Chronology of Data Breaches

The Privacy Clearinghouse maintains a fairly comprehensive list of known data breaches derived mainly from the Open Security Foundation list-serve (offering a free email notification service, too!) which is in turn derived from verifiable media stories, government web sites, or blog posts.  Many breaches (particularly smaller ones) may not be reported at all.  If a breached entity has failed to notify its customers or a government agency of a breach, then it is unlikely that the breach will be reported anywhere.  This database is updated about twice a week.

TOTAL number of records containing sensitive personal information involved in a breach recorded Jan 2005 to Jan 2009.      342,056,319
What does the total number indicate?

For tips on what to do if your personal information has been exposed due to a security breach, read: http://www.privacyrights.org/fs/fs17b-SecurityBreach.htm.

WASC (Web Application Security Consortium) Threat Classification v.2.0

It is always good practice to understand the threats, vulnerabilities and bad actors that pose an increasing risk to your livelihood.  WASC has recently announced the release of the Threat Classification v2.0 to aid in cataloguing and understand the threats. This framework is an effort to classify the weaknesses and attacks that can lead to the compromise of a website, its data, or its users.  It’s primarily purpose is to serve as a reference guide for common attacks and weaknesses.

WASC Threat Classification v2.0	http://projects.webappsec.org/Threat-Classification
Using the Threat Classification	http://projects.webappsec.org/Using-the-Threat-Classification
WASC Threat Classification FAQ	http://projects.webappsec.org/Threat-Classification-FAQ
WASC Reference Identifier Grid	http://projects.webappsec.org/Threat-Classification-Reference-Grid
Threat Classification Data Views	http://projects.webappsec.org/Threat-Classification-Views