Chronology of Data Breaches
Security Breaches 2005 - Present

Posted Date: April 20, 2005
Updated Date: December 31, 2013

Is this your first visit to our Chronology of Data Breaches?

  • Read our FAQ about what we define as a breached record, how we calculate the "total" records breached, our data sources, state breach notice laws, studies and other resources

  • Learn how to use our Chronology and take advantage of its sophisticated search and sort features

  • Get our RSS Feed to see when we add new breaches to the list

What would you like to do?


Click or unclick the boxes then select go.


Select features then click GO. To modify your search, check or uncheck the boxes and click GO.


Reset the checkboxes to the default "all selected."

Help Guide

Can't find the sort feature you're looking for? Click here to download a CSV file of the data breach list as it exisits today.

display_id:page_1

display_id:page_1

Breach Total
816,324,756 RECORDS BREACHED
(Please see explanation about this total.)
from 4,517 DATA BREACHES made public since 2005
Date Made Publicsort ascending Name Entity Type
July 27, 2006 Kaiser Permanente Northern California Office
Oakland, California
MED PORT

160,000 records. Because the data file did not include SSNs, this number is not added to the total below.

(866) 453-3934

A laptop was stolen containing names, phone numbers, and the Kaiser number for each HMO member. The data file did not include SSNs. The data was being used to market Hearing Aid Services to Health Plan members.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0
July 27, 2006 Los Angeles County Department Community Senior Services
Los Angeles, California
GOV PORT

Unknown

In May, a laptop was stolen from the home of a community and senior services employee. It contained information on LA County employees.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0
July 27, 2006 Los Angeles County, Community Development Commission (CDC)
Monterey Park, California
GOV HACK

4,800 records (No SSNs or financial information reported)

Earlier in July, a computer hacker located in Germany gained access to the CDC's computer system, containing personal information on 4,800 public housing residents.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0
July 27, 2006 Los Angeles County, Adult Protective Services
Burbank, California
GOV PORT

Unknown

Last weekend 11 laptops were stolen from the Burbank office. It is not clear what type of personal information was included.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0
July 26, 2006 U.S. Navy recruitment offices
Trenton, New Jersey
GOV PORT

31,000 records were stolen, with about 4,000 containing SSNs. The latter number is included in the total below.

Additional location: Jersey City, NJ

Two laptop computers with information on Navy recruiters and applicants were stolen in June and July. Also included was information from selective service and school lists. About 4,000 records contained SSNs. Files were password protected.

 
Information Source:
Dataloss DB
records from this breach used in our total: 4,000
July 26, 2006 West Virginia Division of Rehabilitation Services
Beckley, West Virginia
GOV PORT

Unknown

A laptop was stolen July 24 containing clients' names, addresses, SSNs, and phone numbers. Data was password protected.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0
July 25, 2006 Armstrong World Industries, Deloitte & Touche
Lancaster County, Pennsylvania
BSO PORT

12,000

A laptop containing personal information of current and former employers was stolen. The computer was in the possession of the company's auditor, Deloitte & Touche. Data included names, home addresses, phone numbers, SSNs, employee ID numbers, salary data, and bank account numbers of employees who have their checks directly deposited.

 
Information Source:
Dataloss DB
records from this breach used in our total: 12,000
July 25, 2006 Belhaven College
Jackson, Michigan
EDU PORT

300

An employee carrying a laptop was robbed at gunpoint on July 19 while walking to his car. The computer contained the names and SSNs of college employees.

 
Information Source:
Dataloss DB
records from this breach used in our total: 300
July 25, 2006 Georgetown University Hospital
Washington, District Of Columbia
MED DISC

between 5,600 and 23,000 patients were affected (23,000 added to total below)

Patient data was exposed online via the computers of an e-prescription provider, InstantDx. Data included names, addresses, SSNs, and dates of birth, but not medical or prescription data. GUH suspended the trial program with InstantDX.

