Chronology of Data Breaches
Security Breaches 2005 - Present

Posted Date: April 20, 2005
Updated Date: December 31, 2013

Is this your first visit to our Chronology of Data Breaches?

  • Read our FAQ about what we define as a breached record, how we calculate the "total" records breached, our data sources, state breach notice laws, studies and other resources

  • Learn how to use our Chronology and take advantage of its sophisticated search and sort features

  • Get our RSS Feed to see when we add new breaches to the list

What would you like to do?


Click or unclick the boxes then select go.


Select features then click GO. To modify your search, check or uncheck the boxes and click GO.


Reset the checkboxes to the default "all selected."

Help Guide

Can't find the sort feature you're looking for? Click here to download a CSV file of the data breach list as it exisits today.

display_id:page_1

display_id:page_1

Breach Total
816,324,756 RECORDS BREACHED
(Please see explanation about this total.)
from 4,517 DATA BREACHES made public since 2005
Date Made Publicsort ascending Name Entity Type
November 25, 2006 Family Health Center of Clark County
Jeffersonville, Indiana
MED STAT

7,700

Two computers stolen from an Indiana state health department contractor, the Family Health Center of Clark Count, contained the names, addresses, birth dates, SSNs and medical and billing information for more than 7,500 women. The data were collected as part of the state's Breast and Cervical Cancer Program.

 
Information Source:
Dataloss DB
records from this breach used in our total: 7,700
November 20, 2006 Administration for Children's Services
New York, New York
GOV PHYS

200 (No reports of SSNs or financial information)

More than 200 case files from the Emergency Children's Services Unit of ACS were found on the street in a plastic garbage bag. The files contain sensitive information of families, social workers and police officers.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0
November 20, 2006 Haywood Mortgage Associates Inc.
Bethesda, Maryland
BSF INSD

228

A former employee is believed to have downloaded confidential client information to a USB device shortly before leaving the company.  Client names, Social Security numbers, addresses, dates of birth, driver's license numbers, credit card account numbers, mortgage loan account numbers, auto and personal loan numbers, employment information and credit reports could have been taken.  The incident occurred sometime around September 7.  Clients were notified on January 8 of 2007.

 
Information Source:
Dataloss DB
records from this breach used in our total: 228
November 20, 2006 Bank of Jena, Experian
Jena, Louisiana
BSF HACK

Unknown

An unauthorized user was able to access Experian consumer information through the Bank of Jena. Names, Social Security numbers, addresses, dates of birth and account numbers could have been accessed. At least 29 New York residents were affected, but the total number of residents affected nationwide was not revealed.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0
November 18, 2006 KeyCorp
Cleveland, Ohio
BSF DISC

17

An email containing a spreadsheet with the SSN, name, address and closed account number of 17 NY residents was accidentally emailed to an external client distribution list of 159 businesses and individuals on or around November 9. The recipients were asked to destroy the email. It is not clear if the 17 New York residents were the only people affected by this incident.

 
Information Source:
Dataloss DB
records from this breach used in our total: 17
November 17, 2006 Jefferson College of Health Sciences
Roanoke, Virginia
EDU DISC

143

An email containing the names and SSNs of 143 students intended for one employee was inadvertently sent to the entire student body of 900.

 
Information Source:
Dataloss DB
records from this breach used in our total: 143
November 17, 2006 Paetec Communications
Charlotte, North Carolina
BSR PORT

1095

The October 27 theft of an employee's laptop exposed employee information. A list of employees dating back to December 2004 was on the hard drive of the laptop. Employee names, Social Security numbers and salary information may have been exposed.

 
Information Source:
Dataloss DB
records from this breach used in our total: 1,095
November 16, 2006 American Cancer Society (ACS)
Louisville, Kentucky
NGO PORT

Unknown

Headquarters in Atlanta, GA.  If you have tips, call (502) 574-5673

An unspecified number of laptop computers were stolen from the Louisville offices of the American Cancer Society. It is not clear what personal information was exposed, if any.

 
Information Source:
Media
records from this breach used in our total: 0
November 15, 2006 Internal Revenue Service (IRS)
Washington, District Of Columbia
GOV PORT

2,359

According to document s obtained under the Freedom of Information Act, 478 laptops were either lost or stolen from the IRS between 2002 and 2006. 112 of the computers held sensitive taxpayer information such as SSNs.

UPDATE (04/05/07): A report by the Treasury Inspector General for Tax Administration noted that at least 490 IRS computers have been stolen or lost since 2003 in 387 security breach incidents that potentially jeopardized tax payers' personal information.

UPDATE (04/17/07): The Inspector General's assessment of 20 buildings in 10 cities discovered four separate locations at which hackers could have easily gained access to IRS computers and taxpayer data using wireless technology.

 
Information Source:
Media
records from this breach used in our total: 2,359
November 15, 2006 Boeing, Co
Chicago, Illinois
BSO PORT

762

A laptop was stolen from an employee's home on or around November 6.  The laptop contained salary planning files from 2002 that had Social Security numbers, names, driver's licenses and state identification numbers.  Credit and debit card numbers, security codes and passwords for financial accounts may have also been exposed.

 
Information Source:
Dataloss DB
records from this breach used in our total: 762
November 15, 2006 Look Tours LLC
North Las Vegas, Nevada
BSR STAT

300,000

A number of computers were stolen during a September 28 office burglary. Some of the information on the computers included name, address, email address and credit card number and information. Customers and some current and former employees and consultants were affected.

 
Information Source:
Dataloss DB
records from this breach used in our total: 300,000
November 15, 2006 Stony Brook University
Stony Brook, New York
EDU STAT

2,000

A computer stolen on August 15 contained names and Social Security numbers. People involved in the Professional Teachers Program were affected. An employee of a moving company used by the University is believed to be responsible for the theft. The computer was returned on October 6 and was used by unauthorized persons during its absence.

 
Information Source:
Dataloss DB
records from this breach used in our total: 2,000
November 15, 2006 Expedia Corporate Travel (now Egencia)
Bellevue, Washington
BSO INSD

47

A former call center employee somehow gained access to credit card numbers and may have misused the information. The former employee attempted to make unauthorized charges at least twice. The discovery was made on October 24.

 
Information Source:
Dataloss DB
records from this breach used in our total: 47
November 13, 2006 Connors State College
Warner, Oklahoma
EDU PORT

Considerably more than 22,500

(918) 463-6267, perline@connorsstate.edu

On Oct. 15, a laptop computer was discovered stolen from the college. (It has since been recovered by law enforcement). The computer contains Social Security numbers and other data for Connors students plus 22,500 high school graduates who qualify for the Oklahoma Higher Learning Access Program scholarships.

 
Information Source:
Dataloss DB
records from this breach used in our total: 22,500
November 11, 2006 Hertz Global Holdings, Inc.
Oklahoma City, Oklahoma
BSO INSD

Unknown

1-888-222-8086

The names and Social Security numbers of Hertz employees dating back to 2002 were discovered on the home computer of a former employee.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0
November 10, 2006 KSL Services, Inc.
Los Alamos, New Mexico
BSO PORT

Approximately 1,000

A disk containing the personal information of approximately 1,000 KSL employees is missing. KSL is a contractor for Los Alamos National Laboratory.

 
Information Source:
Dataloss DB
records from this breach used in our total: 1,000
November 10, 2006 NYS Higher Education Services
Albany, New York
EDU PHYS

49

Paper documents were lost when the package containing them was damaged by a carrier's mechanical equipment.  The documents may have been thrown away by the carrier.  The information on the documents included name, Social Security number and address. At least 49 New York residents were affected, but the total number of people affected nationwide was not disclosed.

 
Information Source:
Dataloss DB
records from this breach used in our total: 49
November 9, 2006 Four ARCO gas stations
Costa Mesa, California
BSR CARD

At least 440

Additional locations: Westminster and Torrance, CA

From Sept. 29 to Oct. 9, thieves used card skimmers to steal bank account numbers and PIN codes from gas station customers and used the information to fabricate debit cards and make ATM withdrawals.

 
Information Source:
Dataloss DB
records from this breach used in our total: 440
November 7, 2006 City of Lubbock
Lubbock, Texas
GOV HACK

5,800

Hackers broke into the city's web site and compromised the online job application database, which included Social Security numbers.

 
Information Source:
Dataloss DB
records from this breach used in our total: 5,800
November 7, 2006 Lehman College
Bronx, New York
EDU DISC

768

A class of 2006 Fall graduation list was found to be accessible online.  The file had only been available for 17 hours.  Classes, majors, names, Social Security numbers, addresses, home phone numbers and dates of birth were on the list.

 
Information Source:
Dataloss DB
records from this breach used in our total: 768
November 7, 2006 CIGNA HealthCare Corp
Bloomfield, Connecticut
BSF PORT

156 (149 SSNs)

The location listed is the headquarters. The breach may have occurred elsewhere.

The July 11 theft of an employee's laptop left sensitive data exposed. Names, tax identification numbers and Social Security numbers of people who used their Social Security number as a tax ID were exposed.

 
Information Source:
Dataloss DB
records from this breach used in our total: 149
November 6, 2006 Bowling Green Police Department
Bowling Green, Ohio
GOV DISC

Approx. 200 victims or suspects

The police dept. accidentally published a report on their website containing personal information on nearly 200 people the police had contact with on Oct. 21. Data included names, Social Security numbers, driver's license numbers, etc.

 
Information Source:
Dataloss DB
records from this breach used in our total: 200
November 6, 2006 Ingersoll Rand
Montvale, New Jersey
BSO PORT

1510

The September 29 theft of an employee's laptop resulted in the exposure of emails with names and Social Security numbers of former employees. The laptop was stolen from the employee's car while it sat in a restaurant parking lot.

 
Information Source:
Dataloss DB
records from this breach used in our total: 1,510
November 3, 2006 University of Virginia (UVA)
Charlottesville, Virginia
EDU DISC

632 students

Due to a computer programming error, Student Financial Services sent e-mail messages to students containing 632 other students' Social Security numbers.

 
Information Source:
Dataloss DB
records from this breach used in our total: 632
November 3, 2006 West Shore Bank
Ludington, Michigan
BSF CARD

About 1,000

Customers' debit cards and possibly credit cards were compromised from a security break last summer at a common MasterCard point-of-purchase provider.

 
Information Source:
Dataloss DB
records from this breach used in our total: 1,000
November 3, 2006 Wesco
Muskegon, Michigan
BSR CARD

Unknown

Wesco gas stations experienced a breach in credit card transactions from July 25-Sept. 7 resulting in inaccurate charges to customer accounts.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0
November 3, 2006 Starbucks Corp.
Seattle, Washington
BSR PORT

60,080

1-800-453-1048

Starbucks lost track of four laptop computers. Two held employee names, addresses, and Social Security numbers. Current and former U.S. employees and about 80 Canadian workers and contractors were affected.

 
Information Source:
Dataloss DB
records from this breach used in our total: 60,080
November 3, 2006 Several Joliet area motels
Joliet, Illinois
BSO INSD

Unknown

Motel owners and employees allegedly stole and sold customers' credit card numbers.

 
Information Source:
Media
records from this breach used in our total: 0
November 2, 2006 Hilb, Rogal & Hobbs, Villanova University
Plymouth Meeting, Pennsylvania
BSF PORT

1,243 Villanova University students and staff

In September 2006, a laptop computer was stolen from the insurance brokerage firm. It contained client information including the names, birthdates, and drivers license numbers of Villanova University students and staff who drive university vehicles.

 
Information Source:
Dataloss DB
records from this breach used in our total: 1,243
November 2, 2006 Colorado Department of Human Services via Affiliated Computer Services (ACS)
Dallas, Texas
GOV STAT

Up to 1.4 million

For questions, call ACS at (800) 350-0399

On Oct. 14, a desktop computer was stolen from a state contractor who processes Colorado child support payments for the Dept. of Human Services. Computer also contained the state's Directory of New Hires.

