Virtual Event: Threat Detection and Incident Response Summit - Watch Sessions
Connect with us

Hi, what are you looking for?


Incident Response

Massachusetts Opens Data Breach Notification Archive to Public

The Commonwealth of Massachusetts this week made an important step toward improving data breach transparency, as the Office of Consumer Affairs and Business Regulation (OCABR) made its Data Breach Notification Archive publicly available online.

The Commonwealth of Massachusetts this week made an important step toward improving data breach transparency, as the Office of Consumer Affairs and Business Regulation (OCABR) made its Data Breach Notification Archive publicly available online.

As its name suggests, the Data Breach Notification Archive was meant to keep records of accidental or intentional/malicous compromise of personal information. The archive was built as notifications came from entities that keep a Massachusetts resident’s personal information, because all are required by the Massachusetts Data Security Law to notify affected residents, OCABR, and the Attorney General’s Office of such incidents.

Previously, the information maintained by OCABR was available only through Public Records Requests, but that changed yesterday when the archive became publicly accessible.

The data breach reports are available on OCABR’s website in the form of PDF files that include information on when the breach was reported, the affected organization, the number of impacted residents, and information on the type of compromised personal information.

The reports include details on cyber-attacks, as well as information on incidents that occur in the physical word. Information on external hacks, unintentional data leaks, insider attacks, misplaced documents or devices, and other similar incidents is included in these reports.

Data included in the reports was gathered from various industries, including financial, manufacturing, retail, healthcare, hospitality, education, and more. Each entry is marked as an electronic (cyber) compromise or not.

A quick look at the 2016 Data Breach Report (PDF) shows that hundreds of such incidents have been reported last year, and that tens of thousands of Massachusetts residents were affected. Some 33,000 were impacted by the malware attack that hit Eddie Bauer stores, for example, while the Omni Hotels incident impacted only 1,000.

Advertisement. Scroll to continue reading.

“The Data Breach Notification Archive is a public record that the public and media have every right to view. Making it easily accessible by putting it online is not only in keeping with the guidelines suggested in the new Public Records law, but also with Governor Baker’s commitment to greater transparency throughout the Executive Office,” Consumer Affairs Undersecretary John Chapman said.

Related: MIT Network Under Frequent DDoS Assault: Report

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

SecurityWeek’s Threat Detection and Incident Response Summit brings together security practitioners from around the world to share war stories on breaches, APT attacks and threat intelligence.


Securityweek’s CISO Forum will address issues and challenges that are top of mind for today’s security leaders and what the future looks like as chief defenders of the enterprise.


Expert Insights

Related Content


A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

Data Breaches

LastPass DevOp engineer's home computer hacked and implanted with keylogging malware as part of a sustained cyberattack that exfiltrated corporate data from the cloud...

Application Security

GitHub this week announced the revocation of three certificates used for the GitHub Desktop and Atom applications.

Data Breaches

GoTo said an unidentified threat actor stole encrypted backups and an encryption key for a portion of that data during a 2022 breach.

Incident Response

Microsoft has rolled out a preview version of Security Copilot, a ChatGPT-powered tool to help organizations automate cybersecurity tasks.

Incident Response

Meta has developed a ten-phase cyber kill chain model that it believes will be more inclusive and more effective than the existing range of...

Incident Response

Cygnvs emerges from stealth mode with an incident response platform and $55 million in Series A funding.

Artificial Intelligence

Two new surveys stress the need for automation and AI – but one survey raises the additional specter of the growing use of bring...