# Retrieve a Collection of Data Loss or Data Breach Events across your Portfolio
source: https://developer.mastercard.com/riskrecon-api/documentation/use-cases/risk-assessment/datalossevent/retrve-data-loss-evnts/index.md

## Overview {#overview}

You can use the `GET Portfolio Data Loss Events` endpoint to retrieve a collection of data loss or data breach events across your portfolio. It retrieves various details of a data loss event, such as the date of the breaches, public dates, what information was compromised, number of records exposed, threat actions, threat actors, threat vectors, and source links.

### Filter parameters {#filter-parameters}

RiskRecon recommends using filtering capabilities to limit the breach event data returned in the response by using [pagination parameters](https://developer.mastercard.com/riskrecon-api/documentation/use-cases/index.md#pagination-metadata) and the following query parameters in the API request:

* **Breach event start date** : This is the date when the breach event happened. You can use the `breach_event_start_date` parameter to see if any new breach events have occurred since it last started or was noticed.
* **Breach event created at date** : The breach event created at date is when the record was created in the RiskRecon database. You can use the `created_at_start_date` parameter to see if any new breach events have been added to the database.
* **Date when the breach event was made public** : The date when the breach event was made known to the public. You can use the `public_event_start_date` parameter to retrieve the list of breach events that was revealed to the public on a particular date.
* **Risk-relationship slugs** : Since each breach event is associated with a TOE, you can use the `risk_relationship_slugs[]` array parameter to know if there are any breach events for any TOE in a particular folder.

Note: The `GET Data Loss Events` endpoint is a legacy endpoint. You can use it to retrieve a collection of data loss or data breach events of a given TOE only and must provide the `toe_id` as the request parameter for this legacy endpoint. This endpoint does not support pagination.

### View breach events on the RiskRecon portal {#view-breach-events-on-the-riskrecon-portal}

The data breach events in the response will match any data breach event as displayed in the **Security Profile** tab of the vendor's page on the **RiskRecon web portal** across these criteria as shown in the following image for data breach events:

![](https://static.developer.mastercard.com/content/riskrecon-api/uploads/data-loss-events-security-criteria.png)

You can also see a graphical representation of the data loss events, similar to the following image, in the **Overview** tab of the vendor's page on the **RiskRecon web portal**. The red dots on the graph represent breach events that have occurred.

![](https://static.developer.mastercard.com/content/riskrecon-api/uploads/data-loss-events.png)

## Sequence Diagram {#sequence-diagram}

The following diagram shows how to retrieve a collection of data loss or data breach events across your portfolio:
Diagram retrieve-data-loss-events

## Execution Steps {#execution-steps}

The following steps describe how to retrieve a collection of data loss or data breach events across your portfolio:

1. The user sends a `GET` request to retrieve the collection of data loss or data breach events across the portfolio.
2. RiskRecon provides the collection of data loss or data breach events across the portfolio.

## Sample Request and Response {#sample-request-and-response}

For a sample request and response of this API, see [Get Data Loss Events across your Portfolio](https://developer.mastercard.com/riskrecon-api/documentation/testing/dataloss-samples/retrve-data-loss-evnts-smpl/index.md).

## Use Case Example {#use-case-example}

The use cases in this section discuss how you can use the `GET Portfolio Data Loss Events` endpoint to retrieve a list of data loss or data breach events for a vendor in your portfolio:

* [Track vendor progress in addressing breach events](https://developer.mastercard.com/riskrecon-api/documentation/use-cases/risk-assessment/datalossevent/retrve-data-loss-evnts/index.md#track-vendor-progress-in-addressing-breach-events)
* [Retrieve data loss events while vetting potential vendors](https://developer.mastercard.com/riskrecon-api/documentation/use-cases/risk-assessment/datalossevent/retrve-data-loss-evnts/index.md#retrieve-data-loss-events-while-vetting-potential-vendors)

### Track vendor progress in addressing breach events {#track-vendor-progress-in-addressing-breach-events}

RiskRecon has detected a host, with sensitive information, on an open port for a vendor. A few months later, the vendor suffered a cyber attack compromising the identity of the vendor and exposing sensitive information online.

There have also been cases where some more vendors in the supply chain faced cyber attacks wherein a malicious group broke into the hosts and company networks to steal data leading to breaches.

The RiskRecon customer and the vendors are investigating the data breach events to take necessary steps to bridge the gaps in their breach prevention programs. The RiskRecon customer can use the `GET Portfolio Data Loss Events` endpoint to retrieve the latest data loss events across its portfolio and periodically check if the vendors have experienced any additional breach events.

### Retrieve data loss events while vetting potential vendors {#retrieve-data-loss-events-while-vetting-potential-vendors}

A RiskRecon customer is vetting a vendor and needs to know if the vendor has gaps in their data loss protection program. Those gaps can be indicated by recent data losses. The RiskRecon customer can use the `toe_id` of this vendor in the request of the `GET Data Loss Events` endpoint to retrieve a list of data loss events for the vendor.  

The customer observes that there have been three data loss events in the last two years, indicating gaps in the data loss protection program. Having that information helps the user evaluate if they should continue business with that vendor.

## Endpoint {#endpoint}


API Reference: `GET /v1/portfolio_data_loss_events`

## Legacy Endpoint {#legacy-endpoint}


API Reference: `GET /v1/data_loss_events/{toe_id}`