HackNotice Breach Sources Study

Data breach study: three years, over 65,000 data breaches analyzed with trends and predictions

We have categorized three years’ worth of data breach coverage based on the sources that originally reported the breaches.

We have five main categories:

Leak report

(60% of breach disclosures)

A file containing data coming from a breached company, as claimed by hackers


(22.51% of breach disclosures)

 A data breach first being reported on by online news outlets


(2.5% of breach disclosures)

A data breach disclosed to official sources and disclosed, such as state level DOJ websites and HHS


(1% of breach disclosures)

A website breached by a hacker, with the hacker changing the site’s content as proof


(13.26% of breach disclosures)

A company breached by a ransomware gang, infected with ransomware, with data being disclosed due to the company refusing to pay the ransom

From our analysis, here are a few of the conclusions that are readily apparent:

  • Leak reports are the #1 way to discover breaches and growing
  • Official disclosures used to be ~25% of breaches, but are now closer to ~13%

  • Ransomware is on pace to outgrow defacements as a breach source, with hundreds of disclosed companies a month so far in the last few months of 2020
  • Ransomware and defacements are growing sources of breaches, while news and official sources are shrinking as a share of disclosed breaches

Data breaches will continue. Sources for notifications will decrease.

“If you want to know who’s being hacked, you have to go into the dark web and interact directly with hackers.”

– Steve Thomas, HackNotice CEO