Oldest Data Loss Incident - Contest Winners

[lyger <lyger () attrition org>]

http://datalossdb.org/incident_highlights/28-oldest-data-loss-incident-contest-winners

In early April, Open Security Foundation came up with an idea for a new 
contest for DataLossDB.  OSF had done something similar for our sister 
project, the Open Source Vulnerability Database (OSVDB) a few years back: 
an "oldest vulnerability contest"; this time, we decided to bring the same 
type of contest to DataLossDB.  We lined up some great sponsors, and held 
high hopes that contestants would be reaching down into the 90's for data 
loss incidents, striving to win one of the excellent prizes kindly donated 
by our sponsors.

[.]

Multiple contestants submitted the "most misused social security number 
of all time" story, regarding a wallet manufacturer who placed a social 
security card "look-a-like" in wallets they sold which happened to contain 
the Social Security number of a vice president's secretary, Mrs. Hilda 
Schrader Whitcher.  Reportedly, by 1943, thousands of people were using 
her Social Security number as their own.  A data loss incident, no doubt, 
but number affected is less than 10, which unfortunately made it 
ineligible for the competition and not a fit for the data set.  There was 
also a great submission regarding a card embosser who printed and used 
3,000 fake Diner's Club cards.  A great story of credit card fraud, but 
not one that threatens identities, and thus not something we'd really 
include in the data set.  The numbers were fake, as were the names.

We had several other decent submissions that we couldn't accept as well, 
such as a 1998 incident where CBS SportsLine exposed information regarding 
thousands of March Madness contestants on their website, or the WRGT Fox 
45 breach of 1999 where names, addresses, and email addresses were exposed 
on their website in a text file.  The information wouldn't qualify as PII 
(most of the information would be considered "telephone book material"), 
but it was interesting to see late 1990's security breaches.

All of the entries listed above were fascinating submissions in one way or 
another, but didn't make the cut for inclusion in the database, and thus 
didn't make the cut for winning prizes.  Most entries DID, however, make 
the cut... and without further ado...

http://datalossdb.org/incident_highlights/28-oldest-data-loss-incident-contest-winners

[...]
_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)

Get business, compliance, IT and security staff on the same page with
CREDANT Technologies: The Shortcut Guide to Understanding Data Protection
from Four Critical Perspectives. The eBook begins with considerations
important to executives and business leaders.
http://www.credant.com/campaigns/ebook-chpt-one-web.php