Privacy Rights Clearinghouse brings together publicly reported data breach notifications from across U.S. government agencies into a single, searchable database. Explore our interactive visualizations, or purchase the full dataset. Have questions? Check our FAQ.
Mapping Data Breaches
Data breaches affect organizations and individuals across every state in the U.S. This map shows reported breaches by state (darker red indicating higher numbers) and, where possible, concentrations by zip code. Tracking the true geographic scope of data breaches remains challenging - in most cases, neither notification letters nor agency reports reveal where breaches actually occurred. Even in our database of over 50,000 breaches drawn from fifteen government sources, we can only pinpoint specific locations for a small fraction of incidents.
Two Decades of Data Breaches
The Data Breach Chronology draws from 15 U.S. government sources, though only a small number consistently provided public breach notifications in our early years of data collection. The first data breach notification law in the country was passed in California in 2002, but it took until 2018 for the rest of the country to fully catch up - and the level of coverage still varies considerably across the country. Today, while all states require breach reporting, only 14 make these reports publicly available - meaning our dataset, while the most comprehensive public collection of U.S. breach notifications, captures only a portion of reported incidents.
Impact Across Industries
The Data Breach Chronology analyzes each notification across multiple dimensions, from the type of organization affected to the method of breach. Toggle between views to explore how we classify organizations (from BSF for financial services to MED for healthcare providers) and breach types (such as HACK for cyber attacks or PORT for portable device breaches). The high number of "UNKN" classifications reflects a common challenge in breach reporting - notifications often lack sufficient detail to determine an organization's primary function or the specific method of breach. For complete descriptions of our classification system, see our FAQ.
Data Availability Across States
Each agency approaches breach notification reporting differently. While basic information like organization names and the reported dates are generally consistently available, other crucial details -- when breaches actually occurred, how long they lasted, their true scope, and where they happened - are frequently missing from summary reports. States that provide access to the full notification letters generally enable more complete analysis, though critical information often remains buried in these documents. This visualization shows what information we can reliably extract from each source's notifications.
The Chronology
Search and Browse Data Breach Notifications: 2005-Present
Additional Resources
Frequently Asked Questions
Detailed information about our methodology, classification system, and data sources.
Purchase the Full Dataset
Access detailed breach notifications, classification data, and notification letter text. Academic researchers and nonprofits may qualify for complimentary access.
Historical Data (2005-2018)
View our archive of historical breach data and visualizations.
Report Corrections
Found an error? Email us with "CORRECTION" in the subject line and include supporting documentation.
Join Our Mailing List
Stay updated on project developments and new features.