Chronology of Data Breaches
Security Breaches 2005 - Present

Posted Date: April 20, 2005
Updated Date: December 31, 2013

Is this your first visit to our Chronology of Data Breaches?

  • Read our FAQ about what we define as a breached record, how we calculate the "total" records breached, our data sources, state breach notice laws, studies and other resources

  • Learn how to use our Chronology and take advantage of its sophisticated search and sort features

  • Get our RSS Feed to see when we add new breaches to the list

What would you like to do?


Click or unclick the boxes then select go.


Select features, then click GO.



Help Guide

Can't find the sort feature you're looking for? Click here to download a CSV file of the data breach list as it exisits today.
Breach Total
867,217,832 RECORDS BREACHED
(Please see explanation about this total.)
from 4,257 DATA BREACHES made public since 2005

Save or Print PDF of Entire Breach List including introduction.Save or Print a PDF of Entire Breach List (including introductory FAQ)

Filter breach list before saving or printing PDF. Conduct a search of the Chronology using its sorting features, and Save or Print a PDF of your search results (Select filters)

If you do not have access to PDF, you can print the Chronology in landscape view.

Date Made Publicsort icon Name Entity Type
May 23, 2006 University of Delaware
Newark, Delaware
EDU HACK

1,076

A security breach of a Department of Public Safety computer server potentially exposed names, Social Security numbers and driver's license numbers. Individuals whose personal information was compromised were contacted.

 
Information Source:
Dataloss DB
records from this breach used in our total: 1,076

May 23, 2006 Butler County Department of Mental Retardation & Developmental Disabilities
Cincinnati, Ohio
NGO PORT

100 clients

In April, three laptop computers were stolen from the agency's office. They contained personal information on mental health clients, including Social Security numbers.  Those affected were contacted in May.

 
Information Source:
Dataloss DB
records from this breach used in our total: 100

May 23, 2006 Mortgage Lenders Network USA
Middletown, Connecticut
BSF INSD

231,000

A former employee was arrested for extortion for attempting to blackmail his former employer for $6.9 million. He threatened to expose company files containing sensitive customer information - including customers' names, addressess, Social Security numbers, loan numbers, and loan types - if the company didn't pay him. He stole the files over the 16 months he worked there.

 
Information Source:
Dataloss DB
records from this breach used in our total: 231,000

May 23, 2006 Liberty Mutual Insurance Company
Boston, Massachusetts
BSF PORT

384

Two company laptops were stolen in California in March and one company laptop was stolen in Kentucky in April. One incident exposed some customer names and Social Security numbers that were listed along with their claims. The other incident exposed names and Social Security numbers for employees of some of Liberty's commercial insureds.

 
Information Source:
Dataloss DB
records from this breach used in our total: 384

May 22, 2006 U.S. Department of Veterans Affairs
Washington, District Of Columbia
GOV PORT

26,500,000

(800) 827-1000

On May 3, data of all American veterans who were discharged since 1975 including names, Social Security numbers, dates of birth and in many cases phone numbers and addresses, were stolen from a VA employee's home. Theft of the laptop and computer storage device included data of 26.5 million veterans. The data did not contain medical or financial information, but may have disability numerical rankings.

UPDATE (6/29/06): The stolen laptop computer and the external hard drive were recovered.

UPDATE (7/14/06): FBI claims no data had been taken from stolen computer.

UPDATE(8/5/06): Two teens were arrested in the theft of the laptop.

UPDATE (8/25/06): In an Aug. 25 letter, Secretary Nicholson told veterans of the decision to not offer them credit monitoring services. Rather the VA has contracted with a company to conduct breach analysis to monitor for patterns of misuse.

UPDATE (11/23/07): A federal judge questioned the Veterans Affairs Department's computer security and ruled Friday that lawsuits can go forward over the theft of computer equipment containing data on 26.5 million veterans. The lawsuits have been filed as potential class-action cases representing every veteran whose data was released.

UPDATE (1/23/09): The Department of Veterans Affairs has agreed to pay $20 million to current and former military personnel to settle a class action lawsuit.

UPDATE (6/16/09): No less than $75 will be paid for any valid claim, up to a cap of $1,500. If your expenses were higher than that, you might want to opt out of the class-action portion so you can file for your actual damages. In that case, you need to file a letter so it is received by June 29, 2009. You have until Nov. 27, 2009, to mail your claim form to VA Settlement Claims, P.O. Box 6727, Portland, OR 97228-9767. Be sure to keep a copy of the claim form, along with your proof of mailing. To download the claim form and to get more information, go to www.veteransclass.com. Read the FAQ and note the particulars on out-of-pocket expenses and actual damages. You also can call (888) 288-9625.

