- Why do we maintain this Chronology of Data Breaches?
- What should you do if your personal information has been exposed in a data breach?
- Is the Chronology of Data Breaches an exhaustive list of data breaches?
- How do we determine which data breaches to include in the Chronology?
- Is it accurate to say that the number of records breached reflects the number of individuals affected by the breach?
- Do we make all of our Chronology data available in downloadable format?
- Copyright and research use.
We maintain this Chronology of Data Breaches as a source of information to assist in research involving reported data breaches from 2005 to present.
Read our guide, What to Do When You Receive a Data Breach Notice.
No, we are not able to list every data breach. Many organizations are not aware they’ve been breached or are not required to report it based on reporting laws. Our Chronology is limited to data breaches reported in the U.S. If a data breach affects individuals in other countries, it is included here only if individuals in the U.S. are also affected.
Our Chronology reflects data breaches and the number of records breached reported through either government agencies or verifiable media sources.
If the number of records breached is unknown, we note that as a "0" in our Chronology. Additionally, as the number of records breached will often change over time as an organization investigates the data breach, we continue to update the number of records breached accordingly.
Not always. The number of records breached does not necessarily indicate the number of people affected. One person may have multiple records breached in a single data breach by having multiple accounts within the affected organization (i.e. multiple email accounts with a single provider).
We no longer report two numbers due to the ever-changing definitions of personal information and lack of consensus amongst states and sectors. Starting October 30, 2017, we record the number of records breached in all breaches we find reported in the media and through government agencies.
Yes, we provide the ability to download our data as a CSV file that can be used to create a spreadsheet. Once you have conducted a search, click on the orange button that says "Download Data Breach File."
We greatly appreciate you citing us and informing us when you utilize our data for publishing, research, commercial or educational use. Please send an email to firstname.lastname@example.org with your name, organization and how our data is being used.