Chronology of Data Breaches
Security Breaches 2005 - Present

Posted Date: April 20, 2005
Updated Date: December 31, 2013

Is this your first visit to our Chronology of Data Breaches?

  • Read our FAQ about what we define as a breached record, how we calculate the "total" records breached, our data sources, state breach notice laws, studies and other resources

  • Learn how to use our Chronology and take advantage of its sophisticated search and sort features

  • Get our RSS Feed to see when we add new breaches to the list

What would you like to do?

Chronology of Data Breaches

Custom Sort
Select your desired results. Then click "Go!"

Click or unclick the boxes then select go.


Select features then click GO. To modify your search, check or uncheck the boxes and click GO.


Reset the checkboxes to the default "all selected."

Help Guide

Can't find the sort feature you're looking for? Click here to download a CSV file of the data breach list as it exisits today.

display_id:page_1

display_id:page_1

Breach Total
816,324,756 RECORDS BREACHED
(Please see explanation about this total.)
from 4,517 DATA BREACHES made public since 2005
Date Made Publicsort ascending Name Entity Type
December 27, 2006 Deaconess Hospital
Evansville, Indiana
MED PHYS

128 patients

A computer missing from the hospital holds personal information, including SSNs, of 128 respiratory therapy patients.

 
Information Source:
Dataloss DB
records from this breach used in our total: 128
December 22, 2006 Texas Woman's University
Dallas, Texas
EDU DISC

15,000 students

Additional locations: Denton and Houston, TX

A document containing names, addresses and SSNs of 15,000 TWU students was transmitted over a non-secure connection.

 
Information Source:
Media
records from this breach used in our total: 15,000
December 22, 2006 Utah Valley State College
Orem, Utah
EDU DISC

15,000

Social Security numbers and other personal information of students and faculty were accessible via Yahoo's search engine. The information was removed from UVSC's servers. Some Distance Education instructors and some students enrolled in UVSC courses between January 2002 and January 2005 were affected.

 
Information Source:
Dataloss DB
records from this breach used in our total: 15,000
December 21, 2006 Hunter College of the City University of New York
New York, New York
EDU DISC

140

The full names and Social Security numbers of certain individuals were on a spreadsheet that an employee emailed to a group of students on November 8. Students were instructed to delete the file after the discovery.  At least 140 New York residents were affected, but the total number of people affected nationwide was not revealed.

 
Information Source:
Dataloss DB
records from this breach used in our total: 140
December 21, 2006 Santa Clara County employment agency
Santa Clara County, California
GOV STAT

2,500

A computer stolen from the agency holds the SSNs of approximately 2,500 individuals.

 
Information Source:
Dataloss DB
records from this breach used in our total: 2,500
December 21, 2006 Goal Financial, LLC
San Diego, California
BSF STAT

34,000

The location listed is the headquarters. It is not clear where the incident took place.

A portion of borrowers' names and Social Security numbers were on four hard drives that were accidentally sold before being wiped clean. Employees transferred more than 7,000 files with consumer information to third parties without authorization, and one employee sold the hard drives to the public surplus. The hard drives were retrieved after the mistake was realized on June 13. Affected individuals were notified in June. The student loan company agreed to settle FTC charges in December. The company violated the FTC's Privacy Rule by failing to take reasonable and appropriate measures to protect personal information.

 
Information Source:
Dataloss DB
records from this breach used in our total: 34,000
December 21, 2006 Wake County Public School System
Raleigh, North Carolina
EDU PORT

3,396

A flash drive that contained employee names and Social Security numbers was misplaced. The flash drive was found two days later.

 
Information Source:
Dataloss DB
records from this breach used in our total: 3,396
December 21, 2006 City University of New York
New York, New York
EDU DISC

96

Confidential data from the University server was accidentally made available through a Google search. The error was discovered on October 17 and faculty, students and staff were affected. The information included full names, Social Security numbers, dates of birth, addresses, email addresses and University library identification card numbers. The copy of the file was removed from Google on October 20.

 
Information Source:
Dataloss DB
records from this breach used in our total: 96
December 21, 2006 New York City Human Resources Administration
Brooklyn, New York
GOV PORT

7,800

Information from the Office of Temporary and Disability Assistance and the New York State Department of Health was exposed.

A hard drive with human resources information was discovered to be missing. The hard drive may have had temporary and disability assistance applicant reports with names, Social Security numbers and dates of birth.

