BreachExchange mailing list archives
Fwd: 88 million... is it really an accurate number? (fwd)
From: Beth Givens <bgivens () privacyrights org>
Date: Fri, 30 Jun 2006 17:55:18 -0700
I've appreciated reading the discussion about "88 million." That number most likely comes from our Chronology of Data Breaches, posted on our web site here: http://www.privacyrights.org/ar/ChronDataBreaches.htm We have revised the text to reflect number of RECORDS, rather than number of INDIVIDUALS. Thanks for your critical thinking on this matter. Beth Givens
Delivered-To: dataloss () attrition org Date: Wed, 28 Jun 2006 09:12:13 -0400 (EDT) From: lyger <lyger () attrition org> To: dataloss () attrition org Subject: [Dataloss] 88 million... is it really an accurate number? (fwd) Precedence: list List-Id: Incidents of Data Loss <dataloss.attrition.org> List-Unsubscribe: <https://attrition.org/mailman/listinfo/dataloss>, <mailto:dataloss-request () attrition org?subject=unsubscribe> List-Archive: <http://attrition.org/pipermail/dataloss> List-Post: <mailto:dataloss () attrition org> List-Help: <mailto:dataloss-request () attrition org?subject=help> List-Subscribe: <https://attrition.org/mailman/listinfo/dataloss>, <mailto:dataloss-request () attrition org?subject=subscribe> Sender: dataloss-bounces () attrition org Errors-To: dataloss-bounces () attrition org ---------- Forwarded message ---------- From: blitz <blitz () strikenet kicks-ass net> To: lyger <lyger () attrition org> Date: Wed, 28 Jun 2006 09:08:38 -0400 Subject: [Dataloss] 88 million... is it really an accurate number?On Tue, 27 Jun 2006, lyger wrote:Hobbit's question leads to yet another question regarding uniqueness: You're an American citizen and have three credit cards. Two are VISAs, one is a MasterCard. Are you: 1. One "record" because of your name and mailing address, 2. Two "records" because you have two different brands of cards, 3. Three "records" because you have three unique card numbers, or 4. Six records because of the cross-references between your card brands and card numbers that seem to exist in various databases? I can't honestly answer that question, so any insight would be appreciated. Are combined raw numbers really useful? Example = Ohio University. In their four or five breaches, are they counting for uniques? Did one person's records live on five different breached servers? One media story says 360,000. Another says 70,000. Is the media counting "records", "names", "unique individuals", or some other criteria? (if responding, please post below for easier thread-following)Hmm..I see your problem.. I'd say, every breach, at a different time, or different data, by the same or other reason/fault that allowed it to be acquired would constitute a separate incident. In other words, is XYZ company lost your personally identifiable info on Monday, but the thieves came back on Tuesday, and got either the same or different data, each would count as a separate incident. This would tend to push figures higher, as the invader might of copied A-M account data on Monday, and A-Z Tuesday, but since they were on different occasions, yes, I'd count them as separate incidents for the record. Of course, XYZ would like to say "there was a data loss", but as long as we can date the incursions, they should be separate IMHO. We ALL know the stats are being manipulated DOWN by those affected for liability reasons...so if you can document individual breaches, by all means count them as separate. _______________________________________________ Dataloss Mailing List (dataloss () attrition org) http://attrition.org/errata/dataloss/
The information, advice, and suggestions contained in this email should be used as an information source and not as legal advice. Beth Givens, Director Privacy Rights Clearinghouse 3100 - 5th Ave., Suite B San Diego, CA 92103 Voice: 619-298-3396 Fax: 619-298-5681 bgivens () privacyrights org http://www.privacyrights.org +++++++++++++++++++++++++++++++++++++ Join our email newsletter. http://www.privacyrights.org/subscribe.html _______________________________________________ Dataloss Mailing List (dataloss () attrition org) http://attrition.org/errata/dataloss/
Current thread:
- 88 million... is it really an accurate number? (fwd) lyger (Jun 28)
- <Possible follow-ups>
- Re: 88 million... is it really an accurate number? (fwd) DAIL, ANDY (Jun 28)
- Fwd: 88 million... is it really an accurate number? (fwd) Beth Givens (Jun 30)