This week, the Commonwealth of Massachusetts has made an important step towards increasing their data breach transparency. In the event, the Office of Consumer Affairs and Business Regulation (OCABR) has made the Data Breach Notification Archive publicly available to people.
Just like the name suggests, the Data Breach Notification Archive is meant to keep the records of accidental or malicious/intentional compromises of personal information. This archive was built as notifications came from the entities that keep a Massachusetts resident’s personal information because all of these are required by the Massachusetts Data Security Law to notify the OCABR, affected residents, and the Attorney General’s Office of such incidents.
Up to now, the records and information maintained by the OCABR were available only through Public Records Requests, but that has changed this week when the archive became publicly accessible.
All the data breach reports are now available on OCABR’s official website in the form of PDF files which include information on the affected organisation, when the breach was reported, the number of impacted individuals, and also the information on the type of compromised personal information.
This report also includes the details on the cyber attack, as well as the information on the incidents that occur in the real world. Information on unintentional data leaks, external hacks, misplaced documents or devices, insider attacks, and other similar incidents are also included in these reports.
Data included in the reports was gathered from various industries, including financial, retail, healthcare, manufacturing, education, hospitality, and more. Each entry is marked as an electronic (cyber) compromise or not.
A quick look at the 2016 Data Breach Report (PDF) shows that hundreds of such incidents have been reported last year, and that tens of thousands of Massachusetts residents were affected. Some 33,000 were impacted by the malware attack that hit Eddie Bauer stores, for example, while the Omni Hotels incident impacted only 1,000.