 
Information Source:
Dataloss DB
records from this breach used in our total: 23,000
July 25, 2006 Old Mutual Capital Inc., subsidiary of United Kingdom-based financial services firm Old Mutual PLC
Kansas City, Missouri
BSF PORT

6,500 fund shareholders

Laptop was stolen sometime in May containing personal information of U.S. clients, including names, addresses, account numbers and some SSNs.

 
Information Source:
Dataloss DB
records from this breach used in our total: 6,500
July 25, 2006 Cablevision Systems Corp., ACS, FedEx
Bethpage, New York
BSO PORT

13,700 current and former employees

Additional locations: Dallas, TX, Connecticut, New Jersey and New York

A tape en route to the company's 401(k) plan record-keeper ACS was lost when shipped by FedEx to Dallas, TX. No customer data was on the tape.

 
Information Source:
Dataloss DB
records from this breach used in our total: 13,700
July 24, 2006 New York City Department of Homeless Services
New York, New York
GOV DISC

8,400

The personal information of 8,400 homeless persons, including SSNs, was leaked in an e-mail attachment July 21, when accidentally sent to homeless advocates and city officials.

 
Information Source:
Dataloss DB
records from this breach used in our total: 8,400
July 24, 2006 Wolters Kluwer
Torrance, California
BSO PORT

8,500

A laptop with Social Security numbers, addresses, and some health plan information for current and former employees was stolen from a docking station at a private office on or around May 29. The laptop may have also included bank account information for 600 employees who had joined the company during 2006. Employees were notified in July.

 
Information Source:
Dataloss DB
records from this breach used in our total: 8,500
July 24, 2006 Heritage Centers
Buffalo, New York
MED PHYS

31

An employee's briefcase was stolen from her car on June 18. The briefcase contained a list of the names, addresses, Social Security numbers, phone numbers, dates of birth and genders of 31 individuals.

 
Information Source:
Dataloss DB
records from this breach used in our total: 31
July 19, 2006 Group 1 Automotive Inc, Weinstein Spira & Company, P.C.
Houston, Texas
BSF PORT

14,000

Five laptops were stolen from a Weinstein Spira office sometime between the night of July 10 and the morning of July 11.  The laptops contained personal information of clients and the employees of clients. Names, addresses, Social Security numbers and financial data were accessed. 

 
Information Source:
Dataloss DB
records from this breach used in our total: 14,000
July 18, 2006 Nelnet Inc., UPS
Lincoln, Nebraska
BSO PORT

188,000

(800) 552-7925

A computer tape containing personal information of student loan customers and parents, mostly from Colorado, was lost when shipped via UPS. The loans were previously serviced by College Access Network between November 1, 2002 and May 31, 2006.

 
Information Source:
Dataloss DB
records from this breach used in our total: 188,000
July 18, 2006 CS Stars, subsidiary of insurance company Marsh Inc.
Chicago, Illinois
BSF STAT

722,000

On May 9, CS Stars lost track of a personal computer containing records of more than a half million New Yorkers who made claims to a special workers' comp fund. The lost data includes SSNs and date of birth but apparently no medical information.

UPDATE (7/26/06): Computer was recovered.

UPDATE (04/26/07): The New York Attorney General's office found that CS Stars violated the state's security breach law. CS Stars must pay the Attorney General's office $60,000 for investigation costs. It was determined that the computer had been stolen by an employee of a cleaning contractor, the missing computer was located and recovered, and that the data on the missing computer had not been improperly accessed.

 
Information Source:
Security Breach Letter
records from this breach used in our total: 722,000
July 18, 2006 U.S. Department of Agriculture
Wellington, Kansas
GOV PORT

350

A laptop computer and a printout containing names, addresses and SSNs of 350 employees was stolen from an employee's car and later recovered.

 
Information Source:
Dataloss DB
records from this breach used in our total: 350
July 17, 2006 Vassar Brothers Medical Center
Poughkeepsie, New York
MED PORT

257,800 (revised to 0)

(845) 483-6990

An analysis by Kroll later determined that the laptop contained no personal information, though 257,800 patients were initially notified.  This number is not included in the total below.

