Data breach information on privacyrights.org and what researchers might learn from it?

The website privacyrights.org has a comprehensive, sortable database of data breaches in the United States. The dataset goes back to 2005 and has been normalized through February of 2022. You can filter the data by date range using a tool provided by the website. You can sort the breaches by “type of data breach” or “type of organization”. The total number of breaches by each type are listed and accompanied by a graph to show proportionality. Also provided is a list of the most breached institutions. All this information can be filtered by state. Finally, each individual breach is listed and can be further investigated. By clicking on an individual breach you are provided with a summary of the event and links to further information if available.

Overall I would say this is a pretty exhaustive list that is easy to navigate and can provide important insights. The ability to play with the filter and target specific areas is interesting. The highest type of breach was hacking. This points to an obvious demand for increased cybersecurity. Interestingly, despite many other identified breach types, the second highest was “unknown”. This suggests that more research and resources are necessary to better understand the problem. There was a clear leader in the type of organization breached. Healthcare organizations were breached more than twice as much as the next highest type. Obviously, this could help to guide cybersecurity experts and public officials in the right direction concerning resource allocation.

The ability to sort by state allows concerned parties at the state level to understand the scope of their own issues. This also allows for a comparison between the state and national levels. They also might compare similar states in similar geographic locations for added context. Finally, working with the date range filter allows researchers to appreciate various trends over time.