Every breach.
Every angle.
Filter, segment, and pivot every formally-filed breach disclosure across severity, industry, threat-actor tactics, and regulatory compliance timelines. SEC 8-K, 17 US state AGs, HHS OCR, EU DPA enforcement decisions, ransomware leak sites — 21 sources, one schema, one feed.
Compliance officers, underwriters, breach counsel, and security researchers run on the same canonical record. The patterns the individual regulator portals don’t show you, surfaced.
Live feed
What the regulators reported in the last 30 days
Why one source isn’t enough
An SEC filing told investors a breach happened — but omitted the number affected and the data types exposed. 99.3% of SEC cyber filings do. The same week, a state AG filing disclosed 2.5 million Social Security numbers were compromised. Meanwhile, a ransomware leak site had posted about it 91 days earlier. DisclosureLens merges all three into one record — so you see the full story, not the slice each regulator got.
Six patterns the regulator portals don’t show you
Built for the analyst the portals didn’t plan for
Information asymmetry
SEC tells investors almost nothing
87% of SEC 8-K cyber-incident filings score 0 out of 5 on information completeness — no affected count, no threat actor, no data types. State AG notifications score 2.64/5 for the same breaches. DisclosureLens merges both views so you see what each audience was told.
Early warning
Leak sites post 3 months before regulators
Ransomware leak-site posts precede regulatory filings 82% of the time, with a median 91-day lead. For every breach that gets officially disclosed, the vast majority of ransomware claims have no regulatory match at all. DisclosureLens correlates both feeds and computes the gap.
Compliance clocks
Filed late · 12 frameworks, 1 view
SEC 4-day, HIPAA 60-day, GDPR 72-hour, plus 9 state-AG compliance clocks (CA, ME, MD, WA, VT, OR, IA, TX, MA), with CIRCIA 72h + 24h scaffolded. DisclosureLens computes elapsed-days against each statute and shows them as a single overdue-clock summary on every record — with the verbatim citation one click away.
Entity scorecards
Five-year breach record for any entity
Per-entity compliance scorecard — totals, per-jurisdiction flag rollup, severity-weighted score, late-clock count, disclosure timeline with clocks-missed badges. Downloadable as a PAdES-B signed PDF for audit packets and client engagements.
Risk analytics for underwriters
Frequency × severity, per-vertical
Vertical × severity_tier heatmap, repeat-offender index with severity-weighted score, FAIR-aligned log-normal severity fit per industry. POST-API surfaces for comparable_incidents, underwriting_brief, freq_severity_curve, portfolio_rating — exposed under /v1/analytics.
Audit-grade signed PDFs
PAdES-B + cert fingerprint in every footer
Every scorecard, compliance report, and broker benchmark letter is PAdES-B signed with byte-range tamper detection. EU AI Act Art. 50 disclosure on every page. Production AATL / eIDAS QES certs swap in via env vars — no code change.
Five audiences, one schema
Built for
Compliance officers
/pulse/compliance
Per-framework clock tracking (SEC, HIPAA, GDPR, state-AG variants, CIRCIA scaffolded). Late-disclosure leaderboards. Downloadable signed compliance reports.
Open →
Underwriters & brokers
/pulse/risk + analytics API
Frequency × severity heatmap, repeat-offender index, comparable-incidents POST API, broker benchmark letter as signed PDF. Pre-fills underwriting submissions.
Open →
Breach counsel
/entities/[id]/scorecard
Entity-keyed five-year compliance scorecard with named-entity treatment per Fair Report Privilege. Signed PDF for client engagements.
Open →
Security researchers
/disclosures
Real-time feed across regulators, 20+ facets, OpenAPI schema, free tier (60 req/min, 12 months history). STIX/TAXII feed planned.
Open →
Journalists — see the per-state pages at /breach-notifications. Free dashboard tier, no credit card.
See what each state was told
One schema across SEC 8-K + 10-K, 17 US state AGs, HHS OCR, EU DPA, and ransomware leak sites. UK ICO, OAIC, NY DFS, NIS2, DORA, CIRCIA coming soon.
Nacogdoches Memorial Hospital filed “5 affected” with Maine’s AG. The same week, HHS OCR recorded 2,507,073 affected for the same breach. Each regulator only sees its own slice — DisclosureLens shows the full picture.
Slice by the dimensions that matter
Severity tier, NAICS sector, 12 industry verticals, 72 VERIS sub-tactics, threat-actor type and motive, malware family.
Filter for nation_state_confirmed AND vertical=technology and Microsoft’s 8-K is the first row. Filter for ransomware AND severity=critical AND ofac_sanctioned and BianLian, ALPHV, and LockBit listings sort to the top. Multi-select facets, disjunctive counts.
What's different
- What cross-source data reveals
- HIPAA’s official compliance rate is computed from only 8.3% of filings — the rest lack timing data entirely. Cross-source enrichment reveals a 41% late rate. Companies breached once face a 57% chance of re-breach within 90 days. Leak sites post 82% of the time before the regulatory filing lands. These patterns are invisible from any single regulator’s data.
- When extraction confidence dips, Opus 4.7 reads it again
- Records below 0.80 overall confidence or 0.70 on any single field are re-extracted by Opus 4.7 with extended thinking before publication. Below threshold after that, a human reviews. Per-field source-span citations and a per-record audit trail on every record. See the pipeline.
- Audit-grade signatures
- Every scorecard, compliance report, and broker benchmark letter is PAdES-B signed with byte-range tamper detection + the signing cert’s SHA-256 fingerprint in the footer. Production AATL / eIDAS QES certs swap in via env vars — no code change.
- Disclosure-aware AI
meta.ai_assisted: trueon every API response, every PDF footer. EU AI Act Art. 50-compliant ahead of the August 2 2026 enforcement date.- Held to the same standard we hold the regulators we index
- If DisclosureLens has a material security incident, the disclosure lands in our own feed with
source.type = self_disclosureand a 14-day post-mortem. Self-disclosure commitment.
Free for the public interest
Free for journalists, researchers, and security teams
Full dashboard. 60 requests per minute on the API. Twelve months of historical depth. STIX/TAXII feed access (planned). No credit card. Attribution requested when republished. The dashboard is browseable now — sign-in adds API keys and saved filters.
For compliance, underwriting, and counsel:
Entity scorecards · comparable-incidents API · broker benchmark letters · signed compliance reports · monthly compliance digests · embeddable widgets. Bulk historical access (Parquet, 5+ years), higher rate limits, and dedicated webhook fanout sit in the paid tier. Pricing is not yet public.