 
Information Source:
Dataloss DB
records from this breach used in our total: 7,800
December 20, 2006 Lakeland Library Cooperative
Grand Rapids, Michigan
GOV DISC

15,000 (No SSNs or financial information reported)

Lakeland Library Cooperative serves 80 libraries in eight counties.

Personal information of 15,000 library users in West Michigan was displayed on the Cooperative's Web site due to a technical problem. Information exposed included names, phone numbers, e-mail addresses, street addresses, and library card numbers. Children's names were also listed along with their parents' names on a spreadsheet document. The information has since been removed.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0
December 20, 2006 Big Foot High School
Walworth, Wisconsin
EDU DISC

87

Personal information was accidentally exposed on the High School's Web site for a short time, perhaps for about 36 minutes, according to a report. Information included last names, SSNs, and birthdates.  Current and former employees were affected.

 
Information Source:
Dataloss DB
records from this breach used in our total: 87
December 20, 2006 Lake County residents and Major League Baseball players
Northbrook, Illinois
BSO PHYS

27 residents of Lake County, 90 Major League Baseball players

A Chicago man apparently removed documents from a trash bin outside SFX Baseball Inc., a sports agency that deals with Major League Baseball. Some current and former MLB players and county residents were affected.He used information from the documents to commit identity theft. Information found during a search of the thief's home included SSNs, dates of birth, canceled paychecks, obituaries, and infant death records.

 
Information Source:
Dataloss DB
records from this breach used in our total: 117
December 20, 2006 Deb Shops, Inc.
Philadelphia, Pennsylvania
BSR HACK

Unknown

(800) 460-9704

A hacker illegally accessed company Web pages and a related data base used for Internet-based purchases. The intruder may have accessed customers' credit card information including names on cards and credit card numbers.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0
December 19, 2006 Mississippi State University
Jackson, Mississippi
EDU DISC

2,400 students and emplolyees

SSNs and other personal information were inadvertently posted on a publicly accessible MSU Web site. The breach was discovered last week and the information has since been removed.

 
Information Source:
Dataloss DB
records from this breach used in our total: 2,400
December 19, 2006 Velocita Wireless, Sprint Nextel
Woodbridge, New Jersey
BSR PORT

255

A laptop from the human resources department was stolen during an office burglary on or around October 24. It contained current and former employee names, dates of birth, Social Security numbers and salary information. Affected individuals were contacted between December 13 and 15.

 
Information Source:
Dataloss DB
records from this breach used in our total: 255
December 15, 2006 University of Colorado, Boulder, Academic Advising Center
Boulder, Colorado
EDU HACK

17,500

http://www.colorado.edu/its/security/awareness/privacy/identitytheft.pdf

A server in the Academic Advising Center was the subject of a hacking attack. Personal information exposed included names and SSNs for individuals who attended orientation sessions from 2002-2004. CU-Boulder has since ceased using SSNs as identifiers for students, faculty, staff, and administrators.

 
Information Source:
Dataloss DB
records from this breach used in our total: 17,500
December 15, 2006 City of Wickliffe
Wickliffe, Ohio
GOV HACK

125 employees

Hackers breached security in one of the city's three computer servers containing personal information on some city employees, including names and SSNs.

 
Information Source:
Dataloss DB
records from this breach used in our total: 125
December 15, 2006 North Bay Regional Center
Napa, California
NGO STAT

3,000

Thieves took 30 computers and electronic devices from the office. Personal information of clients may have been on some of the computers. This included credit card information for some clients.

 
Information Source:
Dataloss DB
records from this breach used in our total: 3,000
December 15, 2006 City University of New York
New York, New York
EDU STAT

445

Two computers were stolen from the York Support Services office. The computers contained databases including full names, Social security numbers and dates of birth.

 
Information Source:
Dataloss DB
records from this breach used in our total: 445
December 15, 2006 LexisNexis, Seisint
Boca Raton, Florida
BSO INSD

618

Unauthorized individuals used the ID and password of a Seisint law enforcement customer to obtain consumers' Social Security numbers, driver's license numbers, names and addresses. The breach was discovered on October 18 and affected individuals were contacted on December 5.

 
Information Source:
Dataloss DB
records from this breach used in our total: 618
December 14, 2006 Electronic Registry Systems
Atlanta, Georgia
MED PORT

63,000

Additional locations: Danville, Pennsylvania, Nashville, TN

On Nov. 23, 2006, two computers (one desktop, one laptop) were stolen from Electronic Registry Systems, a business contractor in suburban Springdale, OH, that provides cancer patient registry data processing services. It contained the personal information (name, date of birth, Social Security number, address, medical record number, medical data and treatment information) of cancer patients from hospitals in Pennsylvania, Tennessee, Ohio and Georgia, dating back to 1977 at some hospitals. Hospitals include Emory Hospital, Emory Crawford Long Hospital, Grady Memorial Hospital, as well as Geisinger Health System (PA) and Williamson Medical Center (TN).

