Each record corresponds to a single breach notification filed with a government agency. 65 structured fields organized across 12 categories. Classification, entity normalization, and text extraction from breach notification letters are performed using automated natural language processing pipelines. All extracted values are derived solely from information present in the source documents.

Organization identity — Normalized name, type (7 top-level categories, 86 subtypes), and acceptable name variants for consistent entity tracking across the database.

Breach classification — Type (7 categories, 36 specific methods), incident narrative, and third-party vendor identification when a breach originated at a service provider.

Impact — Total and state-resident affected counts. Personal information exposed, classified against 13 CCPA information categories.

Dates and timeline — Reported date, breach date, and breach end date where available.

Location — Full address and geocoordinates (latitude/longitude) for spatial analysis.

Corporate identifiers — Links to SEC EDGAR (CIK + ticker), GLEIF LEI, NPI registry, IRS EIN, IPEDS, FDIC, NCUA, and Census Bureau where matches exist.

Breach event grouping — When the same breach generates notifications across multiple states, or a shared vendor compromise affects hundreds of organizations, those records are linked by a stable group UUID with pre-computed event-level aggregates: combined totals, merged timelines, per-organization breakdowns, and vendor event identification. No joins required.

Source documentation — Original filing URL, archived notification letter URL, and full extracted notification letter text (SQLite format only).

Full field documentation is included with every purchase.