Oldest Incident Contest

DataLossDB has launched a research endeavor to find the oldest documented data loss incident. The contest runs from April 1 to May 15, 2009.Winners will receive some quality rewards such as our grand prize of a Mac Mini thanks to the support from the following sponsors: CREDANT, ArcSight, ITAC Sentinel, StrikeForce and TechShield

What is the oldest documented data loss? As far as what is currently in DataLossDB, it is from January 10, 2000 when a hacker claimed to have stolen 300,000 credit card numbers from CD Universe.

We believe there are plenty of data loss incidents that happened prior to CD Universe. Does anyone have an older incident they can submit to DataLossDB? We want it, and we’ll reward you for it!

You can find the full contest rules and participation guidelines at our contest page located here: http://datalossdb.org/oldest_incidents_contest

Here are a couple points of clarifications about the contest:

What actually will count for the contest?
Small or relatively minor cases of identity theft do not qualify for inclusion. The event submitted must have affected more than 10 individuals. Incidents must have resulted in a breach of Personally Identifiable Information (PII). Specifically, incidents must have resulted in the loss as described in the contest page.

How old of an incident can I submit?
At the end of the day, any entry submitted should improve the data for the project. If you think that it is a quality entry that you believe should be included in DataLossDB based on our standards, then submit it. We hope that most people that want to participate “get it”, but if the entry is blatantly meant to be snarky we are going to simply ignore it. While it may be up for debate, a good rule of thumb to safely submit an entry would be to keep it 19th century and up. =)

What if I can’t find anything older than CD Universe?
While we believe there are plenty out there, all incidents submitted don’t have to be older than the CD Universe breach. For instance, the oldest Stolen Computer breach in the database occurred in 2003. So, submit what you find! You might find the oldest stolen laptop breach, or the oldest accidental web exposure breach.

Do I have to use the contest link?
Yes. In order for us to keep track of the contest if you want to be included, all submissions for this contest must be done via the following contest link:http://datalossdb.org/submissions/new?contest_id=1

What if I am not sure about the incident I have found?
If you are unsure that your incident qualifies please contact curators@datalossdb.org.

Just remember that the contest is aimed to improve the data in DataLossDB while at the same time trying to identify the oldest data loss incident. Anything that is submitted must pass the general ‘BS’ test. If our cynical minds detect shenanigans, it doesn’t count. The Open Security Foundation is the judge and jury in the contest, and we reserve the right to refuse any entry that we feel does not meet our standards for inclusion in the DataLossDB project.

The Open Security Foundation wants to thank our dedicated volunteers and our sponsors for their continued support. If there are any other questions or you would like to discuss other sponsorship opportunities in the future please contact curators@datalossdb.org.


ArcSight is a leading provider of security and compliance management solutions that intelligently identify and mitigate business risk for enterprises, MSSPs and government agencies. Designed with the needs of highly complex, geographically dispersed and heterogeneous business and technology infrastructures in mind, ArcSight provides the industry’s only vendor-neutral solution for intelligent identification, prioritization and network response to external security attacks, insider threats and compliance breaches.

CREDANT Technologies, a leader in data security, offers advanced data encryption solutions. Every day our patented data-centric, policy-based, centrally-managed software protects the data on over 5 million devices worldwide to ensure security compliance, protect brands and enhance IT and end-user productivity. Learn more about intelligent data security for privacy compliance and avoid the damaging impact of security breaches.

ITAC Sentinel – Protection, Recovery, Trust. The must-have, essential tools needed to fight identity theft. It’s ideal for anyone looking for core identity theft protection.

StrikeForce Technologies is a leading provider that Specializes in Identity Theft Online solutions for consumers, industry and government. By leveraging StrikeForce’s breakthrough technologies, consumers and organizations can finally secure their electronic assets while protecting their employees, business partners, suppliers and customers from malicious hacking and online theft.

TechShield – When your network security technology fails where can you turn? TechShield offers comprehensive privacy and data security insurance products and risk management services to companies that use networked systems, electronic communications and ecommerce. TechShield is brought to you by Aon (NYSE: AOC), the leading global provider of risk management, insurance and reinsurance brokerage and human capital consulting

Open Security Foundation – Open Security Foundation is a 501(c)(3) non-profit public organization founded and operated by information security enthusiasts. We exist to empower all types of organizations by providing knowledge and resources so that they may properly detect, protect, and mitigate information security risks.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: