Monthly Archives: August, 2008

Total affected… who’s counting?

http://datalossdb.org/incidents/1127

There has been some discussion about the recent loss of a “memory stick” with the personal details of inmates in Great Britain. As the story above shows, it appears that about 84,000 prisoners may have been affected by this breach… or is that 94,000? Or… is that 130,000? Who knows… as bad as the British government apparently is about keeping anyone’s (even prisoners) personal information safe, the media is apparently equally as bad about doing that “numbers thing”.

For now, DataLossDB has this particular breach listed as 94,000 total records affected until more conclusive (coherent?) data has been obtained, but at least one question should be asked: does the total number of people affected in ANY data breach really matter? It seems that breaches with a large number of people and/or records affected get more media attention, especially when a lot of zeros and commas are in the headline, but is that really any indication of the magnitude of the real problem at hand? Now that the total number of *records* (not people) exposed is into the hundreds of millions, does the general public really think about the difference between, say, 84,000 and 94,000 records? At this point, and after years of media reports of large data breaches (i.e. TJX), are we desensitized to data breaches that affect less than, say, 10,000 people and/or records?

I don’t know the answers to those questions. Just rambling on a Saturday morning and throwing things out for thought and discussion…

And to lighten things up a bit, maybe Noah can help us out…

RIGHT. What’s a cubit?

Posted by Lyger.

Back from Vegas…

We’re back from Las Vegas and have had some good success in promoting the site and getting new volunteers to contribute. Special thanks to Jon Turner for providing new incidents and data from the UK. We don’t always hear about non-US events in a timely fashion over here in the States, so any input from overseas is appreciated!

Updates to Attrition.org’s Data Loss web page and RSS feed are gradually slowing down as we continue to migrate resources to DatalossDB.org. Our target date for a complete conversion, which will also include the Data Loss Mail List, is September 1. Hopefully, it will be a transparent migration. We’ll keep everyone posted as events happen.

Please keep in mind that during this time of transition, we would like to extend an offer to anyone interested: JUMP IN! If you would like to make an account or edit anonymously, please do. As Jericho said in a recent mail list post:

“Again, thank you for the praise, but please remember that we’re stretched thin between attrition.org, datalossdb.org and osvdb.org and those pesky day jobs and significant others. It would be extremely helpful if more people would spend fifteen minutes a week updating those sites with us, or contributing to new ideas like this one.”

Posted by Lyger.