BreachExchange mailing list archives
Oldest Data Loss Incident - Contest Winners
From: lyger <lyger () attrition org>
Date: Mon, 1 Jun 2009 02:05:35 +0000 (UTC)
http://datalossdb.org/incident_highlights/28-oldest-data-loss-incident-contest-winners In early April, Open Security Foundation came up with an idea for a new contest for DataLossDB. OSF had done something similar for our sister project, the Open Source Vulnerability Database (OSVDB) a few years back: an "oldest vulnerability contest"; this time, we decided to bring the same type of contest to DataLossDB. We lined up some great sponsors, and held high hopes that contestants would be reaching down into the 90's for data loss incidents, striving to win one of the excellent prizes kindly donated by our sponsors. [.] Multiple contestants submitted the "most misused social security number of all time" story, regarding a wallet manufacturer who placed a social security card "look-a-like" in wallets they sold which happened to contain the Social Security number of a vice president's secretary, Mrs. Hilda Schrader Whitcher. Reportedly, by 1943, thousands of people were using her Social Security number as their own. A data loss incident, no doubt, but number affected is less than 10, which unfortunately made it ineligible for the competition and not a fit for the data set. There was also a great submission regarding a card embosser who printed and used 3,000 fake Diner's Club cards. A great story of credit card fraud, but not one that threatens identities, and thus not something we'd really include in the data set. The numbers were fake, as were the names. We had several other decent submissions that we couldn't accept as well, such as a 1998 incident where CBS SportsLine exposed information regarding thousands of March Madness contestants on their website, or the WRGT Fox 45 breach of 1999 where names, addresses, and email addresses were exposed on their website in a text file. The information wouldn't qualify as PII (most of the information would be considered "telephone book material"), but it was interesting to see late 1990's security breaches. All of the entries listed above were fascinating submissions in one way or another, but didn't make the cut for inclusion in the database, and thus didn't make the cut for winning prizes. Most entries DID, however, make the cut... and without further ado... http://datalossdb.org/incident_highlights/28-oldest-data-loss-incident-contest-winners [...] _______________________________________________ Dataloss Mailing List (dataloss () datalossdb org) Get business, compliance, IT and security staff on the same page with CREDANT Technologies: The Shortcut Guide to Understanding Data Protection from Four Critical Perspectives. The eBook begins with considerations important to executives and business leaders. http://www.credant.com/campaigns/ebook-chpt-one-web.php
Current thread:
- Oldest Data Loss Incident - Contest Winners lyger (May 31)