[Dataloss] complete/official list of security breach disclosures

security curmudgeon jericho at attrition.org
Wed Feb 1 20:34:42 EST 2006


: Maybe someone can help me.
: I have been looking for a complete list of security breach disclosures.
: While its nice to have different lists of high profile disclosures
: what would be interesting would be find out how many total disclosures
: and the distributions of size and type. 

That is the purpose and intent of the attrition Dataloss page. It was not 
created with only high profile breaches/disclosures, rather any event of 
signifigance. http://attrition.org/errata/dataloss/

: The SB-1386 law in California requires companies to contact customers 
: affected by breaches. I checked with the California Attorney General's 
: Office and there are no government records being kept there since 
: companies are not required to contact any government entity. The papers 
: report the high profile breaches -- basing any analysis on the media 
: coverage would be skewed.
: 
: Are there any states require public reporting of breaches?

There are, but I don't have the list handy. That is something that would 
compliment the dataloss page actually, links to the states and respective 
laws. Shortly after California adopted that law, several others followed 
suit and passed their own.



More information about the Dataloss mailing list