The Privacy Rights Clearinghouse has tracked every reported data breach notification in the United States since 2005. This week they released version 2.5 of the Data Breach Chronology — and it's a significant upgrade.
What it is
The Data Breach Chronology (privacyrights.org/data-breaches) is a searchable database of breach notifications filed with state attorneys general offices and the federal government. It currently contains approximately 98,000 records covering incidents reported from 2006 to the present.
You can search by company name, breach type, state, date range, or the type of data exposed. It's free to search online. Researchers, journalists, lawyers, and doctoral students use the underlying data to study how breaches happen and how they ripple through the economy.
What's new in version 2.5
The update adds 30 new fields across four major areas:
Vendor tracking. When a single cloud host, payroll company, or managed IT vendor gets breached and triggers notifications from dozens of organizations, all those records are now linked. You can find every company affected by a single vendor compromise in one query — useful for understanding supply chain risk.
Breach subtypes. "Hack" now breaks down into 36 specific methods: ransomware, phishing, credential stuffing, zero-day exploit, and more. Organization types have been expanded into 86 subtypes — so instead of "healthcare," you can distinguish hospital systems from dental practices from insurance carriers.
Pre-calculated group statistics. Related breach notifications have always been linkable in the database. The update now pre-calculates aggregate fields on every row: total people affected across all organizations in a breach event, the earliest breach date, notification delay, and the union of data types exposed.
Corporate identifiers. Each organization is now matched against eight public registries (SEC EDGAR, GLEIF, NPI, IRS EIN, FDIC, and others). If you're trying to link breach records to financial or industry datasets, the identifiers are now built in.
Six new states were also added: Hawaii, Idaho, Illinois, Nebraska, Rhode Island, and South Carolina — bringing the total to 21 government data sources.
How to use it
Go to privacyrights.org/data-breaches and search for any company you've done business with. You'll see every breach notification they've filed, the date, the number of people affected, and the type of data exposed.
If a company you use has had a vendor breach, you may now see that vendor named explicitly — and find other companies that were affected by the same event.
Up next · Friday
Step-by-step instructions to remove your listing from National Public Data — the site behind a 2.9 billion record breach that included Social Security numbers.