History of Data breach in Timeline

A data breach, or data leakage, involves the unauthorized exposure, disclosure, or loss of personal information. This compromises sensitive data, potentially leading to identity theft, financial losses, reputational damage, and legal consequences. Organizations must implement robust security measures, including encryption, access controls, and regular security audits, to prevent breaches. Quick detection and response, along with user education, are crucial in mitigating the impact of a data breach. Notification laws often mandate informing affected individuals and regulatory bodies following a breach.

April 2002: First Reported Data Breach

On April 5, 2002, the first reported data breach occurred when 250,000 social security numbers collected by the State of California were stolen from a data center.

April 2002: California Passes Data Breach Notification Law

Shortly after the first reported data breach in April 2002, California passed a law requiring notification when an individual's personal information was breached.

2002: First Reported Breach

In 2002, the first data breach was reported, marking the beginning of an increase in such incidents each year.

February 2005: ChoicePoint Data Breach

In February 2005, the ChoicePoint data breach became widely publicized, leading to the proliferation of notification laws in the United States.

2005: Widespread Adoption of Data Breach Notification Laws

Around 2005, there was a widespread adoption of data breach notification laws, making it difficult to determine the prevalence of data breaches before this period.

2013: Shutdown of Silk Road

In 2013, one popular darknet marketplace, Silk Road, was shut down and its operators arrested, but several other marketplaces emerged in its place.

2013: Target Data Breach

In 2013, the Target data breach occurred on the hardware operated by a partner of the organization targeted.

2014: JPMorgan Chase Data Breach

In 2014, the JPMorgan Chase data breach occurred on the hardware operated by a partner of the organization targeted.

2016: Data Breaches Outnumbering Other Security Breaches

In 2016, researcher Sasha Romanosky estimated that data breaches (excluding phishing) outnumbered other security breaches by a factor of four.

2016: Cost of Data Breaches Estimated by Romanosky

In 2016, researcher Sasha Romanosky estimated that while the mean breach cost around the targeted firm $5 million, the typical data breach was much less costly, around $200,000, and the total annual cost to corporations in the United States was around $10 billion.

2018: GDPR Took Effect

In 2018, the European Union's General Data Protection Regulation (GDPR) took effect, requiring notification within 72 hours and imposing high fines for non-compliance.

2020: Causes of Data Breaches

According to a 2020 estimate, organized crime accounted for 55 percent of data breaches, with system administrators, end users, and states or state-affiliated actors each accounting for 10 percent.

2022: US Data Breach Notification Laws

As of 2022, all 50 states in the United States have their own general data breach notification laws, with the federal law limited to medical data regulated under HIPAA.

2022: Continued Increase in Data Breaches

As of 2022, statistics show a continued increase in the number and severity of data breaches, despite potential reporting delays.

2024: Data Breach Notification Laws

As of 2024, Thomas on Data Breach listed 62 United Nations member states that are covered by data breach notification laws.

2024: NIST Issues Special Publication on Data Confidentiality

In 2024, the United States National Institute of Standards and Technology (NIST) issued a special publication, "Data Confidentiality: Identifying and Protecting Assets Against Data Breaches".