Every breach.
Every angle.
Filter, segment, and pivot every formally-filed breach disclosure across severity, industry, threat-actor tactics, and regulatory compliance timelines. SEC 8-K, US state AGs, HHS OCR, EU DPAs, UK ICO, OAIC — one schema, one feed, one query.
The same incident filed in three jurisdictions collapses into one canonical record. The patterns the individual regulator portals don’t show you, surfaced.
Live feed
What the regulators reported in the last 30 days
The motivating case
Microsoft filed a SEC 8-K for the Midnight Blizzard incident on January 19, 2024, then an 8-K/A 49 days later with the part the first filing didn’t say. A different breach — small business, Maine AG — sat on a BianLian leak-site listing for 287 days before the company filed. DisclosureLens collapses the first into one record and flags the second the day it lands.
Three patterns the regulator portals don’t show you
Built for the analyst the portals didn’t plan for
Cross-jurisdiction merge
Microsoft 8-K + 8-K/A as one record
Microsoft filed a SEC 8-K for the Midnight Blizzard incident on January 19, 2024, then an 8-K/A 49 days later with the parts the first filing didn't say. DisclosureLens collapses both into a single canonical record — and surfaces what the amendment finally disclosed.
The pre-disclosure gap
287 days on a leak site before they filed
A small business sat on a BianLian leak-site listing for 287 days before filing with the Maine AG. Each regulator only sees its own filing date — DisclosureLens overlays the leak-site posting date and computes the gap, with `pre_disclosure_leak_gt_30d/90d/180d` flags off by default.
Compliance clocks
Filed late · 7 jurisdictions, 1 view
SEC 4-day, GDPR 72-hour, HHS 60-day, state-by-state notification clocks. DisclosureLens computes elapsed-days against each statute and shows them as a single overdue-clock summary on every record — with the verbatim citation one click away.
Pivot across every regulator
One schema across SEC 8-K, US state AGs, HHS OCR, EU DPAs, UK ICO, and OAIC.
Microsoft’s January 8-K and its March 8-K/A on the same Midnight Blizzard incident collapse into one canonical record — entity-resolved via GLEIF and EDGAR. The feed counts incidents, not filings.
Slice by the dimensions that matter
Severity tier, 12 industry verticals, 72 VERIS sub-tactics, threat-actor type and motive, malware family.
Filter for nation_state_confirmed AND vertical=technology and Microsoft’s 8-K is the first row. Filter for ransomware AND severity=critical AND ofac_sanctioned and BianLian, ALPHV, and LockBit listings sort to the top. Multi-select facets, disjunctive counts.
What's different
- What it doesn’t show on the regulator portals
- The knew-but-didn’t-disclose window is hidden by design — each regulator only sees its own filing’s date. DisclosureLens overlays the leak-site posting date and computes the gap.
pre_disclosure_leak_gt_30d,_gt_90d,_gt_180dflags. Off by default; opt in via the filter bar. - When extraction confidence dips, Opus 4.7 reads it again
- Records below 0.80 overall confidence or 0.70 on any single field are re-extracted by Opus 4.7 with extended thinking before publication. Below threshold after that, a human reviews. Per-field source-span citations and a per-record audit trail on every record. See the pipeline.
- Held to the same standard we hold the regulators we index
- If DisclosureLens has a material security incident, the disclosure lands in our own feed with
source.type = self_disclosureand a 14-day post-mortem. Self-disclosure commitment.
Free for the public interest
Free for journalists, researchers, and security teams
Full dashboard. 60 requests per minute on the API. Twelve months of historical depth. STIX/TAXII feed access. No credit card. Attribution requested when republished. The dashboard is browseable now — sign-in adds API keys and saved filters.
Bulk historical access (Parquet, 5+ years), higher rate limits, and dedicated webhook fanout are paid. Pricing is not yet public.