information including names, Social Security numbers and dates of birth, but the school is not certain whether anything was actually stolen from the school's computer system.

 
Information Source:
Dataloss DB
records from this breach used in our total: 197,000
May 12, 2007 Goshen College
Goshen, Indiana
EDU HACK

7,300

http://www.goshen.edu/news/pressarchive/05-11-07-security.html, info@goshen.edu, (866) 877-3055  

A hacker accessed a college computer that contained the names, addresses, birth dates, Social Security numbers and phone numbers of students and information on some parents with the suspected motivation of using the system to send spam e-mails.

 
Information Source:
Dataloss DB
records from this breach used in our total: 7,300
May 11, 2007 University of California, Irvine Medical Center
Irvine, California
MED PHYS

287

About 1,600 file boxes stored in an off-site university warehouse were discovered missing. Some of the files included patients' names, addresses, Social Security numbers and medical record numbers.

 
Information Source:
Media
records from this breach used in our total: 287
May 11, 2007 Highland Hospital (Rochester, NY)
Rochester, New York
MED PORT

13,000

HighlandHospitalAdmin@urmc.rochester.edu

Two laptop computers, one containing patient information including Social Security numbers, were stolen from a business office. The computers were sold on eBay, and the one containing personal information was recovered.

 
Information Source:
Dataloss DB
records from this breach used in our total: 13,000
May 11, 2007 Student Loan Funding Resources, The Art Institute of California
San Diego, California
BSF HACK

Unknown

A breach on the Student Loan Funding's eCounselor website may have exposed names and Social Security numbers.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0
May 8, 2007 University of Missouri
Columbia, Missouri
EDU HACK

22,396

(866) 241-5619

A hacker accessed a computer database containing the names and Social Security numbers of employees of any campus within the University system in 2004 who were also current or former students of the Columbia campus.

 
Information Source:
Dataloss DB
records from this breach used in our total: 22,396
May 8, 2007 EZCORP, EZPAWN
San Antonio, Texas
BSF PHYS Unknown
Several EZPAWN stores in the San Antonio area exposed customers' personal information by discarding business records in easily accessible trash cans behind stores. The Texas Attorney General decided to take legal action against EZCORP Inc. and its subsidiary EZPAWN. Customer records included promissory notes and bank statements that contained names, addresses, Social Security numbers, driver's license numbers and checking account information.  
Information Source:
Dataloss DB
records from this breach used in our total: 0
May 8, 2007 Jones Beauty College
Dallas, Texas
EDU PHYS

Unknown

The Texas Attorney General filed an enforcement action against the College in March.  Student financial aid forms with Social Security numbers and other personal information had been improperly discarded.  

 
Information Source:
Media
records from this breach used in our total: 0
May 8, 2007 Carus Publishing Company
Petersborough, New Hampshire
BSO HACK

Unknown

Hackers obtained access to customer information located on the Company's website. The breach occurred sometime between April and May. Customer names, addresses, credit card numbers and types of credit cards were downloaded by the hackers.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0
May 7, 2007 Indiana Department of Administration
Indianapolis, Indiana
GOV DISC

Unknown

An employee uploaded a list of certified women and minority business enterprises to the department's Web site and inadvertently included their tax identification numbers, which for some businesses and sole proprietor-ships is the owner's Social Security number. Reports indicate that the number of people affected was no more than a couple hundred.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0
May 7, 2007 Private Tax Practice
Southold, New York
BSF PORT

60

A laptop with client information was stolen on April 27.  Tax return files were on the laptop, though it was encrypted. Client information also included names, addresses and Social Security numbers.

 
Information Source:
Dataloss DB
records from this breach used in our total: 60
May 7, 2007 Arteis
Palo Alto, California
BSO HACK

Unknown

The location listed is Hewlett-Packard Company's headquarters. Hewlett-Packard acquired Arteis in May of 2007.

In January, Arteis discovered that an unauthorized person had accessed certain files. Customer names, addresses and credit card numbers may have been exposed.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0
May 5, 2007 Transportation Security Administration (TSA)
Crystal City, Virginia
GOV PORT

100,000

A computer hard drive containing payroll data from January 2002 to August 2005 including employee names, Social Security numbers, birth dates, bank account and routing information of current and former workers including airport security officers and federal air marshals was stolen.

UPDATE (5/14/07) The American Federation of Government Employees is suing the TSA for the loss of the hard drive. It calls the breach a violation of the Privacy Act.

 
Information Source:
Dataloss DB
records from this breach used in our total: 100,000
May 3, 2007 Maryland Department of Natural Resources
Annapolis, Maryland
GOV PORT

1,433

Personal information of current and retired employees including names and Social Security numbers was downloaded to a thumb drive by an employee who wanted to work at home but was lost en route.

 
Information Source:
Dataloss DB
records from this breach used in our total: 1,433
May 3, 2007 Louisiana State University, E..J. Ourso College of Business
Baton Rogue, Louisiana
EDU PORT

750

A laptop stolen from a faculty member's home contained personally identifiable information including may have included students' Social Security numbers, full names and grades of University students.

