Analysis

The Open Security Foundation feels that there is a distinct need to provide unbiased, high quality information regarding data loss incidents. We believe that we can improve awareness of data security and identity theft threats to consumers and also provide accurate statistics to organizations to assist them in decision making.

We provide charts and statistics on our statistics page based on the current dataset maintained. If you have a particular need for additional information, analysis or would like to discuss further on a specific topic please contact us at [email protected] and we will determine if we can support your request. Please include a summary of what specific information you require and how you plan to use this information. Please note that due to resource contraints we are not able to support all requests.

If you are looking for custom information or detailed analysis we recommend that you contact Risk Based Security to support your need for analytics. Risk Based Security was established to better support the research conducted by the Open Security Foundation (OSF), by using technology to turn security data into a competitive advantage. OSF's wealth of historical data, combined with Risk Based Security's proprietary database provides interactive dashboards, predictive analysis, consulting services and risk analytics to offer companies comprehensive insight into data security threats most relevant to their industry.

Data Key


Breach Types

Short NameDescription
Disposal ComputerDiscovery of computers not disposed of properly
Disposal DocumentDiscovery of documents not disposed of properly
Disposal TapeDiscovery of backup tapes not disposed of properly
Disposal DriveDiscovery of disk drives not disposed of properly
Disposal MobileDiscovery of data on a mobile phone or device such as tablets, etc
EmailEmail communication exposed to unintended third party
FaxFax communication exposed to unintended third party
Fraud SeFraud or scam (usually insider-related), social engineering
HackComputer-based intrusion, data may or may not be publically exposed
Lost ComputerLost computer (unspecified type in media reports)
Lost DocumentDiscovery of documents not disposed of properly through loss (not theft)
Lost DriveLost data drive, unspecified if IDE, SCSI, thumb drive, etc)
Lost LaptopLost laptop (generally specified as a laptop in media reports)
Lost MediaMedia (i.e. disks) reported to have been lost by a third party
Lost MobileLost mobile phone or device such as tablets, etc (unspecified in media reports)
Lost TapeLost backup tapes
Missing DocumentMissing document, unknown or disputed whether lost or stolen
Missing DriveMissing drive, unknown or disputed whether lost or stolen
Missing LaptopMissing laptop, unknown or disputed whether lost or stolen
Missing MediaMissing media, unknown or disputed whether lost or stolen
OtherBreach type was disclosed but no formal classification
PhishingInformation exposed to unintended third party by sending an email to a user falsely claiming to be a legitimate user or organization
SeizureExposure of information due to the action of confiscating or impounding data either with or without a warrant
SkimmingTheft of credit or bank card information by using a small undetected electronic device (skimmer) that victim's card and banking data when swiped.
Snail MailPersonal information in "snail mail" exposed to unintended third party
SnoopingEmployee exceeding intended privileges and accessing confidential records they were not authorized to view
Stolen ComputerStolen desktop (or unspecified computer type in media reports)
Stolen DocumentDocuments either reported or known to have been stolen by a third party
Stolen DriveStolen data drive, unspecified if IDE, SCSI, thumb drive, etc)
Stolen LaptopStolen Laptop (generally specified as a laptop in media reports)
Stolen MediaMedia (disks or other) generally reported or known to have been stolen by a third party
Stolen MobileStolen mobile phone or device such as tablets, etc
Stolen TapeStolen backup tapes
UnknownUnknown or unreported breach type
VirusExposure to personal information via virus or trojan (i.e. keystroke logger, possibly classified as hack)
WebData typically available to the general public via search engines, public pages, etc.

Data Types

Short NameDescription
CCNCredit Card and/or Debit Card Numbers
SSNSocial Security Numbers (or Non-US Equivalent)
NAANames
EMAEmail Addresses
MISCMiscellaneous
MEDMedical
ACCAccount Information
DOBDate of Birth
FINFinancial Information
UNKUnknown
PWDPasswords
ADDAddresses
NUMPhone Numbers
USRUser Names
IPIntellectual Property

Sectors / Business Types

Short NameDescription
BizBusiness
EduEducational
GovGovernment
MedMedical
UnknownUnknown

Sector / Business Sub-Types

Short NameDescription
RetailRetail Businesses
FinFinancial
TechTechnology
MedMedical (Non-Hospital / Provider)
FedFederal Government
DataData Services / Brokerage
MediaMass Media
UniUniversity
IndIndustry
StateState Government
NFPNon-Profit / Not-For-Profit
CountyCounty Government
OrgOrganization
HosHospital
HSHigh School
InsInsurance
CityCity (Government or Citizens)
HotelHotel
LawLegal Firm
ElemElementary School
EduEducational
BizBusiness
GovGovernment
ProMedical Provider
AgrAgricultural
UnkUnknown
Sponsored By: Rbs Zecurion
Use of the DataLossDB, and its exports, RSS feeds, reports, or other materials produced on this site by the Open Security Foundation requires authorization and potential licensing arrangements. For more information, please e-mail [email protected] with a brief summary of how you would like to use this information; product, service, research, etc.
© 2005 - 2014, Open Security Foundation, All Rights Reserved.