UPDATE(1/14/07): The number of affected patients was increased from 25,000 to over 63,000.

 
Information Source:
Dataloss DB
records from this breach used in our total: 63,000
December 14, 2006 Riverside High School
Durham, North Carolina
EDU DISC

Thousands of school employees (at least 2,000)

Two students discovered a breach in the security of a Durham Public Schools computer as part of a class assignment. They reported to school officials that they were able to access a database containing SSNs and other personal information of thousands of school employees. The home of one student was searched by Sheriff's deputies and the family computer was seized. 

 
Information Source:
Dataloss DB
records from this breach used in our total: 2,000
December 14, 2006 St. Vrain Valley School District
Longmont, Colorado
EDU PHYS

600 students

Paper records containing student information were stolen, along with a laptop, from a nurse's car Nov. 20. Personal information included students' names, dates of birth, names of their schools, what grade they are in, their Medicaid numbers (presumably SSNs), and their parents' names. The laptop contained no personal data.

 
Information Source:
Dataloss DB
records from this breach used in our total: 600
December 14, 2006 Bank of America
Charlotte, North Carolina
BSF INSD

Unknown

A former contractor for Bank of America unauthorizedly accessed the personal information (name, address, phone number, Social Security number) of an undisclosed number of customers, for the purpose of committing fraud.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0
December 13, 2006 Boeing
Seattle, Washington
BSO PORT

382,000 current and former employees

In early December, a laptop was stolen from an employee's car. Files contained names, salary information, SSNs, home addresses, phone numbers and dates of birth of current and former employees.

UPDATE (12/14/06): Boeing fired the employee whose laptop was stolen.

UPDATE(1/26/07): The laptop was recovered.

 
Information Source:
Dataloss DB
records from this breach used in our total: 382,000
December 13, 2006 Seton Health System
Long Island, New York
MED PORT

14

The December 8 theft of a laptop may have exposed clinical and personal information. The information included names, Social Security numbers, addresses, dates of birth, medical record information, telephone number, and insurance information. The laptop was stolen from a Seton Home Health Care nurse's car.

 
Information Source:
Dataloss DB
records from this breach used in our total: 14
December 12, 2006 University of California at Los Angeles (UCLA)
Los Angeles, California
EDU HACK

800,000

Affected individuals can call UCLA at (877) 533-8082, http://www.identityalert.ucla.edu

Hacker(s) gained access to a UCLA database containing personal information on current and former students, current and former faculty and staff, parents of financial aid applicants, and student applicants, including those who did not attend. Exposed records contained names, SSNs, birth dates, home addresses, and contact information. About 3,200 of those notified are current or former staff and faculty of UC Merced and current and former staff of UC's Oakland headquarters.

 
Information Source:
Media
records from this breach used in our total: 800,000
December 12, 2006 University of Texas, Dallas
Dallas, Texas
EDU HACK

35,000

Affected individuals can call (972) 883-4325, http://www.utdallas.edu/datacompromise/form.html

The University discovered that personal information of current and former students, faculty members, and staff may have been exposed by a computer network intrusion -- including names, SSNs, home addresses, phone numbers and e-mail addresses.

UPDATE (12/14/06): The number of people affected was first thought to be 5,000, but was increased to 6,000.

UPDATE (01/19/07): Officials now say 35,000 individuals may have been exposed.

 
Information Source:
Dataloss DB
records from this breach used in our total: 35,000
December 12, 2006 Aetna, Nationwide, WellPoint Group Health Plans, Humana Medicare, Mutual of Omaha Insurance Company, Anthem Blue Cross Blue Shield via Concentra Preferred Systems
Dayton, Ohio
MED PORT

396,279

A lockbox holding personal information of health insurance customers was stolen Oct. 26. Thieves broke into an office building occupied by insurance company vendor, Concentra Preferred Systems. The lockbox contained computer backup tapes of medical claim data for Aetna and other Concentra health plan clients. Exposed data includes member names, hospital codes, and either SSNs or Aetna member ID numbers. SSNs of 750 medical professionals were also exposed. Officials downplay the risk by stating that the tapes cannot be used on a standard PC.

UPDATE (12/23/06): The lockbox also contained tapes with personal information of 42,000 NY employees insured by Group Health Insurance Inc.)