Laptop was stolen from the emergency department between June 23-26. It contained information on patients dating back to 2000, including SSNs and dates of birth.

UPDATE (10/5/06) Private investigators determined the laptop did not contain personally identifiable patient information.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0
July 16, 2006 Mississippi Secretary of State
Jackson, Mississippi
GOV DISC

Among the 2 million postings are "thousands" containings SSNs

The state agency's web site listed 2 million+ Uniform Commercial Code (UCC) filings in which thousands of individuals' SSNs were exposed.

 
Information Source:
Dataloss DB
records from this breach used in our total: 2,000
July 16, 2006 Columbia University
New York, New York
EDU STAT

78

On or around July 7, a computer was stolen from campus.  The hard drive contained names, Social Security numbers, passport/visa numbers, tax identification numbers, home and business addresses, telephone contacts and email contacts.

 
Information Source:
Dataloss DB
records from this breach used in our total: 78
July 14, 2006 Northwestern University
Evanston, Illinois
EDU HACK

17,000

(888) 209-0097. http://www.northwestern.edu/newscenter/stories/2006/07/data.html 

Files containing names and some personal information including SSNs were on 9 desktop computers that had been accessed by unauthorized persons outside the University. The computers were in the Office of Admissions and Financial Aid.

 
Information Source:
Dataloss DB
records from this breach used in our total: 17,000
July 14, 2006 University of Iowa
Davenport, Iowa
EDU PORT

280

Laptop computer containing personal information of current and former MBA students was stolen. Data files included SSNs and some contact info.

 
Information Source:
Dataloss DB
records from this breach used in our total: 280
July 14, 2006 California Polytechnic State University (Cal Poly)
San Luis Obispo, California
EDU PORT

3,020 students

Call (805) 756-2226 or (805) 756-2171

Laptop computer was stolen from the home of a physics department professor July 3. It included names and SSNs of physics and astronomy students from 1994-2004.

 
Information Source:
Security Breach Letter
records from this breach used in our total: 3,020
July 14, 2006 Hampton Circuit Court Clerk - Treasurer's computer
Hampton, Virginia
GOV DISC

Over 100,000 records (The number containing SSNs is not known yet and not included in total below.)

Public computer in city government building containing taxpayer information was found to display SSNs of many residents -- those who paid personal property and real estate taxes. It was shut down and confiscated by the police on July 12th.

UPDATE (7/27/2006) Investigation concluded that the data was exposed due to software problem.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0
July 13, 2006 Moraine Park Technical College
Beaver Dam, Wisconsin
EDU PORT

1,500

Additional locations: Fond du Lac and West Bend, WI

Computer disk (CD) with personal information of 1,500 students was reported missing. Information includes names, addresses, phone numbers & SSNs of apprenticeship students back to 1993.

 
Information Source:
Dataloss DB
records from this breach used in our total: 1,500
July 13, 2006 New York State Department of Motor Vehicles (DMV), New York State Thruway Authority
, New York
GOV INSD

57 (No SSNs or financial information reported)

A Thruway employee performed searches of DMV records without authorization. The discovery was made on December 27, but the length of time this employee engaged in the behavior was not reported. The employee had access to all the information contained on driver's licenses.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0
July 7, 2006 University of Tennessee
Knoxville, Tennessee
EDU HACK

36,000

(866) 748-1680, http://security.tennessee.edu.  Additional locations: Chattanooga, Martin, Tullahoma and Memphis, TN

Hacker broke into a UT computer containing names, addresses and SSNs of about 36,000 past and current employees. The intruder used the computer from Aug. '05 to May '06 to store and transmit movies.

 
Information Source:
Dataloss DB
records from this breach used in our total: 36,000
July 7, 2006 National Association of Securities Dealers (NASD)
Boca Raton, Florida
BSF PORT

73

Ten laptops were stolen on Feb. 25 '06 from NASD investigators. They included SSNs of securities dealers who were the subject of investigations involving possible misconduct. Inactive account numbers of about 1,000 consumers were also contained on laptops.