UPDATE (12/07/2006) When initially posted to this list, the number 1.4 million was not added to the total because we could not confirm if SSNs were exposed. The PRC was contacted by an affected individual today who confirmed that names, addresses, SSNs and dates of birth were exposed.

 
Information Source:
Dataloss DB
records from this breach used in our total: 1,400,000
November 2, 2006 Greater Media, Inc.
Philadelphia, Pennsylvania
BSO PORT

Unknown

A laptop computer containing the Social Security numbers of the radio broadcasting company's current and former employees was stolen from their Philadelphia offices.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0
November 2, 2006 McAlester Clinic and Veterans Affairs Medical Center
Muskogee, Oklahoma
MED PORT

1,400 veterans

Three disks containing billing information, patient names and Social Security numbers, were lost in the mail.

 
Information Source:
Dataloss DB
records from this breach used in our total: 1,400
November 2, 2006 Intermountain Health Care
Salt Lake City, Utah
MED PORT

6,244

A computer was purchased at a second-hand store, Deseret Industries, that contained the names, Social Security numbers, employment records, and other personal information about Intermountain Health Care employees employed there in 1999-2000.

 
Information Source:
Dataloss DB
records from this breach used in our total: 6,244
November 2, 2006 Compulinx
White Plains, New York
BSO INSD

Up to 50 Compulinx employees

The CEO of Compulinx was arrested for fraudulently using employees' names, addresses, Social Security numbers and other personal information for credit purposes. (It is unclear whether customers' data was also used).

 
Information Source:
Media
records from this breach used in our total: 50
November 1, 2006 U.S. Army Cadet Command
Fort Monroe, Virginia
GOV PORT

4,600 high school seniors

1-866-423-4474, Email: mydata@usaac.army.mil 

A laptop computer was stolen that contained the names, addresses, telephone numbers, birthdates, Social Security numbers, parent names, and mother's maiden names of applicants for the Army's four-year ROTC college scholarship.

 
Information Source:
Dataloss DB
records from this breach used in our total: 4,600
October 31, 2006 Avaya
Maitland, Florida
BSO PORT Unknown
Additional location: Basking Ridge, NJ A laptop stolen from an Avaya employee on October 16 in Florida contained personally identifiable information, including names, addresses, W-2 tax form information and SSNs.  
Information Source:
Dataloss DB
records from this breach used in our total: 0
October 31, 2006 Community National Bank, Crowe Chizek & Company LLC
Great Neck, New York
BSF PORT

90

The Bank was notified of a potential security breach by its auditor Crowe. Two laptops belonging to Crowe auditors were stolen from a car in a restaurant parking lot on October 12.  One laptop contained the names, Social Security or tax identification numbers, addresses and account numbers of clients from a November 2005 confirmation trial.  

 
Information Source:
Dataloss DB
records from this breach used in our total: 90
October 31, 2006 Yates County Public Health
Penn Yan, New York
MED PORT

68

A laptop computer used for Child Health Plus, Medicaid and Family Health Plus plans was stolen from a vehicle on October 20. It contained application information which included name, Social Security number, date of birth, driver's license number, bank account and personal checking information and employer information. At least 68 New York residents were affected, but the total number of affected individuals nationwide was not revealed.

 
Information Source:
Dataloss DB
records from this breach used in our total: 68
October 30, 2006 National Financial Partners (NFP)
New York, New York
BSF INSD

4,327

A former payroll department employee may have had access to former and current employee information.  The information included Social Security numbers, addresses and birth dates.  The employee was not authorized to view the information.  It is unclear if the employee still had access to the electronic files after termination.

 
Information Source:
Dataloss DB
records from this breach used in our total: 4,327
October 29, 2006 New York University
New York, New York
EDU PORT

30,000

Backup CDs from the Continuing Medical Education program at NYU Medical Center were lost or stolen.  Names, Social Security numbers, addresses, telephone and fax numbers, student ID numbers, debit or credit card information and degree information for students participating in the program between 1999 and the discovery of the loss may have been exposed.