UPDATE(1/24/07): Personal data of 28,279 Nationwide's Ohio customers were also compromised.  2/11/10 Total changes to 396,279 to reflect final total of records breached in all of the affected companies.

 
Information Source:
Dataloss DB
records from this breach used in our total: 396,279
December 9, 2006 Home Finance & Mortgage, Inc.
Cornelius, North Carolina
BSF PHYS

146

The company dumped files containing names, addresses, Social Security numbers, credit card numbers, and bank account numbers of people who had applied for mortgage loans. Home Finance and its owners have agreed to pay the State of NC $3,000 for their violations.

 
Information Source:
Dataloss DB
records from this breach used in our total: 146
December 9, 2006 Virginia Commonwealth University (VCU)
Richmond, Virginia
EDU DISC

561 students

Personal information of 561 students was inadvertently sent as attachments on Nov. 20 in an e-mail, including names, SSNs, local and permanent addresses and grade-point averages. The e-mail was sent to 195 students to inform them of their eligibility for scholarships.

 
Information Source:
Dataloss DB
records from this breach used in our total: 561
December 8, 2006 Segal Group of New York, via a Vermont state agency website
Montpelier, Vermont
BSO DISC

1,100

Names and SSNs of several hundred physicians, psychologists and other health care providers were mistakenly posted online by Segal Group, a contractor hired by the state to put its health management contract out for bid. The information was posted from May 12 to June 19. It was discovered when a doctor found her own SSN online.  A Vermont state agency used to call for bids on state contracts was involved.  

UPDATE (1/14/07): SSNS of more than 1,100 doctors, psychothereapists and other health professionals were exposed.

 
Information Source:
Dataloss DB
records from this breach used in our total: 1,100
December 8, 2006 Experian, BMA Credit Union
Mesquite, Texas
BSF INSD

46

46

An unauthorized Experian client accessed consumer personal information. The information included name, Social Security number and address. At least 46 New York residents were affected, but the total number nationwide was not revealed.

 
Information Source:
Dataloss DB
records from this breach used in our total: 46
December 7, 2006 CIGNA HealthCare Corp
Pittsburgh, Pennsylvania
MED INSD

Unknown

A former employee used customer credit card information.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0
December 7, 2006 Cornell University
Ithica, New York
EDU PORT

210

A laptop was stolen from an employee. Names and Social Security numbers were on the computer.

 
Information Source:
Dataloss DB
records from this breach used in our total: 210
December 6, 2006 Premier Bank
Columbia , Missouri
BSF PHYS

1,800 customers

 Headquarters in Jefferson City, MO

A report was stolen the evening of Nov. 16 from the car of the bank's VP and CFO while employees were celebrating an award received by the bank. The document contained names and account numbers of customers, but reportedly no SSNs.

 
Information Source:
Dataloss DB
records from this breach used in our total: 1,800
December 5, 2006 Army National Guard 130th Airlift Wing
Charleston, West Virginia
GOV PORT

Unknown

A laptop was stolen from a member of the unit while he was attending a training course. It contained names, SSNs, and birth dates of everyone in the 130th Airlift Wing.

 
Information Source:
Media
records from this breach used in our total: 0
December 5, 2006 Nassau Community College
Garden City, New York
EDU PHYS

21,000

A printout is missing that contains information about each of NCC's 21,000 students, including names, SSNs, addresses, and phone numbers. It disappeared from a desk in the Student Activities Office.

 
Information Source:
Dataloss DB
records from this breach used in our total: 21,000
December 3, 2006 City of Grand Prairie
Grand Prairie, Texas
GOV DISC

hundreds of employees (at least 200)

Employees of the city of Grand Prairie were notified that personal records were exposed on the city's website for at least a year. Included were the names and SSNs of hundreds of employees. The information has since been removed. The city had been working with a contractor on a proposal for workers' compensation insurance. Along with the proposal, names and SSNs were mistakenly listed.

 
Information Source:
Dataloss DB
records from this breach used in our total: 200
December 1, 2006 TD Ameritrade
Omaha, Nebraska
BSF PORT

300

 (201) 369-8373

According to a letter sent to around 300 current and former employees, a laptop was removed (presumably stolen) from the office Oct. 18, 2006, that contained unencrypted information including names, addresses, dates of birth, and SSNs.