UDPATE (10/19/12): An investigation into the VA revealed that encryption software has only been installed on 16% of VA computers since the 2006 breach. Six million dollars has been spent on encryption software since the 2006 breach. The investigation began after a 2011 anonymous tip.

 
Information Source:
Dataloss DB
records from this breach used in our total: 26,500,000

May 21, 2006 Columbus Bank & Trust
Columbus, Georgia
BSF HACK

2,000

A security problem may have exposed customer credit and check card information.

 
Information Source:
Dataloss DB
records from this breach used in our total: 2,000

May 19, 2006 Frost Bank
San Antonio, Texas
BSF HACK

9,300

Hackers accessed the credit and debit card accounts of around 100 Frost Bank customers after they took Visa and MasterCard debit card information from the database of a national retailer.  Banks across the nation were affected by the breach. Only 100 Frost Bank customers reported fraudulent charges.

 
Information Source:
Dataloss DB
records from this breach used in our total: 9,300

May 18, 2006 American Red Cross, St. Louis Chapter
St. Louis, Missouri
NGO INSD

1,000,000

A dishonest employee had access to Social Security numbers of donors.  The database was used to call previous donors and urge them to give blood again. The employee misused the personal information of at least three people to perpetrate identity theft and had access to the personal information of one million donors.

 
Information Source:
Dataloss DB
records from this breach used in our total: 1,000,000

May 17, 2006 M &T Bank via contractor PFPC
Buffalo, New York
BSF PORT

Unknown

A laptop computer, owned by PFPC, a third party company that provides record keeping services for M & T's Portfolio Architect accounts was stolen from a vehicle. The laptop contained clients' account numbers, Social Security numbers, last name and the first two letters of their first name.

 
Information Source:
Security Breach Letter
records from this breach used in our total: 0

May 16, 2006 American Institute of Certified Public Accountants (AICPA)
New York, New York
NGO PORT

330,000 [Updated 6/16/06]

An unencrypted hard drive containing names, addresses and Social Security numbers of AICPA members was lost when it was shipped back to the organization by a computer repair company. AICPA offered one year of free credit monitoring services to affected members.

 
Information Source:
Dataloss DB
records from this breach used in our total: 330,000

May 16, 2006 University of California Berkeley
Berkeley, California
EDU HACK

1,200

During an investigation of a computer virus, it was discovered that computers within an office may have been accessed without authorization from within the campus network.  Student, faculty and staff names and Social Security numbers were on archived spreadsheets.  The spreadsheets contained the personal information of people who requested campus cards between 1998 and 2004.

 
Information Source:
Dataloss DB
records from this breach used in our total: 1,200

May 16, 2006 GE Money Bank, Lowe's Companies Inc.
Philadelphia, Pennsylvania
BSF PORT

150

GE Money Bank issues private label credit cards for Lowe's Companies Inc.  A number of credit card applications were taken form a Lowe's store in Philadelphia by an unknown person.  The information on the applications included names, Social Security numbers, dates of birth, addresses and Lowe's credit card account numbers.  At least 11 consumers discovered fraudulent purchases at Lowe's stores.

 
Information Source:
Dataloss DB
records from this breach used in our total: 150

May 12, 2006 Mercantile Potomac Bank
Gaithersburg, Maryland
BSF PORT

48,000

A laptop containing confidential information about customers, including Social Security numbers and account numbers was stolen when a bank employee removed it from the premises, in violation of the bank's policies. The computer did not contain customer passwords, personal identification numbers (PIN numbers) or account expiration dates. The bank contacted affected customers and offered them one year of free credit monitoring services.

 
Information Source:
Dataloss DB
records from this breach used in our total: 48,000

May 12, 2006 Annibell Mortgage Inc.
Sayville, New York
BSF STAT

300

Four computers with the personal information of clients were stolen during an early April burglary. The information did not include credit files, but did have other forms of private customer data.

 
Information Source:
Dataloss DB
records from this breach used in our total: 300

May 11, 2006 Ohio University Hudson Health Center
Athens, Ohio
MED HACK

70,000

http://www.ohio.edu/datasecurity

Names, birth dates, Social Security numbers and medical information were accessed in records of students dating back to 2001, plus faculty, workers and regional campus students.

