Data Breaches

Thank you for visiting the Chronology of Data Breaches!

We’re in the process of implementing some exciting new features and apologize for any inconvenience. In the meantime, you can download a compilation of historic data below.

If you have questions or corrections, please contact us at chronology@privacyrights.org.

    Download the Database

     

    Chronology Legend

    Type of Breach

    CARD
    Fraud Involving Debit and Credit Cards Not Via Hacking (skimming devices at point-of-service terminals, etc.)

    HACK
    Hacked by an Outside Party or Infected by Malware

    INSD
    Insider (employee, contractor or customer)

    PHYS
    Physical (paper documents that are lost, discarded or stolen)

    PORT
    Portable Device (lost, discarded or stolen laptop, PDA, smartphone, memory stick, CDs, hard drive, data tape, etc.)

    STAT
    Stationary Computer Loss (lost, inappropriately accessed, discarded or stolen computer or server not designed for mobility)

    DISC
    Unintended Disclosure Not Involving Hacking, Intentional Breach or Physical Loss (sensitive information posted publicly, mishandled or sent to the wrong party via publishing online, sending in an email, sending in a mailing or sending via fax) 

    UNKN
    Unknown (not enough information about breach to know how exactly the information was exposed)

     

    Type of Business

    BSF
    Businesses (Financial and Insurance Services)

    BSO
    Businesses (Other)

    BSR
    Businesses (Retail/Merchant including Online Retail)

    EDU
    Educational Institutions

    GOV
    Government & Military

    MED
    Healthcare, Medical Providers and Medical Insurance Services

    NGO
    Nonprofits

    UNKN
    Unknown

     

    We source most of our data from state Attorneys General and the U.S. Department of Health and Human Services. While we aim to provide the most accurate and up-to-date information, this is an incomplete look at the true scope of the problem due in part to varying state laws.