The Privacy Clearinghouse maintains a fairly comprehensive list of known data breaches derived mainly from the Open Security Foundation list-serve (offering a free email notification service, too!) which is in turn derived from verifiable media stories, government web sites, or blog posts. Many breaches (particularly smaller ones) may not be reported at all. If a breached entity has failed to notify its customers or a government agency of a breach, then it is unlikely that the breach will be reported anywhere. This database is updated about twice a week.
TOTAL number of records containing sensitive personal information involved in a breach recorded Jan 2005 to Jan 2009. 342,056,319
What does the total number indicate?
For tips on what to do if your personal information has been exposed due to a security breach, read: http://www.privacyrights.org/fs/fs17b-SecurityBreach.htm.