A dataset for accounting, finance and economics research on US data breaches
The data set consists of 506 data breaches and associated characteristics that affected US listed companies over a 10-year period from April 2005 to March 2015. The data set was gathered from the Privacy Rights Clearinghouse (PRC) and then augmented with manual data collection.
Steps to reproduce
The original data set included all 4,552 cyber-security incidents disclosed by firms, non-profit organisations, healthcare organisations and government agencies in the US as published by PRC. The data set was then filtered to only include events that affected companies listed on the New York Stock Exchange (NYSE) or NASDAQ between April 2005 to March 2015. The list was then enriched by (1) including standard company identifiers such as ticker, gvkey and CUSIP codes, and (2) searching on LexisNexis whether the incident was made public before the announcement date and whether the affected company made any other announcement in the 10 days prior to the incident.