Chronology of Data Breaches
Security Breaches 2005 - Present

Posted Date: April 20, 2005
Updated Date: December 31, 2013

Is this your first visit to our Chronology of Data Breaches?

  • Read our FAQ about what we define as a breached record, how we calculate the "total" records breached, our data sources, state breach notice laws, studies and other resources

  • Learn how to use our Chronology and take advantage of its sophisticated search and sort features

  • Get our RSS Feed to see when we add new breaches to the list

What would you like to do?


Click or unclick the boxes then select go.


Select features, then click GO.



Help Guide

Can't find the sort feature you're looking for? Click here to download a CSV file of the data breach list as it exisits today.
Breach Total
815,842,526 RECORDS BREACHED
(Please see explanation about this total.)
from 4,488 DATA BREACHES made public since 2005
Date Made Publicsort icon Name Entity Type
February 14, 2007 Iowa Department of Education
Des Moines, Iowa
GOV HACK

600

Up to 600 files of G.E.D. recipients were viewed when the online database was hacked. Files included names, addresses, birthdates, and SSNs of G.E.D. graduates from 1965 to 2002.

 
Information Source:
Dataloss DB
records from this breach used in our total: 600

February 14, 2007 Conneticut Office of the State Comptroller
Hartford, Connecticut
GOV DISC

1,753

Personal information of state employees including names and Social Security numbers was inadvertently posted on the Internet in a spreadsheet of vendors used by the state.

 
Information Source:
Dataloss DB
records from this breach used in our total: 1,753

February 10, 2007 State of Indiana Official Website www.IN.gov
Indianapolis, Indiana
GOV HACK

76,600

  (888) 438-8397, Email: securityconcerns @www.IN.gov

A hacker gained access to the State Web site and obtained credit card numbers of individuals who had used the site's online services and gained access to Social Security numbers for 71,000 healthcare workers and 5,600 individuals and businesses.

UPDATE (3/22/07): Investigators have identified a teen they believe hacked into the IN.gov as a prank.

 
Information Source:
Dataloss DB
records from this breach used in our total: 76,600

February 9, 2007 East Carolina University
Greenville, North Carolina
EDU DISC

65,000 students, alumni, and staff members

http://www.ecu.edu/incident/, 877-328-6660

A programming error resulted in personal information of 65,000 individuals being exposed on the University's Web site. The data has since been removed. Included were names, addresses, SSNs, and in some cases credit card numbers.

 
Information Source:
Dataloss DB
records from this breach used in our total: 65,000

February 9, 2007 Radford University, Waldron School of Health and Human Services
Radford, Virginia
EDU HACK

2,400 children

A computer security breach exposed the personal information, including SSNs, of children enrolled in the FAMIS program, Family Access to Medical Insurance Security.

 
Information Source:
Dataloss DB
records from this breach used in our total: 2,400

February 9, 2007 General Electric
Louisville, Kentucky
BSR PORT

80

A GE service technician's laptop was stolen. It contained customer names and credit card numbers.

 
Information Source:
Dataloss DB
records from this breach used in our total: 80

February 8, 2007 Piper Jaffrey
Minneapolis, Minnesota
BSF DISC

More than 1,000 employees

W-2s sent to current and former employees in January included employees' Social Security numbers on the outside of the envelope. Though the numbers were not identified as Social Security numbers, they followed the standard XXX-XX-XXXX format. Executives indicated the mishap was an error by a third-party vendor.

 
Information Source:
Dataloss DB
records from this breach used in our total: 1,000

February 8, 2007 St. Mary's Hospital
Leonardtown, Maryland
MED PORT

130,000

A laptop was stolen in December that contained names, SSNs, and birthdates for many of the Hospital's patients.