 
Information Source:
Dataloss DB
records from this breach used in our total: 70,000

May 11, 2006 Merrill Lynch
New York, New York
BSF PORT

10,500 (Number includes only New York residents)

An employee's laptop computer was stolen during a burglary.  The computer contained limited personal information of some current and former Merrill Lynch clients and prospects.  The information included names, addresses, account and loan numbers, account and loan balances and the name of clients' financial advisors.

 
Information Source:
Dataloss DB
records from this breach used in our total: 10,500

May 11, 2006 Healthcare Business Resources (HBR)
Durham, North Carolina
MED DISC

Unknown

Google accessed confidential information on the HBR website and made the information available on the internet. Socail Security numbers, names, phone numbers, dates of birth, addresses and diagnostic information were accessible through Google. Access to the information is now restricted to authorized users with secure identification and passwords. The information was available between August 2005 and January of 2006.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

May 5, 2006 Wells Fargo
San Francisco, California
BSF STAT

Unknown

A computer containing names, addresses, Social Security numbers and mortgage loan deposit numbers of existing and prospective customers may have been stolen while being delivered from one bank facility to another.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

May 5, 2006 New York State Department of Taxation and Finance
Albany, New York
GOV PORT

38

A sales tax field auditor reported a laptop missing. Contents of the laptop were unknown at the time of the report. The data exposed may have included sales tax audit reports and supporting documentation from closed sales tax audits on 38 businesses. Some of this information would include Social Security number, business and/or home address and bank account information.

 
Information Source:
Dataloss DB
records from this breach used in our total: 38

May 4, 2006 Idaho Power Company
Boise, Idaho
BSO PORT

Unknown

Four company hard drives were sold on eBay containing hundreds of thousands of confidential company documents, employee names and Social Security numbers, and confidential memos to the company's CEO.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

May 2, 2006 Ohio University Innovation Center
Athens, Ohio
EDU HACK

35

http://www.ohio.edu/datasecurity

A server containing data including e-mails, patent and intellectual property files, and 35 Social Security numbers associated with parking passes was compromised.

 
Information Source:
Dataloss DB
records from this breach used in our total: 35

May 2, 2006 Ohio University
Athens, Ohio
EDU HACK

300,000 (137,000 SSNs)

http://www.ohio.edu/datasecurity/

Hackers accessed a computer system of the school's alumni relations department that included biographical information and 137,000 Social Security numbers of alum.

UPDATE (8/30/07) : An Ohio judge has granted a motion to dismiss a case against Ohio University (OU) regarding security breaches of the school's computer systems that compromised alumni data. The two alumni who filed the lawsuit wanted OU to pay for credit monitoring services for everyone whose data were compromised. The judge said the pair had not proven that they had suffered damages for which they could be compensated.

 
Information Source:
Dataloss DB
records from this breach used in our total: 137,000

May 2, 2006 Georgia State Government
Atlanta, Georgia
GOV STAT

Unknown

Government surplus computers that sold before their hard drives were erased contained credit card numbers, birth dates, and Social Security numbers of Georgia citizens.  The State stopped selling the computers after being notified by a buyer.  Thousands of patient records from a psychiatric hospital in Rome, Georgia were found on one computer's hard drive.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

May 2, 2006 Countrywide Home Loans
Plano, Texas
BSF INSD

90

A former employee is suspected of ordering customer credit reports and providing some of those reports to a third party.

 
Information Source:
Dataloss DB
records from this breach used in our total: 90

May 1, 2006 CBCInnovis Bank Inc., Great Florida Bank
Miami, Florida
BSF UNKN

518

CBCInnovis, Inc. learned that Great Florida Bank had consumer information accessed without proper authorization. The information may have included names, addresses, Social Security numbers, names of creditors, account numbers, payment histories and financial public records.

 
Information Source:
Dataloss DB
records from this breach used in our total: 518

April 28, 2006 Ohio Secretary of State
Cleveland, Ohio
GOV DISC

Potentially millions of registered voters

The names, addresses, and Social Security numbers of potentially millions of registered voters in Ohio were included on CD-ROMs distributed to 20 political campaign operations for spring primary election races. The records of about 7.7 million registered voters are listed on the CDs, but it's unknown how many records contained Social Security numbers, which were not supposed to have been included on the CDs.

UPDATE (9/15/06): A news report said that some Social Security numbers still remain on the agency's Web site.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

April 28, 2006 U.S. Department of Defense
Washington, District Of Columbia
GOV HACK

14,000

A hacker accessed a Tricare Management Activity (TMA) public server containing personal information about military employees. TMA is used to provide health care services to military personnel and their families.