 
Information Source:
Dataloss DB
records from this breach used in our total: 30,000
October 27, 2006 Gymboree
San Francisco, California
BSR PORT

up to 20,000 employees

A thief stole 3 laptop computers from Gymboree's corporate headquarters. They contained unencrypted human resources data (names and Social Security numbers) of thousands of workers.

 
Information Source:
Dataloss DB
records from this breach used in our total: 20,000
October 27, 2006 Hancock Askew & Co.
Savannah, Georgia
BSO PORT

Unknown

On October 5, 2006, a laptop computer containing 401(k) information for employees of at least one company (Atlantic Plastics, Inc.) was stolen from accounting firm Hancock Askew.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0
October 27, 2006 LexisNexis
Boca Raton, Florida
BSO PORT

449

A package containing an employee's laptop computer was lost by an overnight courier service during shipping.  The laptop may have included the names, Social Security numbers, driver's license numbers, dates of birth and addresses of certain individuals.  At least 53 residents of Maine and 396 residents of New York were affected, but the total number of affected individuals nationwide was not reported.

 
Information Source:
Dataloss DB
records from this breach used in our total: 449
October 27, 2006 Link Staffing Services
Houston, Texas
BSO STAT

332,000

On September 26 it was discovered that a computer server was stolen during an office burglary. The server had employee names and Social Security numbers. Current and former employees were notified at the end of October after an investigation of the breach.

 
Information Source:
Dataloss DB
records from this breach used in our total: 332,000
October 26, 2006 Akron Children's Hospital
Akron, Ohio
MED HACK

235,903

Overseas hackers broke into two computers at Children's Hospital. One contains private patient data (including Social Security numbers) and the other holds billing and banking information.

 
Information Source:
Dataloss DB
records from this breach used in our total: 235,903
October 26, 2006 Empire Equity Group
Charlotte, North Carolina
BSF PHYS

Unknown

Mortgage files that included personal financial details about loan applicants were found in a dumpster. Empire Equity will pay $12,500 to the State of NC.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0
October 26, 2006 LimeWire
Denver, Colorado
BSO HACK

75

http://www.denverda.org/News_Release/Releases/2006%20Release/Computer%20security%20alert.pdf

The Denver Police Dept. reports that LimeWire's file-sharing program was exploited to access personal and financial information from approximately 75 different individual and business account names from all over the country. The information, which included tax records, bank account information, online bill paying records and other material, appears to have been stolen directly from computers that were using LimeWire's filesharing software program.

 
Information Source:
Dataloss DB
records from this breach used in our total: 75
October 25, 2006 Transportation Security Administration (TSA)
Portland, Oregon
GOV PORT

900 current and former Oregon TSA employees

A thumb drive is missing from the TSA command center at Portland International Airport and believed to contain the names, addresses, phone numbers and Social Security numbers of approximately 900 current and former employees.

 
Information Source:
Media
records from this breach used in our total: 900
October 25, 2006 Swedish Medical Center, Ballard Campus
Seattle, Washington
MED INSD

Up to 1,100 patients

(800) 840-6452

An employee stole the names, birthdates, and Social Security numbers from patients who were hospitalized or had day-surgeries from June 22 to Sept 21. She used 3 patients' information to open multiple credit accounts.

 
Information Source:
Dataloss DB
records from this breach used in our total: 1,100
October 25, 2006 Tuscarawas County and Warren County
Tuscarawas County, Ohio
GOV DISC

Unknown

Additional location: Warren County, OH

The Social Security numbers of some Tuscarawas and Warren County voters were available on the LexisNexis Internet database service. Local boards of elections may be the source of the information. 

UPDATE (11/1/06): LexisNexis says it has now removed the SSNs.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0
Breach Total
816,324,756 RECORDS BREACHED
(Please see explanation about this total.)
from 4,517 DATA BREACHES made public since 2005

Pages

Showing 3951-4000 of 4517 results