 
Information Source:
Dataloss DB
records from this breach used in our total: 130,000

February 8, 2007 Fresenius Medical Care Holdings Inc., Fresenius Medical Care North America (FMCNA)
Waltham, Massachusetts
MED PORT

10 (No SSNs or financial information reported)

A laptop was stolen from the locked car of an employee on December 13 while it was parked outside of a restaurant. The laptop contained patient names, dates of birth, dates of service and insurance information.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

February 8, 2007 LexisNexis
Boca Raton, Florida
BSO INSD

220

LexisNexis sent out notification letters of two separate incidents. A law enforcement customer noticed that an account was used in an unauthorized way. Searches that revealed names, Social Security numbers and driver's license numbers may have been performed by an unauthorized user or without proper reason. The second incident involves a government agency employee who may have used his account in an unauthorized manner to view names, Social Security numbers, addresses and driver's license numbers. Over 220 New York residents were affected by the breaches, but the total number of affected customers nationwide was not revealed.

 
Information Source:
Dataloss DB
records from this breach used in our total: 220

February 8, 2007 District Council 37 Health and Security Plan of New York City
New York, New York
GOV PORT

31,500

A CD containing prescription drug data was discovered missing from the organization's files.  People who had their prescription drugs filled through DC 37's prescription drug benefits plan may have had their names and Social Security numbers exposed.  Prescription information from between February 13 and February 22 of 2006 (the previous year) was also exposed.

 
Information Source:
Dataloss DB
records from this breach used in our total: 31,500

February 7, 2007 University of Nebraska
Lincoln, Nebraska
EDU DISC

72

An employee accidentally posted SSNs of 72 students, professors, and staff on UNL's public Web site where they remained for 2 years. They have since been removed.

 
Information Source:
Dataloss DB
records from this breach used in our total: 72

February 7, 2007 Johns Hopkins University and Johns Hopkins Hospital
Baltimore, Maryland
MED PORT

52,000 past and present employees plus 83,000 patients

Johns Hopkins reported the disappearance of 9 backup computer tapes containing personal information of employees and patients.  Eight of the tapes contained payroll information on 52,000 past and present employees, including SSNs and in some cases bank account numbers. The 9th tape contained less sensitive information about 83,000 hospital patients.

 
Information Source:
Dataloss DB
records from this breach used in our total: 135,000

February 7, 2007 Central Connecticut State University
New Britain, Connecticut
EDU DISC

750 students

Social Security numbers of about 750 CCSU students were exposed in the name and address window on envelopes mailed to them. The envelopes were not folded correctly. They contained IRS 1098T forms.

 
Information Source:
Dataloss DB
records from this breach used in our total: 750

February 6, 2007 New York Department of Labor
Glenn Falls, New York
GOV PHYS

537

A laptop computer annd documents were stolen from a state tax auditor's apartment. While the laptop had security features and had little personal information on it, the documents contained personal information for people who were employed by 13 Capital Region businesses.

 
Information Source:
Dataloss DB
records from this breach used in our total: 537

February 6, 2007 Metro Credit Services
Hurst, Texas
BSF PHYS

Unknown

Thousands of files from the defunct bill collection company containing medical records, phone bills and Social Security numbers were found in a trash bin.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

February 6, 2007 Merchant America
Camarillo, California
BSR HACK

130,000

A hacker gained access to a customer database. Customers who made transactions with merchants that Merchant America provides payment processing services to may have had their names, bank account numbers and driver's license numbers exposed.

 
Information Source:
Dataloss DB
records from this breach used in our total: 130,000

February 3, 2007 CTS Tax Service
Cassopolis, Michigan
BSO STAT

800

The computer and hard drive of a tax preparation company were stolen. Data included names, bank account numbers, routing numbers, birthdates, SSNs, and addresses.

 
Information Source:
Dataloss DB
records from this breach used in our total: 800

February 2, 2007 Massachusetts Department of Industrial Accidents
Boston, Massachusetts
GOV INSD

1,200 people who submitted claims

800) 323-3249 ext. 560, www.mass.gov/dia

A former state contractor allegedly accessed a workers' compensation data file and stole personal information, including SSNs. The thief used the data to commit identity theft on at least 3 individuals.

