States Approach Federal Data Breach Law with Caution With 47 different state laws on what companies are supposed to do when they become victims of cyberattack, is it time for federal legislation? Tod Newcombe | October 2014 When hackers made their way past hardware giant Home Depot’s security system last month, gaining access to credit card information for up to 60 million customers, it was considered the mother of all data breaches. But it’s only the latest in a growing series of hacking scandals. Between 2005 and 2014, there have been 4,695 breaches exposing 633 million records, according to the nonprofit Identity Theft Resource Center. The average cost of a breach to an organization is estimated at $3.5 million.