 
Information Source:
Dataloss DB
records from this breach used in our total: 300
December 1, 2006 First Banks Inc
Louisville, Kentucky
BSF PORT

Unknown

A laptop was stolen from the locked office of an employee during a nighttime burglary on November 20. Loan applications, financial statements and credit reports with client names, addresses and Social Security numbers were on the laptop. At least two New York residents were affected, but the total number of affected clients nationwide was not revealed.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0
November 30, 2006 Pennsylvania Department of Transportation (PennDOT)
Dunmore, Pennsylvania
GOV STAT

11,384

Affected individuals can call (800) PENNDOT if you have questions.

Thieves stole equipment from a driver's license facility late evening Nov. 28, including computers containing personal information on more than 11,000 people. Information included names, addresses, dates of birth, driver's license numbers and both partial and complete SSNs (complete SSNs for 5,348 people). Also stolen were supplies used to create drivers licenses and photo IDs. The state maintains 97 driver's license facilities.

 
Information Source:
Dataloss DB
records from this breach used in our total: 11,384
November 30, 2006 TransUnion Credit Bureau, Kingman, AZ, court office
Chester, Pennsylvania
BSF HACK

1,700

Four different scam companies downloaded the credit information of more than 1,700 individuals, including their credit histories and SSNs. They were able to illegitimately obtain the password to the TransUnion account held by the Kingman, AZ, court office, which apparently has a subscription to the bureau's services.

 
Information Source:
Dataloss DB
records from this breach used in our total: 1,700
November 29, 2006 Gundersen Lutheran Medical Center
LaCrosse, Wisconsin
MED INSD

unknown

A Medical Center employee used patient information, including SSNs and dates of birth, to apply for credit cards in their names. As patient liaison, her duties included insurance coverage, registration, and scheduling appointments. She was arrested for 37 counts of identity theft, and was convicted of identity theft and uttering forged writing, according to the criminal complaint.

 
Information Source:
Media
records from this breach used in our total: 0
November 29, 2006 Computershare Shareholder Services Inc., Republic Bank Limited
Providence, Rhode Island
BSF DISC

90

Shareholders of Republic Bank Limited were mailed letters with their Social Security numbers visible through the address window of the envelope. Computershare is the registered transfer agent for Republic Bank common stock.

 
Information Source:
Dataloss DB
records from this breach used in our total: 90
November 28, 2006 Kaiser Permanente Colorado-- Skyline and Southwest offices
Denver, Colorado
MED PORT

38,000 (No SSNs or financial information reported)

 For members who have questions: (866) 529-0813

A laptop was stolen from the personal car of a Kaiser employee in California on Oct. 4. It contained names, Kaiser ID number, date of birth, gender, and physician information. The data did not include SSNs.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0
November 28, 2006 California State University, Los Angeles (Cal State LA), Charter College of Education
Los Angeles, California
EDU PORT

2,534

(800) 883-4029

An employee's USB drive was inside a purse stolen from a car trunk. It contained personal information on 48 faculty members and more than 2,500 students and applicants of a teacher credentialing program. Information included names, SSNs, campus ID numbers, phone numbers, and e-mail addresses.

 
Information Source:
Dataloss DB
records from this breach used in our total: 2,534
November 27, 2006 Johnston County, NC
Johnston County, North Carolina
GOV DISC

About 39,000 North Carolina residents

Personal data, including SSNs, of thousands of taxpayers, were inadvertently posted on the county web site. The information was removed from the site within an hour after officials became aware of the situation.

 
Information Source:
Dataloss DB
records from this breach used in our total: 39,000
November 27, 2006 Greenville County School District
Greenville, South Carolina
EDU STAT

At least 101,000 students and employees

School district computers sold to the WH Group at auctions between 1999 and early 2006 contained the birth dates, SSNs, driver's license numbers and Department of Juvenile Justice records of approximately 100,000 students. The computers also held sensitive data for more than 1,000 school district employees.

UPDATE(12/10/06): A judge ordered the WH Group to return the computers and the confidential data on them to the school district.

 
Information Source:
Dataloss DB
records from this breach used in our total: 101,000
November 27, 2006 Chicago Public Schools via All Printing & Graphics, Inc.
Chicago, Illinois
EDU DISC

1,740 former Chicago Public School employees

A company hired to print and mail health insurance information to former Chicago Public School employees mistakenly included a list of the names, addresses and SSNs of the nearly 1,740 people receiving the mailing. Each received the 125-page list of the 1,740 former employees.

 
Information Source:
Dataloss DB
records from this breach used in our total: 1,740
Breach Total
816,324,756 RECORDS BREACHED
(Please see explanation about this total.)
from 4,517 DATA BREACHES made public since 2005

Pages

Showing 3901-3950 of 4517 results