Thank you for visiting the Chronology of Data Breaches!
We’re in the process of implementing some exciting new features and apologize for any inconvenience. In the meantime, you can download a compilation of historic data below.
If you have questions or corrections, please contact us at chronology@privacyrights.org.
Chronology Legend
Type of Breach
CARD
Fraud Involving Debit and Credit Cards Not Via Hacking (skimming devices at point-of-service terminals, etc.)
HACK
Hacked by an Outside Party or Infected by Malware
INSD
Insider (employee, contractor or customer)
PHYS
Physical (paper documents that are lost, discarded or stolen)
PORT
Portable Device (lost, discarded or stolen laptop, PDA, smartphone, memory stick, CDs, hard drive, data tape, etc.)
STAT
Stationary Computer Loss (lost, inappropriately accessed, discarded or stolen computer or server not designed for mobility)
DISC
Unintended Disclosure Not Involving Hacking, Intentional Breach or Physical Loss (sensitive information posted publicly, mishandled or sent to the wrong party via publishing online, sending in an email, sending in a mailing or sending via fax)
UNKN
Unknown (not enough information about breach to know how exactly the information was exposed)
Type of Business
BSF
Businesses (Financial and Insurance Services)
BSO
Businesses (Other)
BSR
Businesses (Retail/Merchant including Online Retail)
EDU
Educational Institutions
GOV
Government & Military
MED
Healthcare, Medical Providers and Medical Insurance Services
NGO
Nonprofits
UNKN
Unknown
We source most of our data from state Attorneys General and the U.S. Department of Health and Human Services. While we aim to provide the most accurate and up-to-date information, this is an incomplete look at the true scope of the problem due in part to varying state laws.