How the DoxxScan™ Rating Is Calculated
The DoxxScan™ Rating is a single number from 0 to 100 that estimates how exposed a company’s customers may be, based only on that company’s publicly reported breach history. A lower rating means a higher likelihood that personal information tied to the company is already circulating and could be used to dox or target people.
What goes into it
Every company starts at a perfect 100. For each publicly reported breach we deduct points based on four objective factors:
- Number of breaches — more reported incidents means more deductions.
- Severity — a critical breach removes more points than a low-severity one.
- Recency — recent breaches (within the last year) count in full; older breaches count for less, because exposed data ages and defenses change.
- Data sensitivity — breaches that exposed high-risk data such as Social Security numbers, financial details, passwords or medical records carry extra weight, since that data is the most useful for doxxing and identity theft.
The deductions are summed and the result is clamped to a floor of 5, so no company is ever shown as a flat zero on incomplete data. The calculation is fully automated and deterministic — the same public facts always produce the same rating.
What the bands mean
What it is not
The DoxxScan™ Rating is not a security audit, a certification, or a judgment of a company’s current security controls. It reflects public breach history only, which may be incomplete or later corrected. A high rating does not guarantee safety, and a low rating does not mean a company is currently insecure — only that its past breaches make customer data more likely to be circulating. It is provided for general awareness and is not legal, financial, or security advice.
The DoxxScan™ Rating is an automated, informational estimate of how exposed a company’s customers may be, derived solely from publicly reported breach history — the number of incidents, how recent and severe they were, and the sensitivity of the data involved. A lower rating indicates a higher likelihood that personal information tied to this company is circulating and could be used to dox or target individuals. It is not an audit, certification, or assessment of the company’s current security controls, and it does not represent present-day risk. It may rely on incomplete or unverified public reports and can change as new information emerges. Recent Breaches and GalaxyWarden are independent and are not affiliated with, and do not endorse, any company named here. Provided for general awareness only — not legal, financial, or security advice. How the rating is calculated →

GalaxyWarden