- May 8, 2020: Updated risk vector descriptions to match the descriptions in the Rating Details page.
The Public Disclosures risk category provides information related to possible incidents of undesirable access to a company’s data, including breaches, general security incidents, and other disclosures. Information is collected from verifiable news sources, both domestic and international, and by filing Freedom of Information Act (FOIA) requests.
Though these events do not necessarily result in data loss, the interruptions to business continuity are relevant and can be used to improve security preparedness.
- Public Discovery
- The earliest date when information pertaining to the security incident became publicly available either via news sources or filing with regulatory bodies, when an incident was self-discovered & the date of discovery publicly available, or the date when affected parties were notified. When major headline news of unauthorized access is disclosed, we add it to our system within the same week. Note that having knowledge of the actual date of the incident is rare, even to the affected company.
- Effective Date
- The date when a Security Incident event was recorded in the Bitsight platform.
Learn more about Public Disclosures or review how the Public Disclosures risk category is calculated.
The Public Disclosures risk category is classified into the following risk vectors:
The Security Incidents risk vector involves a broad range of events related to the undesirable access of a company’s data or resources, including personal health information, personally identifiable information, trade secrets, and intellectual property. They’re grouped into Breach Security Incidents and General Security Incidents.
|Other Disclosures||The Other Disclosures risk vector includes other kinds of publicly disclosed events. It’s considered to be the least severe among the Public Disclosures risk vectors.|