“It rather depends upon how you are defining a ‘data breach’. As Mr. Armstrong has pointed out, in the literal context, data breaches are something that have gone on, long before the existence of the internet. If you mean electronic data breaches, then you could apply any computer incident that involves the disclosure of data to an unauthorized party. I believe that you intended to refer to electronic data breaches, involving the disclosure of customer PII, in which case the Raphael Gray (curador) case in 2000 is probably one of the first widely publicized cases – however I find it difficult to believe that it was actually the very first of its kind. Kevin Mitnick of course, purportedly compromised the credit card numbers of NetCom customers (1995), however the details concerning that claim are (like many other incidents) unclear.”

“I worked at MasterCard International and was involved in handled the breach and that was the first one that we had. I believe the merchant ended up going Bankrupt.”

“It’s a Friday afternoon here in Europe so to try and liven up the discussion…..this may be ‘old’ in US terms but over here in Europe we’ve much earlier breaches than 2000. On 25th June 1586 some data was leaked to Sir Francis Walsingham – what we’d now call a ’special advisor’ to Queen Elizabeth I. The data related to the Babington plot being discovered which in turn led to the execution of Mary Queen of Scots. Babington was involved in a second data breach in 1587 when plans for ships in the Spanish armada also fell into his possession…..”