 
Information Source:
Dataloss DB
records from this breach used in our total: 1,200

February 2, 2007 Indian Consulate via Haight Ashbury Neighborhood Council recycling center
San Francisco, California
GOV PHYS

Unknown

Visa applications and other sensitive documents were accessible for more than a month in an open yard of a recycling center. Information included applicants' names, addresses, phone numbers, birthdates, professions, employers, passport numbers, and photos. A sampling of documents indicated that the paperwork included everyone who applied in the Western states from 2002-2005. Applicants were current and former executives of major Bay Area companies that have operations in India.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

February 2, 2007 Wisconsin Assembly
Madison, Wisconsin
GOV PHYS

150 Assembly members and aides

A document containing personal information of Wisconsin Assembly members was stolen from a legislative employee's car while she was exercising at a local gym. It contained names, addresses, and SSNs.

 
Information Source:
Dataloss DB
records from this breach used in our total: 150

February 2, 2007 University of Missouri, Research Board Grant Application System
Columbia, Missouri
EDU HACK

1,220

A hacker broke into a UM computer server mid-January and might have accessed personal information, including SSNs, of 1,220 researchers on 4 campuses. The passwords of 2,579 individuals might also have been exposed.

 
Information Source:
Dataloss DB
records from this breach used in our total: 1,220

February 2, 2007 New York Department of State
Albany, New York
GOV DISC

Unknown

The agency's Web site posted commercial loan documents that mistakenly contained SSNs. The forms are posted to let lenders know the current financial status of loan recipients.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

February 2, 2007 U.S. Department of Veterans Affairs, VA Medical Center
Birmingham, Alabama
MED PORT

48,000 veterans plus 535,000

(877) 894-2600, http://www1.va.gov/opa/pressrel/pressrelease.cfm?id=1294

An employee reported a portable hard drive stolen or missing that might contain personal information about veterans including Social Security numbers.

UPDATE (2/10/07): VA increases number of affected veterans to 535,000, included in the total below.

UPDATE (2/12/07): VA reported that billing information for 1.3 million doctors was also exposed, including names and Medicare billing codes, not included in the total below.

UPDATE (3/19/07): The VA's Security Operations Center has referred 250 incidents since July 2006 to its inspector general, which has led to 46 separate investigations.

UPDATE (6/18/07):More than $20 million to respond to its latest data breach, the breach potentially puts the identities of nearly a million physicians and VA patients.

 
Information Source:
Dataloss DB
records from this breach used in our total: 583,000

January 29, 2007 Mendoza College of Business, Notre Dame University
Notre Dame, Indiana
EDU DISC

Unknown

Additional location: South Bend, Indiana

A file of individuals who took the GMAT test (Graduate Management Admissions Test) was mistakenly left on a computer that was decommissioned. The computer was later reactivated and plugged into the Internet. Its files were available through a file-sharing program. Data included names, scores, SSNs and demographic information from 2001.

 
Information Source:
Media
records from this breach used in our total: 0

January 29, 2007 Vermont Agency of Human Services
Waterbury, Vermont
GOV HACK

70,000

Customers of New England Federal Credit Union, Central Vermont Public Service Employees Credit Union, First Brandon National Bank, Federal Family Credit Union, Granite Hills Credit Union, Merchants Bank, Northfield Savings Bank, Opportunities Credit Union and the Vermont State Employees Credit Union were affected.

A state computer that contained the names, Social Security numbers and bank account information was hacked into. Some of the information came from noncustodial parents who owed back child support while most of the people affected were customers of New England Federal Credit Union with no history of owing child support. The information is from 2004 and 2005 credit union members.

 
Information Source:
Dataloss DB
records from this breach used in our total: 70,000

January 29, 2007 Public Storage Inc.
Glendale, California
BSO HACK

Unknown

Someone gained unauthorized access to electronic company personnel files. The files included Social Security numbers, dates of birth, home addresses and other active employee information.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

January 28, 2007 Salina Regional Health Center
Salina, Kansas
MED PORT

1,100

A laptop was stolen from a Hospital office.  It contained names, Social Security numbers and medical histories of patients.  Only patients treated by the laptop user are at risk for identity theft.

