Search Data Security Breaches

California law requires a business or state or local agency to notify any California resident whose unencrypted personal information, as defined, was acquired, or reasonably believed to have been acquired, by an unauthorized person. (You can read the law here: California Civil Code s. 1798.29(a) for state agencies and California Civ. Code s. 1798.82(a) for businesses).

The law also requires that a sample copy of a breach notice sent to more than 500 California residents must be provided to the California Attorney General. Below is a list of those sample breach notices. (Note that in some cases the organization that sent the notice is not the one that experienced the breach. For example, a bank may notify of a credit card number breach that occurred not at the bank, but at a merchant.)

You can search by the name of the organization that sent the notice, or simply scroll through the list. To read a notice, click on the name of the organization in the list. Then click on the link titled "Sample Notification."

Download Full Data Breach List (CSV)

Organization Name Date(s) of Breach Reported Date
Carnival Corporation and plc 08/04/2020 10/13/2020
Carnival Corporation and plc 08/04/2020 02/04/2021
Carnival Corporation and plc 03/12/2021 10/18/2021
Carnival Corporation & PLC 04/11/2019, 07/23/2019 03/03/2020