> For the complete documentation index, see [llms.txt](https://docs.intellizence.com/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://docs.intellizence.com/signals-api/data-security-breaches/sample-requests.md). # Intellizence Data & Security Breaches API Sample Requests ## Data & Security Breaches API Sample Requests Use these sample API requests to retrieve data breach, security breach, ransomware, malware, DDoS, POS attack, hack, and other cybersecurity incident records from the Intellizence Data & Security Breaches Dataset. These examples show common ways to filter data and security breach records by date, company domain, industry, company location, company type, ticker, incident type, people impacted, and limit. {% hint style="info" %} All request parameters are optional. You can use a single filter or combine multiple filters based on your use case. {% endhint %} *** ### Endpoint ```http POST https://connect.intellizence.com/api/dataset/data-breach ``` ### Authentication Include your API key in the request header. ```http x-api-key: YOUR_API_KEY ``` ### Content Type ```http Content-Type: application/json ``` *** ## 10 Sample API Requests ### 1. Get Daily Updated Records Use `dateType: "LAST-MODIFIED"` to retrieve records that were created or updated on a specific date. This is recommended for daily syncs, alerts, enrichment workflows, and automated data pipelines. #### Request Body ```json { "dateType": "LAST-MODIFIED", "date": "2025-05-05", "limit": 5 } ``` #### cURL Example ```bash curl --request POST \ --url https://connect.intellizence.com/api/dataset/data-breach \ --header 'Content-Type: application/json' \ --header 'x-api-key: YOUR_API_KEY' \ --data '{ "dateType": "LAST-MODIFIED", "date": "2025-05-05", "limit": 5 }' ``` *** ### 2. Get Incidents Announced on a Specific Date Use `dateType: "ANNOUNCED"` and `date` to retrieve data and security breach records announced on a specific date. #### Request Body ```json { "dateType": "ANNOUNCED", "date": "2025-05-05", "limit": 10 } ``` #### cURL Example ```bash curl --request POST \ --url https://connect.intellizence.com/api/dataset/data-breach \ --header 'Content-Type: application/json' \ --header 'x-api-key: YOUR_API_KEY' \ --data '{ "dateType": "ANNOUNCED", "date": "2025-05-05", "limit": 10 }' ``` *** ### 3. Get Incidents Within a Date Range Use `startDate` and `endDate` to retrieve data and security breach records announced during a specific period. The Intellizence Data & Security Breaches Dataset contains data beginning from `2022-01-01`. #### Request Body ```json { "dateType": "ANNOUNCED", "startDate": "2025-05-01", "endDate": "2025-05-31", "limit": 25 } ``` #### cURL Example ```bash curl --request POST \ --url https://connect.intellizence.com/api/dataset/data-breach \ --header 'Content-Type: application/json' \ --header 'x-api-key: YOUR_API_KEY' \ --data '{ "dateType": "ANNOUNCED", "startDate": "2025-05-01", "endDate": "2025-05-31", "limit": 25 }' ``` *** ### 4. Search by Company Domain Use `companyDomain` to retrieve data and security breach records for a specific company website domain. This is recommended for CRM enrichment, vendor risk monitoring, account matching, data pipelines, and workflow automation because domains are usually more precise than company names. #### Request Body ```json { "companyDomain": "ameriprise.com", "limit": 10 } ``` #### cURL Example ```bash curl --request POST \ --url https://connect.intellizence.com/api/dataset/data-breach \ --header 'Content-Type: application/json' \ --header 'x-api-key: YOUR_API_KEY' \ --data '{ "companyDomain": "ameriprise.com", "limit": 10 }' ``` *** ### 5. Search by Company Industry Use `companyIndustry` to retrieve data and security breach records for companies in one or more industries. This is useful for cyber risk analysis, sector monitoring, market research, vendor risk intelligence, and investment research. #### Request Body ```json { "companyIndustry": [ "financial services", "healthcare" ], "limit": 20 } ``` #### cURL Example ```bash curl --request POST \ --url https://connect.intellizence.com/api/dataset/data-breach \ --header 'Content-Type: application/json' \ --header 'x-api-key: YOUR_API_KEY' \ --data '{ "companyIndustry": [ "financial services", "healthcare" ], "limit": 20 }' ``` *** ### 6. Search by Company Location Use `companyLocation` to retrieve data and security breach records for companies headquartered in a specific city, state, province, country, or region. #### Request Body ```json { "companyLocation": "Minneapolis,Minnesota,United States of America", "limit": 20 } ``` #### cURL Example ```bash curl --request POST \ --url https://connect.intellizence.com/api/dataset/data-breach \ --header 'Content-Type: application/json' \ --header 'x-api-key: YOUR_API_KEY' \ --data '{ "companyLocation": "Minneapolis,Minnesota,United States of America", "limit": 20 }' ``` *** ### 7. Search by Incident Type Use `incidentType` to