A data breach is a security incident where an organization's sensitive data is compromised or stolen due to a vulnerability or cyber attack on one of its third party vendors. This type of breach happens outside the primary organization's own IT infrastructure but still impacts them, as the third-party vendor, contractor, or service provider has access to their data. 

Bitsight extracts breach data by collecting and analyzing posts across multiple deep and dark web forums, applying Bitsight AI to label, classify, and deduplicate datasets. A data breach in this context is defined as leaked data attributed to a single victim organization, excluding repackaged or aggregated compilations like combos or fullz. To maintain accuracy, duplicate shares were removed, and posts were validated for authenticity where possible by monitoring reputation signals within underground communities.

The breach data collected by Bitsight offers a real-time view into external exposures that may not yet be known to the organization, making it particularly valuable for SOC teams, CTI analysts, and GRC leaders. The finding that 45% of breaches in 2024 were shared freely—not sold—underscores how breach data can circulate widely, even without direct monetization. By tying breach intelligence to organizational risk, Bitsight helps teams detect silent exposures, trigger internal investigations, and drive faster response and remediation.

Using natural language processing and machine learning models within Bitsight AI, each data breach post is analyzed to extract metadata such as victim location and industry classification. This allows Bitsight to track macro-level trends—like the U.S. accounting for nearly 20% of identified breaches and Professional, Scientific, and Technical Services leading all sectors in breach volume. These insights help organizations benchmark their exposure relative to peers and understand sector-specific threat dynamics.

Bitsight collects breach data on a continuous basis, not just for annual reporting. While the State of the Underground report aggregates and analyzes breach trends over the past year, customers can access ongoing breach alerts and threat intelligence through the Bitsight Cyber Threat Intelligence platform, Bitsight Pulse, or API integrations. This ensures that threat intelligence teams stay ahead of underground activity, enabling real-time detection of leaked data tied to their domains or vendors. Here, Bitsight's Underground Explorer is then updated on a monthly basis for analysis and trending data.