A List of Data Breaches

A data breach can be defined as the unauthorized disclosure of information, compromising the security, confidentiality, or integrity of personally identifiable information.  This could include personal information such as social security numbers, name & address, bank accounts or classified company information such as financial reports and intellectual property.

In 2006, companies spent nearly $5 million to recover from lost or stolen data (Source: NetworkWorld.com). Data breaches involving the personal information of individuals occur through no fault of the consumers themselves, but rather through the mismanagement of information or lack of effective data security by the organizations that store/use the information in the course of business.

While some data breaches occur as a result of stolen laptops or lost computer hardware, the list below provides resources and information related to breaches where data was stolen from databases--where users (authorized or unauthorized) obtained access to the data via corporate networks. 

This list is updated on a regular basis. The breaches are listed in reverse chronological order.

Data Breaches: A list of data breaches in 2007.  Note that this list is based on the chronology of data breaches by Privacy Rights Clearinghouse and The Breach Blog.

Click any link to jump to the data breach of interest or access the main list of data breaches.

• Citibank (New York City, NY) (6/19/2008)
• 1st Source Bank (South Bend, IN) (6/10/2008)
• Oregon State University (Corvallis, OR) (6/3/2008)
• Walter Reed Army Medical Center (Washington, DC) (6/2/2008)
• Pocono Mountain School District (Swiftwater, PA) (5/31/2008)
• University of California at San Francisco (San Francisco, CA) (5/28/2008)
• LPL Financial (Boston, MA) (5/20/2008)
• Downingtown Area School District (Downingtown, PA) (5/16/2008)
• Oklahoma State University (Stillwater, OK) (5/14/2008)
• University of Colorado (Boulder, CO) (4/25/2008)
• Baltimore Highway Administration (Baltimore, MD) (4/25/2008)
• WiseBuys Stores, Inc. (Canton, NY) (4/25/2008)
• Fishback Financial Corp. (Brookings, SD) (4/22/2008)
• LendingTree, LLC (Charlotte, NC) (4/21/2008)
• University of Massachusetts (Amherst, MA) (4/18/2008)
• Stryker Corporation (Kalamazoo, MI) (4/17/2008)
• First Federal Bank of California (Los Angeles, CA) /
  Fiserv, Inc. (Brookfield, WI) (4/15/2008)
• Williamsville Central School District (Williamsville, NY) (4/12/2008)
• New York Presbyterian Hospital /
  Weill Cornell Medical Center (New York, NY) (4/11/2008)
• Joliet West High School (Joliet, IL) (4/1/2008)
• Okemo Mountain Resort (Ludlow, VT) (3/31/2008)
• Advance Auto Parts, Inc. (Roanoke, VA) (3/31/2008)
• Illinois Eye Center (Peoria, IL) (3/28/2008)
• Antioch University (Yellow Springs, OH) (3/28/2008)
• Broward County Public Schools (Coconut Creek, FL) (3/26/2008)
• Western Carolina University (Cullowhee, NC) (3/22/2008)
• U.S. Department of State (3/22/2008)
• Wolters Kluwer (New Hampshire) (3/22/2008)
• Lasell College (Newton, MA) (3/20/2008)
• The Dental Network (New Hampshire) (3/19/2008)
• Hannaford (Portland, ME) (3/17/2008)
• Utah Division of Finance (Salt Lake City, UT) (3/15/2008)
• Harvard University (Cambridge, MA) (3/12/2008)
• MTV Networks (Los Angeles, CA) (3/8/2008)
• Tenet Healthcare Corporation (Dallas, TX) (2/14/2008)
• Davidson Companies (Great Falls, MT) (1/30/2008)
• OmniAmerican Bank (Fort Worth, TX) (1/24/2008)
• Baylor University (Waco, TX) (1/23/2008)
• California State University, Stanislaus (Turlock, CA) (1/12/2008)
• University of Georgia (Athens, GA) (1/8/2008)
• Geeks.com (Oceanside, CA) (1/7/2008)
• Robotic Industries Association (Ann Arbor, MI) (1/3/2008)
• Franklin County Municipal Court (Columbus, OH) (12/21/2007)
• KimsCrafts (Topsham, ME) (12/14/2007)
• Dixie State College (St George, UT) (10/23/2007)
• Bates College (Lewiston, ME) (10/23/2007)
• Montana State University (Bozeman, MT) (10/13/2007)
• Pembroke Schools (Pembroke, MA) (10/9/2007)
• The Nature Conservancy (10/2/2007)
• TD Ameritrade Holding Corp. (Omaha, NE) (9/14/2007)
• University of South Carolina (Columbia, SC) (9/6/2007)
• Monster.com (8/23/2007)
• Sky Lakes Medical Center / Verus Inc. (Klamath Falls, OR.) (8/15/2007)
• Wabash Valley Correctional Facility (Indianapolis, IN) (8/3/2007)
• City Harvest (New York, NY) (7/27/2007)
• Fox News (7/23/2007)
• University of Michigan (7/21/2007)
• Western Union (7/17/2007)
• University of California, Davis (6/27/2007)
• University of Iowa (6/8/2007)
• University of Virginia (6/8/2007)
• University of Colorado, Boulder (5/22/2007)
• Illinois Dept of Financial and Professional Regulation (5/19/2007)
• Goshen College (5/12/2007)
• University of Missouri (5/8/2007)
• Georgia Institute of Technology (2/21/2007)
• Iowa Dept. of Education (2/14/2007)
• Radford University, Waldron School of Health and Human Services (2/9/2007)
• University of Missouri, Research Board Grant Application System (2/2/2007)
• TJ Stores (TJX) (1/17/2007)

For individuals affected by a data breach incident

• Learn more about data breach disclosure
• Data breach disclosure legislation in your state (PDF)