retrieve cybersecurity incidents by type. Examples include `Data Breach/Theft/Leak`, `Security Breach`, `Ransomware`, `Malware`, `DDOS`, `POS Attack`, `Hack`, and `Others`. #### Request Body ```json { "incidentType": [ "Data Breach/Theft/Leak", "Ransomware" ], "limit": 20 } ``` #### cURL Example ```bash curl --request POST \ --url https://connect.intellizence.com/api/dataset/data-breach \ --header 'Content-Type: application/json' \ --header 'x-api-key: YOUR_API_KEY' \ --data '{ "incidentType": [ "Data Breach/Theft/Leak", "Ransomware" ], "limit": 20 }' ``` *** ### 8. Search by People Impacted Use `peopleImpacted` to filter data and security breach records by the number of affected individuals. You can use comparison operators such as `>`, `>=`, `<`, `<=`, `=`, and `!=`. #### Request Body ```json { "peopleImpacted": ">100000", "limit": 20 } ``` #### cURL Example ```bash curl --request POST \ --url https://connect.intellizence.com/api/dataset/data-breach \ --header 'Content-Type: application/json' \ --header 'x-api-key: YOUR_API_KEY' \ --data '{ "peopleImpacted": ">100000", "limit": 20 }' ``` *** ### 9. Search by Public Company Ticker Use `companyTicker` to retrieve data and security breach records for a public company. #### Request Body ```json { "companyTicker": "AMP", "limit": 10 } ``` #### cURL Example ```bash curl --request POST \ --url https://connect.intellizence.com/api/dataset/data-breach \ --header 'Content-Type: application/json' \ --header 'x-api-key: YOUR_API_KEY' \ --data '{ "companyTicker": "AMP", "limit": 10 }' ``` *** ### 10. Use Multiple Filters Together Combine filters to narrow results by date range, industry, company type, incident type, people impacted, and company location. #### Request Body ```json { "dateType": "ANNOUNCED", "startDate": "2025-01-01", "endDate": "2025-05-31", "companyIndustry": [ "financial services", "healthcare" ], "companyType": [ "Public" ], "incidentType": [ "Data Breach/Theft/Leak", "Ransomware" ], "peopleImpacted": ">100000", "companyLocation": "United States of America", "limit": 50 } ``` #### cURL Example ```bash curl --request POST \ --url https://connect.intellizence.com/api/dataset/data-breach \ --header 'Content-Type: application/json' \ --header 'x-api-key: YOUR_API_KEY' \ --data '{ "dateType": "ANNOUNCED", "startDate": "2025-01-01", "endDate": "2025-05-31", "companyIndustry": [ "financial services", "healthcare" ], "companyType": [ "Public" ], "incidentType": [ "Data Breach/Theft/Leak", "Ransomware" ], "peopleImpacted": ">100000", "companyLocation": "United States of America", "limit": 50 }' ``` *** ## 5 Use Case Examples ### 1. Daily Data Sync Use this example when you want to pull newly added or updated data and security breach records into your application, database, CRM, dashboard, or analytics workflow. #### Recommended Filters ```json { "dateType": "LAST-MODIFIED", "date": "2025-05-05", "limit": 100 } ``` #### Best For * Data pipelines * Daily refreshes * Internal dashboards * Alerts and workflow automation * CRM and data warehouse enrichment *** ### 2. Vendor Risk and Third-Party Monitoring Use this example to check whether a vendor, supplier, partner, or third-party company has recent cybersecurity incident activity. #### Recommended Filters ```json { "companyDomain": "ameriprise.com", "dateType": "LAST-MODIFIED", "startDate": "2025-01-01", "endDate": "2025-05-31", "limit": 10 } ``` #### Best For * Vendor risk monitoring * Third-party risk management * Supplier monitoring * Compliance workflows * Risk scoring *** ### 3. Sector Cyber Risk Analysis Use this example to track data breaches and cybersecurity incidents across a specific industry. #### Recommended Filters ```json { "dateType": "ANNOUNCED", "startDate": "2025-01-01", "endDate": "2025-05-31", "companyIndustry": [ "financial services", "healthcare" ], "incidentType": [ "Data Breach/Theft/Leak", "Ransomware" ], "limit": 50 } ``` #### Best For * Sector risk monitoring * Cyber risk intelligence * Market research * Investment research * Compliance and security research *** ### 4. Large Breach Monitoring Use this example to monitor incidents affecting a large number of individuals. #### Recommended Filters ```json { "dateType": "ANNOUNCED", "startDate": "2025-01-01", "endDate": "2025-12-31", "peopleImpacted": ">1000000", "incidentType": [ "Data Breach/Theft/Leak", "Security Breach" ], "limit": 50 } ``` #### Best For * Major incident tracking * Risk intelligence * Regulatory monitoring * Insurance and cyber underwriting research * Executive reporting *** ### 5. Sales and Account Monitoring Use this example to identify accounts with recent cybersecurity incidents that may signal risk, compliance needs, incident response needs, or vendor reassessment. #### Recommended Filters ```json { "dateType": "LAST-MODIFIED", "startDate": "2025-01-01", "endDate": "2025-05-31", "companyIndustry": [ "financial services", "healthcare", "technology" ], "incidentType": [ "Data Breach/Theft/Leak", "Ransomware", "Security Breach" ], "limit": 25 } ``` #### Best For * Account monitoring * Risk-based outreach * Cybersecurity sales intelligence * Customer risk monitoring * Compliance and security workflows *** ## Recommended Use Cases | Use Case | Recommended Filters | | -------------------------------------- | --------------------------------------------------- | | Daily data sync | `dateType`, `date`, `limit` | | Vendor risk and third-party monitoring | `companyDomain`, `dateType`, `startDate`, `endDate` | | Sector cyber risk analysis | `companyIndustry`, `incidentType`, date range | | Large breach monitoring | `peopleImpacted`, `incidentType`, date range | | Sales and account monitoring | `companyIndustry`, `incidentType`, date range | *** ## Best Practices ### Prefer company domain for company matching For CRM enrichment, vendor risk monitoring, data pipelines, account matching, and automated workflows, use `companyDomain` when available. Company domains are usually more precise than company names and help reduce duplicate or ambiguous matches. ```json { "companyDomain": "ameriprise.com", "limit": 10 } ``` ### Use company name for manual lookup You can also use `companyName` to search for data and security breach records by company name. Company name search is useful for manual lookup, but for automated workflows, CRM enrichment, and account matching, use `companyDomain` when available. ```json { "companyName": "Ameriprise Financial", "limit": 10 } ``` ### Use ticker for public company monitoring For public companies, use `companyTicker` when you want to search by stock ticker. ```json { "companyTicker": "AMP", "limit": 10 } ``` ### Use `LAST-MODIFIED` for daily syncs For recurring syncs, alerts, and automated workflows, use `LAST-MODIFIED`. ```json { "dateType": "LAST-MODIFIED", "date": "2025-05-05" } ``` This helps retrieve records that were newly added or updated on that date. ### Use `ANNOUNCED` for event-date research For research based on when a data or security breach was announced, use `ANNOUNCED`. ```json { "dateType": "ANNOUNCED", "startDate": "2025-01-01", "endDate": "2025-05-31" } ``` ### Use incident type to classify cybersecurity events Use `incidentType` to distinguish between data breaches, security breaches, ransomware, malware, DDoS, POS attacks, hacks, and other incident types. ```json { "incidentType": [ "Data Breach/Theft/Leak", "Ransomware", "Security Breach" ], "limit": 25 } ``` ### Use people impacted for severity-based filtering Use `peopleImpacted` to filter incidents by the number of affected individuals. ```json { "peopleImpacted": ">100000", "limit": 25 } ``` ### Use company location for headquarters-based analysis Use `companyLocation` when you want to filter by where the affected company is headquartered. ```json { "companyLocation": "Minneapolis,Minnesota,United States of America", "limit": 20 } ``` ### Use `limit` to control result size The default limit is `100` records if no limit is provided. ```json { "limit": 100 } ``` ### Combine filters for more precise results You can combine multiple filters in a single request to narrow your results. ```json { "dateType": "ANNOUNCED", "startDate": "2025-01-01", "endDate": "2025-05-31", "companyIndustry": [ "financial services" ], "incidentType": [ "Data Breach/Theft/Leak", "Ransomware" ], "peopleImpacted": ">100000", "limit": 50 } ``` *** ## Notes * All parameters are optional. * Dates should be provided in `YYYY-MM-DD` format. * The Intellizence Data & Security Breaches Dataset contains data beginning from `2022-01-01`. * Use `LAST-MODIFIED` when you want newly added or updated records. * Use `ANNOUNCED` when you want records based on the breach or incident announcement date. * Use `companyDomain` for CRM matching, vendor risk monitoring, account enrichment, account monitoring, and workflow automation. * Use `companyName` for manual lookup when the company domain is not available. * Use `companyTicker` for public company monitoring. * Use `companyIndustry` for sector-level cyber risk analysis. * Use `companyLocation` for headquarters-based filtering. * Use `incidentType` to filter by cybersecurity incident type. * Use `peopleImpacted` to filter by the number of individuals affected. --- # Agent Instructions This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com. ## Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter, and the optional `goal` query parameter: ``` GET https://docs.intellizence.com/signals-api/data-security-breaches/sample-requests.md?ask=&goal= ``` `ask` is the immediate question: it should be specific, self-contained, and written in natural language. `goal` is optional and describes the broader end goal you are ultimately trying to accomplish on behalf of the user. GitBook uses it to tailor the answer towards what is most useful for that goal. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.