About DataLossDB

What We Do

Every day, project curators and volunteers scour news feeds, blogs, and other websites looking for data breaches, new and old. We search for incidents that need to be updated, or incidents that are not yet in the database. We then add them to the database, mail out members of the mailing list, and Tweet the breach out to Twitter.

News that we find in the course of searching for breaches that does not fully qualify as a breach, but that is still relevant to identity theft or data security gets added to the Blotter.

In addition to scouring the internet for breaches, we also regularly send out Freedom of Information (Public Records / Open Records) requests to various US States requesting breach notification documents they receive as a result of various state legislation.

These notices are then added to the Primary Sources Archive where they can then be viewed by all. Volunteers comb through these documents and associate them with Incidents, and enter in some basic information regarding the notifications.

These Primary Sources give us deeper insight into data loss incidents, and also uncover incidents that slipped by the media unnoticed.

Why We Do It

The Open Security Foundation, as well as our volunteers, feel that there is a distinct need for tools that provide unbiased, high quality data regarding data loss. There are no other open, downloadable, machine parse-able resources out there that facilitate research into this subject matter. By providing this sort of resource, we feel we can help accomplish the following:

• Improve awareness of data security and identity theft threats to consumers.
• Provide accurate statistics to CSO's and CTO's to assist them in decision making.
• Provide governments with reliable statistics to assist with their consumer protection decisions and initiatives.
• Assist legislators and citizens in measuring the effectiveness of breach notification laws.
• Gain a better understanding of the effects of, and effectiveness of "compliance".

Who We Are

Curators are:

• Jake Kouns
• Brian Martin
• David Shettler
• Kelly Todd

In addition, we have many volunteers all around the country who contribute time, resources, and data to the project.

Contact Us

Email:

Mail:

Open Security Foundation
5518 Olde Hartley Way
Glen Allen, VA 23060

IRC: #datalossdb on irc.freenode.net

Twitter: http://twitter.com/datalossdb

Media

The quickest way to get in touch with us is via email. Send email to

We will attend to your email as quickly as possible.

In the News

• 2009-01-28: Telegram and Gazette: The Cybercriminal Inside
• 2009-01-20: Network World: Banks warn debit card holders; processor acknowledges breach
• 2009-01-20: PC World: Your Laptop Data Is Not Safe. So Fix It.
• 2008-07-15: Network World: Making data-breach research easier
• 2007-07-10: Forbes: The Cybercriminal Inside

Press Releases

	CREDANT Technologies, the market leader in data protection solutions, today 
	announced it has entered a partnership agreement with the Open Security 
	Foundation, a non-profit organization dedicated to tracking and reporting 
	security vulnerabilities and breaches of personal information.

	The Open Security Foundation's DataLossDB, a research project that documents 
	known and reported data loss incidents worldwide, recently announced the 
	inclusion of the Primary Sources Archive. The Primary Sources Archive is a 
	collection of breach notification letters sent to various jurisdictions in the 
	United States.

	“Though security breaches, hacking, identity theft and other types of data 
	loss occur frequently, many of these incidents go unreported, ” said Michael 
	Callahan, Chief Marketing Officer for CREDANT Technologies. “By collecting 
	this vital information in one place, the Open Security Foundation is creating 
	a means to educate the market on the state of data security today. The more 
	knowledgeable companies, employees and solution providers are the better 
	equipped we will all be to ensure critical data is protected."

	"We think that this partnership will help bring more exposure to incidents 
	that have affected millions of people across the world," said David Shettler, 
	Vice President and Chief Technology Officer for Open Security Foundation. 
	"CREDANT has offered to help us in our efforts to bring these incidents to 
	light, and we hope people and organizations will take notice and consider what 
	they might have to do to protect their personal information from misuse or 
	harm."

	Open Security Foundation’s Primary Sources Archive and database have been 
	gathered by staff and volunteers, and are considered to be a leading resource 
	of information for breaches involving the loss, exposure, and theft of 
	personal information. Currently, OSF is accumulating more Primary Source 
	documents via the Freedom of Information Act, which involves contacting 
	various local and state governmental agencies.

	About the Open Security Foundation
	The Open Security Foundation (OSF) is a 501(c)(3) non-profit public 
	organization founded and operated by information security enthusiasts, formed 
	to empower all types of organizations by providing knowledge and resources so 
	that they may properly detect, protect, and mitigate information security 
	risks. To that end, the Foundation has established the DataLoss Database, a 
	free and open resource for the collection and dissemination of data loss 
	incident-related information. For more information, visit 
	http://datalossdb.org/.

