Data breach reports

View reports on data breaches, including how many are reported each year and how many people they affect.

In Massachusetts, companies are legally required to report data breaches affecting residents' private data to the Office of Consumer Affairs and Business Regulation (OCABR). The data on this page summarizes those reports. The data begins in 2007, when the law went into effect.

In addition to the summary table, you can download reports for each year in which data is broken out by company and what kind of data was affected. 

If you're interested in the details of a particular data breach notification, you can request a copy of the notification via a public records request

 

Year        # of Breach Notifications  # of MA Residents Affected
2007 (Nov-Dec) 32 17,503
2008 428 692,736
2009 441 357,900
2010 474 1,018,497
2011 624 1,167,160
2012 1,130 325,867
2013 1,947 1,193,970
2014 1,659 360,793
2015 1,837 1,345,430
2016 2,002 195,052
2017 1,889 3,377,646
2018 1,835 442,941
2019 1,909 609,006
2020 2,188 1,087,591
2021 2,488 1,861,422

 

Disclosure: The number of residents affected may go up as companies determine the total number of impacted residents.

 

You may also submit a public record request for data breach notifications to the Office of the Attorney General.

Table of Contents

Help Us Improve Mass.gov with your feedback

Feedback