 
Information Source:
Dataloss DB
records from this breach used in our total: 73
July 7, 2006 Naval Safety Center, United States Navy
Norfolk, Virginia
GOV DISC

100,000

The SSNs and other personal information of more than 100,000 naval and Marine Corps aviators and air crew, both active and reserve, were exposed on the Center website and on 1,100 computer discs mailed to naval commands.

 
Information Source:
Dataloss DB
records from this breach used in our total: 100,000
July 7, 2006 Montana Public Health and Human Services Department
Helena, Montana
MED STAT

Unknown

A state government computer was stolen from the office of a drug dependency program during a 4th of July break-in. It was not known if sensitive information such as SSNs was compromised.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0
July 7, 2006 City of Hattiesburg
Hattiesburg, Mississippi
GOV STAT

thousands of city workers and contractors (at least 2,000)

Video surveillance cameras caught 2 intruders stealing hard drives from 18 computers June 23. Data files contained names, addresses, and SSNs of current and former city employees and registered voters as well as bank account information for employees paid through direct deposit and water system customers who paid bills electronically.

 
Information Source:
Dataloss DB
records from this breach used in our total: 2,000
July 6, 2006 Automatic Data Processing (ADP)
Roseland, New Jersey
BSO UNKN

0

Payroll service company ADP gave scam-artist names, addresses, and number of shares held of investors, although apparently not SSNs or account numbers. The leak occurred from Nov. '05 to Feb. '06 and involved individual investors with 60 companies including Fidelity, UBS, Morgan Stanley, Bear Stearns, Citigroup, Merrill Lynch. Hundreds of thousands of investors may have been affected.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0
July 5, 2006 Bisys Group Inc.
Roseland, New Jersey
BSF PORT

61,000

Personal details about 61,000 hedge fund investors were lost when an employee's truck carrying backup tapes was stolen. The data included SSNs of 35,000 individuals. The tapes were being moved from one Bisys facility to another on June 8 when the theft occurred.

 
Information Source:
Dataloss DB
records from this breach used in our total: 61,000
July 5, 2006 RBS National Bank, Asset Acceptance LLC
Bridgeport, Connecticut
BSF PORT

1,221

A laptop was stolen from an Asset Acceptance LLC employee's car on June 19.  The laptop contained information from RBS National Bank.  Customer names, addresses, Social Security numbers, phone numbers and loan information may have been accessed.

 
Information Source:
Dataloss DB
records from this breach used in our total: 1,221
July 5, 2006 Columbia University
New York, New York
EDU DISC

98

An emergency contact list from the Columbia University School of International and Public Affairs was posted on an unsecure website on August 2005.  Names, business and home phone numbers, addresses, emergency contact person and Social Security numbers were available.

 
Information Source:
Dataloss DB
records from this breach used in our total: 98
July 1, 2006 American Red Cross, Farmers Branch
Dallas, Texas
NGO PORT

Unknown

Sometime in May, three laptops were stolen, one of them containing encrypted personal information including names, SSNs, dates of birth, and medical information of all regional donors. They also report losing a laptop with encrypted donor information in June 2005.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0
June 30, 2006 U.S. Department of Veteran Affairs
Washington, District Of Columbia
GOV PORT

16,500

A data tape disappeared from a VA facility in Indianapolis, IN that contained information on legal cases involving U.S. veterans and included veterans' Social Security numbers, dates of birth and legal documents.

UPDATE (10/11/06): The VA's Office of the General Counsel is offering identity theft protection services to those affected by the missing tape.

 
Information Source:
Dataloss DB
records from this breach used in our total: 16,500
June 30, 2006 National Institutes of Health Federal Credit Union
Rockville, Maryland
BSF UNKN

Very few of 41,000 members affected [not included in total]

NIHFCU and law enforcement are investigating the identity theft of some of its 41,000 members. No details were given on the type of information stolen, or how it was stolen.

 
Information Source:
Media
records from this breach used in our total: 41,000
June 30, 2006 Washington Regional Medical Center
Fayetteville, Arkansas
GOV PORT

5,000

A computer from the Human Resources Division of Washington Regional Medical Center was stolen on April 14. The computer was stolen from the employee's office during a 45 minute absence. Current and former employees may have had their personal information exposed.