	About CREDANT Technologies
	CREDANT® Technologies is the market leader in endpoint data protection
	solutions. CREDANT’s data security solutions mitigate risk, preserve customer 
	brand, and reduce the cost of compliance, enabling business to “protect what 
	matters.” CREDANT Mobile Guardian is the only centrally managed endpoint data 
	protection solution providing strong authentication, intelligent encryption, 
	usage controls, and key management for data recovery. By aligning security to 
	the type of user, device, and location, CREDANT permits the audit and 
	enforcement of security policies across all computing endpoints. Strategic 
	partners and customers include leaders in finance, government, healthcare, 
	manufacturing, retail, technology, and services. CREDANT has been recognized 
	by Inc. magazine as the #1 fastest growing security software company in 2008 
	and 2007; was selected by Red Herring as one of the top 100 privately held 
	companies and top 100 Innovators; and was named Ernst & Young Entrepreneur of 
	the Year® 2005. Austin Ventures, Menlo Ventures, Crescendo Ventures, Intel 
	Capital, and Cisco Systems are investors in CREDANT Technologies. For more 
	information, visit www.credant.com.

	RICHMOND, VA, July 14, 2008 - The Open Security Foundation (OSF) is 
	pleased to announce that the DataLossDB (also known as the Data Loss 
	Database - Open Source (DLDOS) currently run by Attrition.org) will be 
	formally maintained as an ongoing project under the OSF umbrella 
	organization as of July 15, 2008.

	Attrition.org's Data Loss project, which was originally conceptualized 
	in 2001 and has been maintained since July 2005, introduced DLDOS to the 
	public in September of 2006. The project's core mission is to track the 
	loss or theft of personally identifying information not just from the 
	United States, but across the world. As of June 4, 2008, DataLossDB 
	contains information on over 1,000 breaches of personal identifying 
	information covering over 330 million records.

	DataLossDB has become a recognized leader in the categorization of 
	dataloss incidents over the past several years. In an effort to build 
	off the current success and further enhance the project, the new 
	relationship with OSF provides opportunities for growth, an improved 
	data set, and expanded community involvement. "We've worked hard to 
	research, gather, and make this data open to the public," says Kelly 
	Todd, one of the project leaders for DataLossDB. "Hopefully, the 
	migration to OSF will lead to more community participation, public 
	awareness, and consumer advocacy by providing an open forum for 
	submitting information."

	The Open Security Foundation's DataLossDB will be free for download and 
	use in non-profit work and research. The new website launch 
	(http://www.datalossdb.org/) builds off of the current data set and 
	provides an extensive list of new features. DataLossDB has attained 
	rapid success due to a core group of volunteers who have populated and 
	maintained the database. However, the new system will provide an open 
	framework that allows the community to get involved and enhance the 
	project. "For a data set as dynamic as this, it made sense to build it 
	into a more user-driven format.", states David Shettler, the lead 
	developer for the Open Security Foundation. "With the release of this 
	new site, the project can now be fed by anyone, from data loss victims 
	to researchers".

	The DataLossDB's mail list will continue to be available to over 1,500 
	current subscribers and will accept new subscriptions under the 
	Attrition.org banner until a migration to OSF has been completed. RSS 
	feeds will also be available under the OSF banner for timely alerts 
	about new and updated data loss events. We expect this transition to be 
	completed in the coming months without impact to current subscribers.

	Open Security Foundation's DataLossDB is an open source community 
	project that strives to provide a clear understanding of data loss 
	issues and needs your support. Assistance can be provided through 
	database updates, project leadership, word-of-mouth promotion, financial 
	donations, and sponsorship to assist with the ongoing maintenance of the 
	project. "The DataLossDB project provides a critical service that 
	enables detailed analysis on the true impact of data loss.", says Jake 
	Kouns. "The Open Security Foundation is in a perfect position to support 
	the expansion of the DataLossDB project." Any entities interested in 
	licensing the database for commercial ventures are encouraged to contact 
	OSF.

	Open Security Foundation's DataLossDB can be found at
	http://www.datalossdb.org/

	Press Contacts:

	Kelly Todd
	Email: kelly@opensecurityfoundation.org

	David Shettler
	Email: dave@opensecurityfoundation.org

	Jake Kouns
	Email: jkouns@opensecurityfoundation.org

	Brian Martin
	Email: bmartin@opensecurityfoundation.org

	Open Security Foundation: (804) 306-8412