 
Information Source:
Dataloss DB
records from this breach used in our total: 750
May 3, 2007 Montgomery College
Conroe, Texas
EDU DISC

Unknown

A new employee posted the personal information of all graduating seniors including names, addresses and Social Security numbers on a computer drive that is publicly accessible on all campus computers.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0
May 1, 2007 Healing Hands Chiropractic
Sterling, Colorado
MED PHYS

Unknown

Hundreds of medical records containing the personal information of chiropractic patients including Social Security numbers, birth dates, addresses and, in some cases, credit card information were thrown into a dumpster “due to lack of office space.”

 
Information Source:
Media
records from this breach used in our total: 0
May 1, 2007 JP Morgan
New York, New York
BSF PHYS

Unknown

Documents containing personal financial data of customers including names, addresses and Social Security numbers were found in garbage bags outside five branch offices in New York.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0
May 1, 2007 Maine State Lottery Commission
Hallowell, Maine
GOV PHYS

Unknown

Documents containing personal information such as names, Social Security numbers, references to workers compensation claim records, psychiatric and other medical records, and police background checks were found in a dumpster.

 
Information Source:
Media
records from this breach used in our total: 0
May 1, 2007 Champaign Police Officers
Champaign, Illinois
GOV STAT

139

The names and Social Security numbers of Champaign police officers were left on a computer donated to charity.

 
Information Source:
Dataloss DB
records from this breach used in our total: 139
May 1, 2007 JP Morgan
Chicago, Illinois
BSF PORT

47,000

A computer tape containing personal information of wealthy bank clients and some employees was delivered to a secure off-site facility for storage but was later reported missing.

 
Information Source:
Dataloss DB
records from this breach used in our total: 47,000
April 30, 2007 Home Depot
Atlanta, Georgia
BSR PORT

5,563

A laptop was stolen on March 23. Home Depot associates may have had their Social Security number and amount of Home Depot incentive program bonus exposed. Names and addresses were not on the laptop. Employees were notified on April 30.

 
Information Source:
Dataloss DB
records from this breach used in our total: 5,563
April 29, 2007 University of New Mexico
Alburquerque, New Mexico
EDU PORT

3,000 not included in total below because SSNs were apparently not compromised)

Employees' personal information including names, e-mail and home addresses, UNM ID numbers and net pay for a pay period for staff, faculty and a few graduate students may have been stored on a laptop computer stolen from the San Francisco office of an outside consultant working on UNM's human resource and payroll systems.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0
April 28, 2007 Couriers on Demand
Dallas, Texas
BSO DISC

Hundreds

Personal information of job applicants was accidentally published to the Internet.

 
Information Source:
Dataloss DB
records from this breach used in our total: 100
April 27, 2007 Google Ads
Mountain View, California
BSO HACK

Unknown

Top sponsored Google ads linked to 20 popular search terms were found to install a malware program on users' computers to capture personal information and access online accounts for 100 different banks.

 
Information Source:
Media
records from this breach used in our total: 0
April 27, 2007 Caterpillar, Inc., SBA Inc.
Peoria, Illinois
BSO PORT

Unknown

A laptop computer containing personal data of employees including Social Security numbers, banking information and addresses was stolen from a benefits consultant that works with the company.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0
April 27, 2007 Commonwealth Business Media
Newark, New Jersey
BSO DISC

145

An employee accidentally attached a spreadsheet to an email that was sent to other employees. The spreadsheet had the names, Social Security numbers and other personnel information of each of the people it was emailed to.

 
Information Source:
Dataloss DB
records from this breach used in our total: 145
April 26, 2007 Ceridian Corp.
Minneapolis, Minnesota
BSO DISC

150

A former employee had data containing the personal information of employees including ID and bank-account data and then, accidentally posted it on a personal Web site.

 
Information Source:
Dataloss DB
records from this breach used in our total: 150
April 25, 2007 Neiman Marcus Group
Dallas, Texas
BSR STAT

160,000

http://phx.corporate-ir.net/phoenix.zhtml?c=118113&p=irol-recentdata, (800) 456-7019

Computer equipment was stolen containing files with sensitive information including name, address, Social Security number, date of birth, period of employment and salary information of retailer Neiman Marcus Group's current and former employees and their spouses.

 
Information Source:
Dataloss DB
records from this breach used in our total: 160,000
April 24, 2007 Purdue University
West Lafayette, Indiana
EDU DISC

175

(866) 307-8513

Personal information including names and Social Security numbers of students who were enrolled in a freshman engineering honors course was on a computer server connected to the Internet that had been indexed by Internet search engines and consequently was available to individuals searching the Web.

 
Information Source:
Dataloss DB
records from this breach used in our total: 175
April 24, 2007 Baltimore County Department of Health
Baltimore, Maryland
GOV PORT

6,000

A laptop containing personal information including names, date of birth, Social Security numbers, telephone numbers and emergency contact information of patients who were seen at the clinic between Jan. 1, 2004 and April 12 was stolen.

