Between January 2007 and March 19, 2009, North Carolina received 231 notifications of breaches under their breach reporting requirements. NC’s statute includes breaches involving paper records as well as electronic records, but only breaches requiring notification of 1,000 individuals or more must be reported to NC’s Consumer Protection Division of the Attorney General’s Office. Hence, smaller breaches are not included in these statistics.
In response to a request, NC provided a summary log of all incidents, which I have uploaded to this site, here (.xls). Inspection of their summary indicates a number of breaches that had not been reported in the media.
The Open Security Foundation has requested the underlying documents for the breaches reported in the log and will be uploading the documents to their Primary Sources files.