 
Information Source:
Dataloss DB
records from this breach used in our total: 1,100

January 28, 2007 New York Academy of Medicine
New York, New York
EDU STAT

7,460 (0 complete SSNs)

A computer was stolen during an office burglary in October 28. The last four digits of research participants' Social Security numbers, full names and dates of birth were on a database on the computer. Some participants also had their addresses and laboratory data exposed.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

January 26, 2007 Indiana Department of Transportation (INDOT)
Indianapolis, Indiana
GOV DISC

4,000

The names and SSNs of INDOT employees were inadvertently posted on an internal network computer drive sometime between Sept. 6 and Dec. 4, 2006.

 
Information Source:
Dataloss DB
records from this breach used in our total: 4,000

January 26, 2007 Vanguard University
Costa Mesa, California
EDU STAT

5,105 financial aid applicants

(800) 920-7312

On Jan. 16, 2 computers were discovered stolen from the financial aid office. Data included names, SSNs, dates of birth, phone numbers, driver's license numbers, and lists of assets.  Affected financial aid applicants from 2005-2006 and 2006-2007 school years.

 
Information Source:
Dataloss DB
records from this breach used in our total: 5,105

January 26, 2007 WellPoint's Anthem Blue Cross Blue Shield
Richmond, Virginia
MED PORT

50,000

(800) 284-9779

Cassette tapes containing customer information were stolen from a lock box held by one of its vendors. Data included names and SSNs.

 
Information Source:
Dataloss DB
records from this breach used in our total: 50,000

January 26, 2007 Chase Bank and the former Bank One, now merged
Shreveport, Louisiana
BSF PHYS

4,100 current and former employees from all over Louisiana

A Bossier woman bought a used desk from a furniture store. She discovered a 165-page spread sheet in a drawer that included names and SSNs of bank employees. The document was returned to the bank.

 
Information Source:
Media
records from this breach used in our total: 4,100

January 26, 2007 Eastern Illinois University
Charleston, Illinois
EDU STAT

1,400 currently enrolled students

A desktop computer was stolen from the Student Life office containing membership rosters -- including SSNs, birthdates, and addresses -- of the University's 23 fraternities and sororities. A hard drive and memory from 2 other computers were also stolen.

 
Information Source:
Dataloss DB
records from this breach used in our total: 1,400

January 26, 2007 The Bombay Company
Fort Worth, Texas
BSR PORT

60

A laptop that contained customer names, credit card types, last four digits of credit card numbers and phone numbers was stolen. Information about purchase amounts and dates was also on the laptop.

 
Information Source:
Dataloss DB
records from this breach used in our total: 60

January 26, 2007 UPS Capital Business Credit, U.S. Farm Credit Administration (FCA)
Windsor, Connecticut
BSF PORT

48

An FCA employee's laptop and USB memory drive were lost on November 3. UPS credit loans were being reviewed by FCA. Taxpayer identification numbers, Social Security numbers and loan information may have been exposed.

 
Information Source:
Dataloss DB
records from this breach used in our total: 48

January 25, 2007 Clay High School
Oregon, Ohio
EDU HACK

Unknown

A former high school student obtained sensitive staff and student information through an apparent security breach. The data was copied onto an iPod and included names, birth dates, SSNs, addresses, and phone numbers.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

January 25, 2007 Ohio Board of Nursing
Columbus, Ohio
GOV DISC

3,031

The agency's Website posted names and SSNs of newly licensed nurses twice in the past two months. The Social Security numbers were supposed to have been removed before posting.

 
Information Source:
Dataloss DB
records from this breach used in our total: 3,031

January 25, 2007 Wahiawa Women, Infants and Children program (WIC)
Honolulu, Hawaii
GOV INSD

11,500 current and former clients

  (808) 586-8080, http://www.hawaii.gov/dcca/quicklinks/id_theft_info

A WIC employee apparently stole the personal information of agency clients, including SSNs, and committed identity theft on at least 3 families and perhaps 2 more. The Health Director said the agency will no longer use SSNs in its data base.