 
Information Source:
Dataloss DB
records from this breach used in our total: 14,000

April 28, 2006 Sears, Roebuck, Company Contractor Compliance
Winter Park, Florida
BSF DISC

196

A spreadsheet with the business or individual names, identification or Social Security numbers, business addresses and business phone numbers of Sears contractors was accidentally included in an email sent to 373 contractors on April 13. The contractors were instructed to delete the email on April 24 and were also required to send written confirmation that they had done so.

 
Information Source:
Dataloss DB
records from this breach used in our total: 196

April 27, 2006 Long Island Railrad via contractor Iron Mountain
Jamaica, New York
GOV PORT

17,000

Data tapes containing personal information including names, addresses, Social Security numbers and salary figures of virtually everyone who worked for or currently works for the agency were lost.  The lost occurred during delivery by contractor Iron Mountain. Data tapes belonging to the U.S. Department of Veteran's Affairs may also have been affected.

 
Information Source:
Dataloss DB
records from this breach used in our total: 17,000

April 26, 2006 Purdue University
West Lafayette, Indiana
EDU HACK

1,351

A hacker accessed personal information including Social Security numbers of current and former graduate students, applicants to graduate school, and a small number of applicants for undergraduate scholarships.  The information compromised goes back three years prior to the incident.  Those who were affected were contacted.

 
Information Source:
Dataloss DB
records from this breach used in our total: 1,351

April 26, 2006 Aetna, Omni Hotels and the Department of Defense NAF
Hartford, Connecticut
MED PORT

38,253

A laptop containing personal information including names, addresses and Social Security numbers of Department of Defense (35,253) and Omni Hotel employees (3,000) was stolen from an Aetna employee's car.  Members were notified and Aetna offered to pay for the credit monitoring services of those who were affected.

 
Information Source:
Dataloss DB
records from this breach used in our total: 38,253

April 26, 2006 Pershing LLC
Jersey City, New Jersey
BSF PORT

92,541

A Pershing employee lost a laptop computer. Personal information of clients may have been stored on the laptop. Names, Social Security numbers, addresses, brokerage account numbers and account holdings may have been exposed.

 
Information Source:
Dataloss DB
records from this breach used in our total: 92,541

April 26, 2006 Amica Mutual Insurance
Lincoln, Rhode Island
BSF PORT

751 (number includes only New York residents)

An Amica computer tape with personal information regarding insurance claims was lost in transit. Amica believes the tape was also destroyed or badly damaged in transit.

 
Information Source:
Dataloss DB
records from this breach used in our total: 751

April 26, 2006 Sterling Renaissance Festival
Syracuse, New York
BSO HACK

Unknown

Customers with questions may call (315) 947-5782.

Someone was able to access online orders of Brandywine Limited multiple times between 4/18/06 and 4/20/06. The online order forms include customer names, addresses, credit card numbers and credit card information. Some customers may have also had their telephone numbers and email addresses exposed.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

April 24, 2006 University of Virginia
Charlottesville, Virginia
EDU STAT

Unknown

A stolen computer contained the information of students who took engineering classes. The information included names, grades and student identification numbers. Hundreds of students are at risk of identity theft since Social Security numbers were used as student identification numbers.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

April 24, 2006 College of New Paltz
New Paltz, New York
EDU HACK

Unknown

A hacker accessed the Campus' primary web server and set up a file sharing system. The server involved also contained access databases that had names and Social Security numbers.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

April 23, 2006 University of Texas McCombs School of Business
Austin, Texas
EDU HACK

197,000

Foreign hackers accessed records containing names, biographical information and, in some cases, Social Security numbers and dates of birth of current and prospective students, alumni, faculty members, corporate recruiters and staff members.

 
Information Source:
Dataloss DB
records from this breach used in our total: 197,000

April 21, 2006 University of Alaska, Fairbanks
Fairbanks, Alaska
EDU HACK

38,941

A hacker had access to names, Social Security numbers, and partial e-mail addresses of current and former students, faculty, and staff.  The University reported that it would not contact those affected after a first and second notification.  Anyone claiming to be from the University after these notifications should be viewed with suspicion.

 
Information Source:
Dataloss DB
records from this breach used in our total: 38,941

April 21, 2006 Boeing
Seattle, Washington
BSO PORT

3,600 current and former employees

A laptop was taken from a Boeing human resources employee at Sea-Tac airport. It contained Social Security numbers and other personal information, including personnel information from the 2000 acquisition of Hughes Space and Communications.

