The Open Security Foundation's DataLossDB gathers information about events involving the loss, theft, or exposure of personally identifiable information (PII). DataLossDB's dataset, in current and previous forms, has been used in research by numerous educational, governmental, and commercial entities, which often have been able to provide statistical analysis with graphical presentations.
The charts below are provided in "as-is" format based on the current dataset maintained by the Open Security Foundation and DataLossDB. These charts may be used for presentation by outside organizations provided approval is provided and visible credit is given to the Open Security Foundation / DataLossDB.org. Please contact [email protected] for approval to use the material or with any questions about the statistics presented on this page.
The following graphs highlight a trend that indicates that data loss incidents involving third parties, on average, result in a greater number of records lost that incidents that do not involve third parties. This may be as a result of the type of data handled by third parties, the process of transferring the data between organizations, or other hypothesis, mostly all speculative as little data exists to establish one cause as dominant. The trend is, however, concerning.