 
Information Source:
Dataloss DB
records from this breach used in our total: 11,500

January 25, 2007 Visiting Nurse Service of New York (VNSNY)
New York, New York
MED PORT

52

A tablet computer was stolen from a registered nurse. Patient Social Security numbers, names, addresses and telephone numbers were on the tablet. VNSNY warned patients that people might use the information and tablet to pose as VNSNY employees.

 
Information Source:
Dataloss DB
records from this breach used in our total: 52

January 24, 2007 Cornell University
Detroit, Michigan
EDU PORT

122

An employee laptop was lost after being checked as baggage at Detroit Metropolitan International Airport. It contained names, Social Security numbers and credit card numbers of some people.

 
Information Source:
Dataloss DB
records from this breach used in our total: 122

January 23, 2007 Rutgers-Newark University, Political Science Department
Newark, New Jersey
EDU PORT

200 students

An associate professor's laptop was stolen, containing names and SSNs of 200 students. Rutgers no longer uses SSNs as student IDs, but student IDs from past years are still SSNs.

 
Information Source:
Dataloss DB
records from this breach used in our total: 200

January 23, 2007 Xerox
Wilsonville, Oregon
BSR PORT

297

A laptop was stolen from a human resources manager's car.  Some of the employees affected by the incident experienced credit problems before being informed that the theft had put them at risk.  One employee had multiple cell phone accounts taken out in his name a month and a half after the theft.

 
Information Source:
Dataloss DB
records from this breach used in our total: 297

January 22, 2007 U.S. Department of Veterans Affairs
Seattle, Washington
GOV PHYS

Unknown

Folders of veterans' personal information were stolen from a locked car in Bremerton, WA. News stories are not clear on the type of information contained in the folders.

 
Information Source:
Media
records from this breach used in our total: 0

January 22, 2007 Chicago Board of Election
Chicago, Illinois
GOV PORT

1.3 million

About 100 computer discs (CDs) with 1.3 million Chicago voters' SSNs were mistakenly distributed to aldermen and ward committeemen. The CDs also contain birth dates and addresses.

 
Information Source:
Dataloss DB
records from this breach used in our total: 1,300,000

January 22, 2007 Sprint Nextel
Charlotte, North Carolina
BSR PORT

1,608

A laptop computer was stolen from an employee's home during a late November burglary. Information from customers nationwide was stored on the hard drive. Customers' names, addresses, Sprint Nextel account numbers and access codes, credit card numbers and phone numbers may have been exposed.

 
Information Source:
Dataloss DB
records from this breach used in our total: 1,608

January 20, 2007 Greenville South Carolina County School District
Greenville, South Carolina
EDU PHYS

Unknown

Boxes of personnel records were inadvertently left unsecured during renovations. Ten boxes held the names and Social Security numbers of teachers employed by the district between 1972 and 1990. Other boxes contained personnel records through 1998. District officials secured the boxes after receiving an anonymous call about the mistake.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

January 19, 2007 U.S. Internal Revenue Service via City of Kansas City
Kansas City, Missouri
GOV PORT

Unknown

26 IRS computer tapes containing taxpayer information were reported missing after they were delivered to City Hall. They potentially contain taxpayers' names, SSNs, bank account numbers, or employer information. The 26 tapes were the entire shipment received by the City last August. The disappearance was noticed late December 2006.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

January 19, 2007 First Advantage SafeRent, Inc., Z II Investment Group, LLC
Philadelphia, Pennsylvania
BSF INSD

18

A company named Z II Investment Group, LLC had a number of unauthorized credit reports performed.  The unauthorized reports contained name, address, Social Security number, date of birth, and partial credit card number.

 
Information Source:
Dataloss DB
records from this breach used in our total: 18

January 18, 2007 KB Home
Charleston, South Carolina
BSO STAT

2,700

A computer was stolen from one of the home builder's offices. It likely contained names, addresses, and SSNs of people who had visited the sales office for Foxbank Plantation in Berkeley County near Charleston.

 
Information Source:
Dataloss DB
records from this breach used in our total: 2,700

Showing 3801-3850 of 4488 results


X

Sign In!

Loading