[Dataloss] commentary: Data Loss "Unplugged"

[lyger]

http://attrition.org/dataloss/dlunplugged.html

Wed Oct 24 23:33:36 EDT 2007
Lyger

Since July 1, 2005, attrition.org has "officially" been tracking incidents 
regarding the theft, loss, or exposure of personally identifiable 
information (PII). In the months since the creation of the Data Loss web 
page, Data Loss Mail List, and Data Loss Database (Open Source) (aka 
"DLDOS"), we have been asked many questions about not only why we maintain 
these resources but also about what criteria we use to determine the 
inclusion of events into the mail list, web page, and database. For anyone 
interested, we feel that we should try to clarify our "requirements" and 
answer any questions that may arise.

First, we can't "report" what we don't know. In most cases, we will only 
include events that are reported by a legitimate media source. While we 
could include blog rumors and tips via email from unverified sources, we 
feel that it's best to have a verifiable and reputable source of 
information in case there are any questions or concerns regarding the 
validity of the information contained in our resources. If an event isn't 
covered by a reputable media source, there's a good chance we may not 
include it in our resources. We do understand that work by others such as 
Chris Walsh, who finds additional breaches through Freedom Of Information 
Act (FOIA) requests, will uncover breaches not normally reported by media 
outlets, but attrition.org simply doesn't have the resources to actively 
pursue such additional information. We applaud Chris for his efforts and 
hope that he continues to keep up with his endeavors.

[...]