[Infowarrior] - FW: [attrition] Commentary: Data Loss "Unplugged"

[Richard Forno]

Wed Oct 24 23:33:36 EDT 2007
Lyger

Since July 1, 2005, attrition.org has "officially" been tracking incidents
regarding the theft, loss, or exposure of personally identifiable
information (PII). In the months since the creation of the Data Loss web
page, Data Loss Mail List, and Data Loss Database (Open Source) (aka
"DLDOS"), we have been asked many questions about not only why we maintain
these resources but also about what criteria we use to determine the
inclusion of events into the mail list, web page, and database. For anyone
interested, we feel that we should try to clarify our "requirements" and
answer any questions that may arise.

First, we can't "report" what we don't know. In most cases, we will only
include events that are reported by a legitimate media source. While we
could include blog rumors and tips via email from unverified sources, we
feel that it's best to have a verifiable and reputable source of information
in case there are any questions or concerns regarding the validity of the
information contained in our resources. If an event isn't covered by a
reputable media source, there's a good chance we may not include it in our
resources. We do understand that work by others such as Chris Walsh, who
finds additional breaches through Freedom Of Information Act (FOIA)
requests, will uncover breaches not normally reported by media outlets, but
attrition.org simply doesn't have the resources to actively pursue such
additional information. We applaud Chris for his efforts and hope that he
continues to keep up with his endeavors.

[...]

http://attrition.org/dataloss/dlunplugged.html