Data Loss Database Blog

4 CommentsHas "Data Loss" Jumped The Shark?

2009-10-13 by Lyger

For those who aren't familiar with it, the phrase <a href="http://en.wikipedia.org/wiki/Jumping_the_shark">"jump the shark"</a> originates with an episode of the American TV series "Happy Days", where one of the primary characters, Fonzie, literally (at least in the show) jumps over a shark while on water skis. The episode was designed as a desperate attempt to draw in viewers since the overall content of the show had become rather, well, "bleh". Things were never the same after that episode, and it was generally concluded that once Fonzie "jumped th...

(read more...)

2 CommentsHaving "fun" with the Data Set

2009-09-25 by d2d

<>We recently had an inquiry regarding whether or not we could store more details about certain breaches, specifically the type of Hack (for hacked breaches) that was used, or the application that ended up being breached. Neat ideas, of course, and we've considered them ourselves on several occasions, given that we have <a href="http://osvdb.org">OSVDB</a> as our sister project. We've always wanted to use both, or tie them together, however, we run into some issues in doing so. One big one is that we rarely know the cause</>...

(read more...)

0 CommentsResults of Mangle-A-Thon 2009

2009-09-23 by d2d

<p><a href="http://mangleathon.opensecurityfoundation.org/">Mangle-A-Thon 2009</a> went very well. In addition to some 20 or so primary sources matched, volunteers managed to improve the "complete-ness" of OSVDB by over a tenth of a percent. Doesn't sound like much, but with over 58 thousand vulnerabilities in that database, a tenth of a percent is a huge help.</p> <>An enormous "Thank You!" to all those who came and helped out. You did a service to the entire industry by lending your time. Another enormous "Thank You!" to <a href="https://boston.midnightresearch.com/drupal/">Midnight Research Labs Boston</a> for</>...

(read more...)

0 CommentsMangle-A-Thon this Saturday in Somerville, MA

2009-09-16 by d2d

<div style="width: 200px;float:left;"><iframe name="countdown" id="mgframe" src="http://www.eventbrite.com/countdown-widget?eid=373428936" width="250" height="409" marginheight="0" marginwidth="0" scrolling="no" frameborder="0"></iframe><a href="http://www.eventbrite.com/r/ecount"><img src="http://www.eventbrite.com/s.gif" alt="Events" border="0" /></a></div> <>Time is running out! <a href="http://mangle2009.eventbrite.com/">Register now</a> for mangle-a-thon. We need the help, and are looking forward to making a nice dent in both databases.<> <>We have an entire CD worth of PDF's to go through, obtained via a FOIA request to California pertaining to their medical records breach notification laws, which is aparently causing California's <a href="http://www.wired.com/threatlevel/2009/07/health-breaches/">department of Public Health to be inundated with notifications</a>. We'll be sorting through that data with you at Mangle-A-Thon. Experience a twist on volunteer-i</></></>...

(read more...)

0 CommentsData Breach Notification Letters

2009-09-04 by d2d

<>Many of our "regular" readers are keenly familiar with data breach notification letters. They've seen the <a href="http://datalossdb.org/primary_sources">Primary Sources Archive</a>, or have been unfortunate enough to have the honor of receiving one, or potentially worse, have the unfortunate honor of drafting one. Many, however, have not. <a href="http://datalossdb.org/us_states">Nearly every state in the United States</a> has adopted data breach legislation, and new adoptee-states continue to trickle in each year. Several <a href="http://datalossdb.org/us_federal_bills">federal legislative efforts</a> are under way to blanket the nati</>...

(read more...)

0 CommentsMangle-A-Thon Boston

2009-08-25 by d2d

<p>Join OSF in Somerville, MA on September 19th, 2009 from 8am to midnight for <a href="http://mangleathon.opensecurityfoundation.org/">Mangle-A-Thon</a>, and help us mangle vulnerabilities into the Open Source Vulnerability Database (OSVDB), and mangle data loss incidents and primary sources into the DataLossDB.</p> <>The event, hosted by Midnight Research Labs Boston, is free and sponsored by <a href="http://www.voltage.com" target="_blank">Voltage Security</a>, which will assist us in providing food and drink for attendees. OSF moderators will walk participants through the projects and teach participants how</>...

(read more...)

0 CommentsBack from Vegas... and other updates

2009-08-11 by Lyger

The trip to Vegas went well, at least as far as 105 degree temperatures, several cab rides, and trips through airport security can go over the course of three or four days (and yes, it took us about a week to recover). Always good to get together with a few friends, meet some new people, and we hope that some of the conference attendees will <a href="mailto:[email protected]"> contact us</a> if they want to help out. <> Dave presented a talk at <a href="http://www.securitymetrics.org/content/Wiki.jsp?page=Metricon4.0"> Metricon</a> in Montreal earlier today, and from his phone reports, it sounds like it was a</>...

(read more...)

0 CommentsOpen Security Foundation in Vegas

2009-07-22 by jkouns

The Open Security Foundation and DataLossDB volunteers will once again be in Vegas this year for BlackHat and Defcon. If you are going to be in town and want to get together to discuss the project or anything related to security, vulnerabilities and/or data loss incidents then please contact <a href="mailto:[email protected]">[email protected]</a>. <br /><br /> We also want to let everyone who has contacted us about the new legal sub-project know that we will be in touch shortly. We are looking forward to formally kicking the project o...

(read more...)

3 CommentsLegal Sub-Project - Elvey v. TD Ameritrade

2009-06-14 by d2d

<p>The <a href="http://datalossdb.org/incidents/787">TD Ameritrade incident of 2007</a> hasn’t quite been resolved -- yet. While the breach may have been contained, the litigation is still ongoing. A class action suit field in California in May of 2007 has reached a preliminary settlement, but the settlement is contested by the individual who filed the class in the first place and has been through some extremely interesting twists and turns.</p> <> The case was filed in May of 2007, with a <a href="http://datalossdb.org/legal_documents/7">complaint</a> that claimed that TD Ameritrade was essentially sel</>...

(read more...)

4 CommentsCredit Cards, BreachCenter, T-Mobile, Oh My...

2009-06-09 by Lyger

It appears that <a href="http://www.smartmoney.com/news/PR/?story=PR-20090602-000519-0800&cid=951"> Capital One has announced a new program</a> for helping non-profit organizations to raise funds (see picture). According to the plan, all rewards earned on these cards, including one percent of net purchases and an additional $25 with the first purchase, go directly to support the affiliated nonprofit organization. As a 501(c)(3), OSF is wondering if anyone might be interested in obtaining a DataLossDB Capital One card to make donating easier (and to help the economy!). We're...

(read more...)