 
Information Source:
Dataloss DB
records from this breach used in our total: 5,000
June 29, 2006 AllState Insurance Huntsville branch
Huntsville, Alabama
BSF STAT

27,000

Over Memorial Day weekend, a computer containing personal data including images of insurance policies, correspondence and Social Security numbers was stolen.

 
Information Source:
Dataloss DB
records from this breach used in our total: 27,000
June 29, 2006 Nebraska Treasurer's Office
Lincoln, Nebraska
GOV HACK

309,000

A hacker broke into a child-support computer system and may have obtained names, Social Security numbers and other information such as tax identification numbers for 9,000 businesses.

 
Information Source:
Dataloss DB
records from this breach used in our total: 309,000
June 29, 2006 Minnesota Department of Revenue
St. Paul, Minnesota
GOV PORT

50,400

http://www.taxes.state.mn.us/taxes/publications/press_releases/content/taxpayer_information.shtml

On May 16, a package containing a data tape used to back up the regional office's computers went missing during delivery. The tape contained personal information including individuals' names, addresses, and Social Security numbers.

UPDATE (7/20/06): The package was reported delivered 2 months later, but apparently had been temporarily lost by the U.S. Postal Service.

 
Information Source:
Dataloss DB
records from this breach used in our total: 50,400
June 27, 2006 Government Accountability Office (GAO)
Washington, District Of Columbia
GOV DISC

Fewer than 1,000 [1,000 used in total]

Data from audit reports on Defense Department travel vouchers from the 1970s were inadvertently posted online and included some service members' names, Social Security numbers and addresses. The agency has subsequently removed the information.

 
Information Source:
Dataloss DB
records from this breach used in our total: 1,000
June 27, 2006 Empire Beauty School Inc.
Brooklyn, New York
EDU PHYS

1,132

The June 20 theft of a briefcase from an administrative employee's vehicle caused reports with the names and Social Security numbers of former students to be lost. A laptop was also stolen during the burglary, but it is unlikely that it had personal information.

 
Information Source:
Dataloss DB
records from this breach used in our total: 1,132
June 27, 2006 University of Rochester
Rochester, New York
EDU DISC

286

Former students' names and Social Security numbers were accidentally placed on a publicly accessible web page. Names, Social Security numbers and some standardized test scores were posted. The information was removed after the discovery and it appears that the information on the web page was accessed only once, on June 12 2006.

 
Information Source:
Dataloss DB
records from this breach used in our total: 286
June 27, 2006 Maimonides Medical Center, Vision Financial Corp.
Harrison, New York
MED PORT

560

On June 9, an employee of Maimonides' contractor Vision Financial was robbed of personal belongings and a laptop that contained client information. Names, Social Security numbers, addresses, birth dates and amount owed to the Maimonides may have been exposed.

 
Information Source:
Dataloss DB
records from this breach used in our total: 560
June 26, 2006 AAAAA Rent-A-Space
Colma, California
BSO DISC

13,000

Customer's account information including name, address, credit card, and Social Security number was easily accessible due to a security gap in AAAAA's online payment system.

 
Information Source:
Dataloss DB
records from this breach used in our total: 13,000
June 26, 2006 King County Elections
Seattle, Washington
GOV DISC

Unknown

Public election records with Social Security numbers were made available online. Like in other counties, individuals can request that their specific information be removed by submitting a written request.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0
June 24, 2006 Catawba County Schools
Newton, North Carolina
EDU UNKN

619

On June 22, it was discovered that a web site posted names, Social Security numbers, and test scores of students who had taken a keyboarding and computer applications placement test during the 2001-02 school year.

UPDATE:The web site containing the data has been removed.

 
Information Source:
Dataloss DB
records from this breach used in our total: 619
Breach Total
816,324,756 RECORDS BREACHED
(Please see explanation about this total.)
from 4,517 DATA BREACHES made public since 2005

Pages

Showing 4151-4200 of 4517 results