Analysis
The Open Security Foundation feels that there is a distinct need to provide unbiased, high quality information regarding data loss incidents. We believe that we can improve awareness of data security and identity theft threats to consumers and also provide accurate statistics to organizations to assist them in decision making.
We provide charts and statistics on our statistics page based on the current dataset maintained. If you have a particular need for additional information, analysis or would like to discuss further on a specific topic please contact us at officers@opensecurityfoundation.org and we will determine if we can support your request. Please include a summary of what specific information you require and how you plan to use this information. Please note that due to resource contraints we are not able to support all requests.
If you are looking for custom information or detailed analysis we recommend that you contact Risk Based Security to support your need for analytics. Risk Based Security was established to better support the research conducted by the Open Security Foundation (OSF), by using technology to turn security data into a competitive advantage. OSF's wealth of historical data, combined with Risk Based Security's proprietary database provides interactive dashboards, predictive analysis, consulting services and risk analytics to offer companies comprehensive insight into data security threats most relevant to their industry.
Data Key
Breach Types
| Short Name | Description |
|---|---|
| Disposal Computer | Discovery of computers not disposed of properly |
| Disposal Document | Discovery of documents not disposed of properly |
| Disposal Tape | Discovery of backup tapes not disposed of properly |
| Disposal Drive | Discovery of disk drives not disposed of properly |
| Disposal Mobile | Discovery of data on a mobile phone or device such as tablets, etc |
| Email communication exposed to unintended third party | |
| Fax | Fax communication exposed to unintended third party |
| Fraud Se | Fraud or scam (usually insider-related), social engineering |
| Hack | Computer-based intrusion, data not generally publically exposed |
| Lost Computer | Lost computer (unspecified type in media reports) |
| Lost Document | Discovery of documents not disposed of properly through loss (not theft) |
| Lost Drive | Lost data drive, unspecified if IDE, SCSI, thumb drive, etc) |
| Lost Laptop | Lost laptop (generally specified as a laptop in media reports) |
| Lost Media | Media (i.e. disks) reported to have been lost by a third party |
| Lost Mobile | Lost mobile phone or device such as tablets, etc (unspecified in media reports) |
| Lost Tape | Lost backup tapes |
| Missing Document | Missing document, unknown or disputed whether lost or stolen |
| Missing Laptop | Missing laptop, unknown or disputed whether lost or stolen |
| Missing Media | Missing media, unknown or disputed whether lost or stolen |
| Snail Mail | Personal information in "snail mail" exposed to unintended third party |
| Stolen Computer | Stolen desktop (or unspecified computer type in media reports) |
| Stolen Document | Documents either reported or known to have been stolen by a third party |
| Stolen Drive | Stolen data drive, unspecified if IDE, SCSI, thumb drive, etc) |
| Stolen Laptop | Stolen Laptop (generally specified as a laptop in media reports) |
| Stolen Media | Media (disks or other) generally reported or known to have been stolen by a third party |
| Stolen Mobile | Stolen mobile phone or device such as tablets, etc |
| Stolen Tape | Stolen backup tapes |
| Unknown | Unknown or unreported breach type |
| Virus | Exposure to personal information via virus or trojan (i.e. keystroke logger, possibly classified as hack) |
| Web | Computer/web-based intrusion, data typically available to the general public via search engines, public pages, etc. |
Data Types
| Short Name | Description |
|---|---|
| CCN | Credit Card Numbers |
| SSN | Social Security Numbers (or Non-US Equivalent) |
| NAA | Names |
| EMA | Email Addresses |
| MISC | Miscellaneous |
| MED | Medical |
| ACC | Account Information |
| DOB | Date of Birth |
| FIN | Financial Information |
| UNK | Unknown |
| PWD | Passwords |
| ADD | Addresses |
Sectors / Business Types
| Short Name | Description |
|---|---|
| Biz | Business |
| Edu | Educational |
| Gov | Government |
| Med | Medical |
Sector / Business Sub-Types
| Short Name | Description |
|---|---|
| Retail | Retail Businesses |
| Fin | Financial |
| Tech | Technology |
| Med | Medical (Non-Hospital / Provider) |
| Fed | Federal Government |
| Data | Data Services / Brokerage |
| Media | Mass Media |
| Uni | University |
| Ind | Industry |
| State | State Government |
| NFP | Non-Profit / Not-For-Profit |
| County | County Government |
| Org | Organization |
| Hos | Hospital |
| HS | High School |
| Ins | Insurance |
| City | City (Government or Citizens) |
| Hotel | Hotel |
| Law | Legal Firm |
| Elem | Elementary School |
| Edu | Educational |
| Biz | Business |
| Gov | Government |
| Pro | Medical Provider |
| Agr | Agricultural |
Breach Types:
- Disposal Computer | Disposal Document | Disposal Tape | Disposal Drive
- Disposal Mobile | Email | Fax | Fraud Se
- Hack | Lost Computer | Lost Document | Lost Drive
- Lost Laptop | Lost Media | Lost Mobile | Lost Tape
- Missing Document | Missing Laptop | Missing Media | Snail Mail
- Stolen Computer | Stolen Document | Stolen Drive | Stolen Laptop
- Stolen Media | Stolen Mobile | Stolen Tape | Unknown
- Virus | Web |
