[attrition] commentary: Data Loss "Unplugged"

[lyger]

http://attrition.org/dataloss/dlunplugged.html

Wed Oct 24 23:33:36 EDT 2007
Lyger

Since July 1, 2005, attrition.org has "officially" been tracking incidents 
regarding the theft, loss, or exposure of personally identifiable information 
(PII). In the months since the creation of the Data Loss web page, Data Loss 
Mail List, and Data Loss Database (Open Source) (aka "DLDOS"), we have been 
asked many questions about not only why we maintain these resources but also 
about what criteria we use to determine the inclusion of events into the mail 
list, web page, and database. For anyone interested, we feel that we should try 
to clarify our "requirements" and answer any questions that may arise.

First, we can't "report" what we don't know. In most cases, we will only 
include events that are reported by a legitimate media source. While we could 
include blog rumors and tips via email from unverified sources, we feel that 
it's best to have a verifiable and reputable source of information in case 
there are any questions or concerns regarding the validity of the information 
contained in our resources. If an event isn't covered by a reputable media 
source, there's a good chance we may not include it in our resources. We do 
understand that work by others such as Chris Walsh, who finds additional 
breaches through Freedom Of Information Act (FOIA) requests, will uncover 
breaches not normally reported by media outlets, but attrition.org simply 
doesn't have the resources to actively pursue such additional information. We 
applaud Chris for his efforts and hope that he continues to keep up with his 
endeavors.

[...]