- Why do we maintain this Chronology of Data Breaches?
- What should you do if your personal information has been exposed in a data breach?
- Is the Chronology of Data Breaches an exhaustive list of data breaches?
- How do we determine which data breaches to include in the Chronology?
- Is it accurate to say that the number of records breached reflects the number of individuals affected by the breach?
- Do we make all of our Chronology data available in downloadable format?
- Copyright and research use.
We maintain this Chronology of Data Breaches as a source of information to assist in research involving reported data breaches from 2005 to present.
Read our guide, What to Do When You Receive a Data Breach Notice.
No, we are not able to list every data breach. Many organizations are not aware they’ve been breached or are not required to report it based on reporting laws. Our Chronology is limited to data breaches reported in the U.S. If a data breach affects individuals in other countries, it is included here only if individuals in the U.S. are also affected.
Our Chronology reflects data breaches and the number of records breached reported through either government agencies or verifiable media sources.
If the number of records breached is unknown, we note that as a "0" in our Chronology. Additionally, as the number of records breached will often change over time as an organization investigates the data breach, we continue to update the number of records breached accordingly.
Not always. The number of records breached does not necessarily indicate the number of people affected. One person may have multiple records breached in a single data breach by having multiple accounts within the affected organization (i.e. multiple email accounts with a single provider).
We no longer report two numbers due to the ever-changing definitions of personal information and lack of consensus amongst states and sectors. Starting October 30, 2017, we record the number of records breached in all breaches we find reported in the media and through government agencies.
Yes, we provide the ability to download our data as a CSV file that can be used to create a spreadsheet. Once you have conducted a search, click on the orange button that says "Download Data Breach File."
PRC strongly believes in the spirit of sharing information and access to knowledge, and we encourage use and re-use of our data. We license everything on our website under the permissive Creative Commons 4.0 Attribution Non-Commercial Share-Alike (CC-BY-NC-SA) open license. This means that you are free to use our content in any non-commercial use, provided that you give us attribution and share the resulting work under the same license terms. If you're interested in using our database or any other content on our website in a way that does not conform to the CC-BY-NC-SA license, please reach out to our Data Breach Chronology manager, firstname.lastname@example.org , and we're happy to discuss different terms.