 
Information Source:
Dataloss DB
records from this breach used in our total: 3,600

April 21, 2006 Impac Funding Corporation
Newport Beach, California
BSF PORT

4,600

Customers may call (949) 475-6255.

Several laptops were stolen.  Saved emails with the names and Social Security numbers of customers may have been on one of the stolen laptops.

 
Information Source:
Dataloss DB
records from this breach used in our total: 4,600

April 20, 2006 Bear Stearns & Company Inc.
New York, New York
BSF DISC

Unknown

Customers seeking further information may call (212) 272-4275.

Bear Stearn's realized that unauthorized users could access customer accounts. Former customers could still log into on-line accounts if their account numbers had been recycled and given to new users. Such information included account holdings and activities, account statements and IRS Forms 1099-DIV and 1099-INT (which included name, address, account number and Social Security number).

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

April 19, 2006 Aflac
Columbus, Georgia
BSF PORT

Unknown

A laptop used to submit insurance applications was stolen from a field associate's home during a burglary.  It may have contained the names and Social Security numbers of policyholders and certificate holders.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

April 17, 2006 Visiting Nurse Service of New York (VNSNY)
New York, New York
MED PORT

92

Three separate thefts resulted in the loss of three tablet computers.  The computers were used by therapists who were making therapy treatment visits to patients.  The personal information on the computers included Social Security numbers. VNSNY warned that unauthorized persons might use the stolen tablets to pose as therapists and enter patient homes.

 
Information Source:
Dataloss DB
records from this breach used in our total: 92

April 14, 2006 NewTech Imaging
Honolulu, Hawaii
BSO INSD

40,000

Records containing the names, Social Security numbers and birth dates of more than 40,000 members of Voluntary Employees Benefit Association of Hawaii were illegally reproduced at a copying business before they were to be put onto a compact disc for the State. Police later found the data on a computer that had been confiscated as part of a drug investigation.  Those who were on the list and Hawaii Government Employees Association and United Public Workers members who were enrolled in union-sponsored health and group life insurance plans between July and December 1999 were warned.  Investigators were only able to speculate that the theft may have occurred in February of 2005.

 
Information Source:
Dataloss DB
records from this breach used in our total: 40,000

April 14, 2006 University of South Carolina
Columbia, South Carolina
EDU DISC

1,400

A department chair distributing information about summer courses sent an email containing sensitive information.  A database containing Social Security numbers of students was mistakenly added as an attachment and e-mailed to classmates.

 
Information Source:
Dataloss DB
records from this breach used in our total: 1,400

April 13, 2006 Fifth Third Bank
Evansville, Indiana
BSF INSD

1,000

An employee was able to gain access to around 1,000 customer accounts.  He used this information to stalk and harass female news celebrities.  He now faces two felony counts of attempting to defraud using personal information and two misdemeanor counts of stalking and repeated harassment.

 
Information Source:
Dataloss DB
records from this breach used in our total: 1,000

April 12, 2006 Ross-Simons
Providence, Rhode Island
BSR HACK

32,000

A security breach exposed account and personal information of those who applied for Ross-Simons' private label credit card. Information exposed includes private label credit card numbers and other personal information of applicants.

 
Information Source:
Dataloss DB
records from this breach used in our total: 32,000

April 12, 2006 Greenpoint Mortgage Funding Inc., KPMG International
Novato, California
BSF PORT

Unknown

Laptop computers were stolen from two employees of KPMG who were working with data from Greenpoint. The laptops are believed to have contained customer names, Social Security numbers and FICO scores. At least 32 people from New York alone were affected by the early March theft. Customers were notified during the middle of April.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

April 10, 2006 Broward County Records Division
Fort Lauderdale, Florida
GOV DISC

Unknown

Broward County public records with Social Security numbers, driver's license information and bank account details were made available online.  The information has been available online for several years.  A new statute that will require county recorders to remove Social Security numbers and financial information from public documents before posting documents online will take effect in 2007.  The sensitive information that has already been posted will eventually be removed. Individuals can speed up the process of having their specific information removed by submitting a written request.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

April 9, 2006 University of Medicine and Dentistry of New Jersey
Newark, New Jersey
EDU HACK

1,850

Hackers accessed Social Security numbers, loan information, and other confidential financial information of students and alumni.

 
Information Source:
Dataloss DB
records from this breach used in our total: 1,850

Breach Total
867,217,832 RECORDS BREACHED
(Please see explanation about this total.)
from 4,257 DATA BREACHES made public since 2005
Showing 4001-4050 of 4257 results


X

Sign In!

Loading