As of this writing, Attrition.org's Data Loss Database - Open Source (DLDOS) officially has 1,000 entries. The Connecticut Department of Labor (un?)graciously lost documents containing the names, addresses, and Social Security numbers of about 2,100 people, which places them into the database with a unique identifier (UID) of DL-1000. DLDOS includes data breaches from every year since 2000 with a sharp spike in numbers beginning in 2005, so we're not really surprised that we reached this "milestone" number shortly before the third anniversary of the data loss project. Still, it's something of a bittersweet event to commemorate; we would rather not have to put dozens of breaches every month on a web page, in a database, and sent to a mailing list of about 1,400 subscribers. If it wasn't a problem, we wouldn't... but it is, so we do.
There are clearly more than 1,000 breaches of personal information that have occured in the last several years, but as we have mentioned several times in the past, we only include those that we know about through verifiable media reports and those that meet our criteria for inclusion. Other groups such as the Identity Theft Resource Center and Privacy Rights Clearinghouse also maintain lists of publicly known data breaches and have probably experienced some of the same frustrations that we have. When considering our UID numbering system for DLDOS, we considered using a DL-##### (five digit) format. In my infinite wisdom (*cough*), I suggested the current four digit system, claiming "I don't want to be doing this in 30 years!", to which Jericho replied (probably sarcastically, as is his general MO) "right, leave it for future generations to figure out."
In retrospect, we should have adopted the five digit system.
State governments are beginning to form centralized reporting agencies, countries other than the United States are becoming more aware of the issue, and the media considers identity theft to be a "hot topic" (can you imagine Rick Astley getting this much press in 2008? Oh, wait...). Going forward, we have no idea whether the totals will go higher as more breaches are disclosed, lower as media burnout may possibly occur, or will just remain a droning buzz in our ears as a steady stream of reports come to our attention. Either way, we still feel that the loss and/or theft of personally identifying information is an important topic, and we hope that anyone interested in the subject contributes to ongoing research and awareness of the issue.
Now serving... #1,001. Should be only a day or so.
[an error occurred while processing this directive]