 
Information Source:
Dataloss DB
records from this breach used in our total: 6,000
April 23, 2007 Federal Emergency Management Agency (FEMA)
Washington, District Of Columbia
GOV DISC

2,300

Social Security numbers of Disaster Assistance Employees were printed on the outside address labels of reappointment letters

 
Information Source:
Dataloss DB
records from this breach used in our total: 2,300
April 21, 2007 Albertsons (Save Mart Supermarkets)
Alameda, California
BSR CARD

Over 100

(510) 337-8340

Credit and debit card numbers were stolen using bogus checkout-line card readers resulting in card numbers processed at those terminals being captured and some to be misused.

 
Information Source:
Dataloss DB
records from this breach used in our total: 100
April 20, 2007 Los Alamos National Laboratory
Alburquerque, New Mexico
GOV DISC

550

The names and Social Security numbers of lab workers were posted on a Web site run by a subcontractor working on a security system.

 
Information Source:
Dataloss DB
records from this breach used in our total: 550
April 20, 2007 U.S. Agriculture Department
Washington, District Of Columbia
GOV DISC

38,700

http://www.usda.gov/wps/portal/!ut/p/_s.7_0_A/7_0_1OB?contentidonly=true&contentid=2007/04/0110.xml

The Social Security numbers of people who received loans or other financial assistance from two Agriculture Department programs were disclosed since 1996 in a publicly available database posted on the Internet. Originally, the US Department of Agriculture estimated that the personal information of as many as 150,000 people may be affected, then reduced the number 38,700.

 
Information Source:
Dataloss DB
records from this breach used in our total: 38,700
April 19, 2007 New Mexico State University
Las Cruces, New Mexico
EDU DISC

5,600

The names and Social Security numbers of students who registered online to attend their commencement ceremonies from 2003 to 2005 were accidentally posted on the school's Web site when an automated program moved what was supposed to be a private file into a public section of the Web site.

 
Information Source:
Dataloss DB
records from this breach used in our total: 5,600
April 19, 2007 Honeywell International
Morristown, New Jersey
BSF PORT

Unknown

A laptop was stolen from a Honeywell HR employee.  It contained the names and Social Security numbers of employees.  At least 20 New York residents were affected, but the total number of people affected nationwide was not revealed.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0
April 19, 2007 Valve Software
Bellevue, Washington
BSR HACK

Unknown

A hacker accessed customer information that was stored on the website. Thousands of customers had their information exposed, and the hacker posted some customer credit card information. The hacker claims to have gained access by utilizing login details that were easily found by browsing. Valve asset information was also exposed.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0
April 18, 2007 Ohio State University
Columbus, Ohio
EDU HACK

14,000

http://www.osu.edu/news/newsitem1673

A hacker accessed the names, Social Security numbers, employee ID numbers and birth dates of 14,000 current and former staff members.

 
Information Source:
Dataloss DB
records from this breach used in our total: 14,000
April 18, 2007 University of California, San Francisco (UCSF)
San Francisco, California
EDU STAT

3,000

(866) 485-8777, http://news.ucsf.edu/releases/ucsf-computer-server-with-research-subject-information-is-stolen/, http://security.ucsf.edu/alert/information.html

A computer file server containing names, contact information, and Social Security numbers for study subjects and potential study subjects related to research on causes and cures for different types of cancer was stolen from a locked UCSF office. For some individuals, the files also included personal health information.

 
Information Source:
Dataloss DB
records from this breach used in our total: 3,000
April 18, 2007 Ohio State University
Columbus, Ohio
EDU PORT

3,500

http://www.osu.edu/news/newsitem1673

The names, Social Security numbers and grades of 3,500 former chemistry students were on class rosters housed on two laptop computers stolen from a professor's home in late February.

 
Information Source:
Dataloss DB
records from this breach used in our total: 3,500
April 15, 2007 CVS Pharmacy
Liberty, Texas
MED PHYS

Over 1,000

The Attorney General of Texas filed a complaint against CVS Pharmacy for illegally disposing of personal information including active debit and credit card numbers, complete with expiration dates and medical prescription forms with customer's name, address, date of birth, issuing physician and the types of medication prescribed. The information was found in a dumpster behind a store that apparently was being vacated. 

 
Information Source:
Dataloss DB
records from this breach used in our total: 1,000
April 12, 2007 Bank of America
Charlotte, North Carolina
BSF PORT

Unknown

A laptop containing personal information of current, former and retired employees including names, addresses, dates of birth and Social Security numbers was stolen when an employee was a victim of a recent break-in. A limited number of people were affected.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0
April 12, 2007 University of Pittsburgh Medical Center
Pittsburgh, Pennsylvania
MED DISC

88

Personal information including names, Social Security numbers, and radiology images of patients were previously included in two medical symposium presentations that were posted on UPMC's Web site. Though the presentation was later removed in 2005, the presentations were apparently inadvertently re-posted on the site and only recently removed again.

 
Information Source:
Dataloss DB
records from this breach used in our total: 88
Breach Total
816,324,756 RECORDS BREACHED
(Please see explanation about this total.)
from 4,517 DATA BREACHES made public since 2005

Pages

Showing 3701-3750 of 4517 results