run.veric.dev

Incidents archive

14 public-record incidents, each reframed as a bug class a static verifier can catch. Sourced from court filings, regulator orders, and official postmortems.

For AI provenance · sibling archive

EU-AI-Act / GDPR-anchored incidents — Italian DPA on ChatGPT, Clearview, NYT v. OpenAI, Samsung leak — live in the AI-provenance archive. Open the AI-provenance incidents →

2012T9

JPMorgan London Whale VaR spreadsheet error — Q1 2012

Beginning in late 2011, JPMorgan's Chief Investment Office (CIO) accumulated a multi-hundred-billion-dollar notional position in synthetic credit indices that came to be known as the "London Whale" trade.

2012T4

Knight Capital — August 1, 2012

Knight Capital, then a major US equity market-maker, lost roughly $460 million in 45 minutes when the market opened on August 1, 2012.

2017T6

Equifax — March–July 2017

Between mid-May and late July 2017, attackers exfiltrated personal data — names, Social Security numbers, dates of birth, addresses, and some driver's-license and credit-card numbers — on roughly 147.9 million people from Equifax's consumer-dispute portal.

2017T3

Wells Fargo wrong-account closures — 2017

In the course of an internal back-office cleanup at Wells Fargo around 2017, a customer-service representative loaded a CSV of account identifiers into a working table and joined it against the live customer-account ledger to drive a batch of account closures.

2018T8

Strava global heat-map deanonymization — January 2018

In November 2017, Strava published a global heat-map visualizing roughly 1 billion activities — runs, rides, and other GPS-recorded exercise sessions — uploaded by its users since 2015.

2020T7

Citibank / Revlon — August 11, 2020

On the night of August 11, 2020, Citibank intended to send Revlon's lenders a routine ~$7.8M interest payment.

2020T4

Public Health England Excel row-truncation — October 2020

Between September 25 and October 2, 2020, Public Health England (PHE) failed to report 15,841 positive COVID-19 cases to the UK's contact-tracing system.

2021T5

Robinhood GME options margin-call ordering — January 2021

During the GameStop volatility event of late January 2021, Robinhood received an early-morning collateral call from its clearinghouse (NSCC) sized in the billions, driven by the implied volatility of customer positions in GME and a handful of other meme-stocks.

2021T4

Zillow Offers iBuyer shutdown — Q3 2021

On November 2, 2021, Zillow shut down its Zillow Offers iBuyer business and announced it would cut roughly 25% of staff.

2022T1

Monthly revenue silently wrapped past $2.1B — 2022

A late-stage payments platform ingested transaction data from a legacy ledger system into its analytics warehouse.

2023T2

Premium customers silently downgraded by a column rename — 2023

A B2C subscription business ran a renaming sweep across its customer schema: `customer_tier` was renamed to `tier` in `dim_customers`, with the old name dropped in the same migration.

2023T4

Pending refunds inflated marketplace revenue by 4% — 2023

A two-sided marketplace operator owned a `fct_revenue` model that aggregated gross merchandise value, fees, and refunds per seller per day.

2024T6

Marketing-segment export almost shipped a phone-number column — 2024

A growth-engineering team at a consumer fintech added a `personal_phone` column to `dim_customers` to support a new SMS-based win-back campaign.

2024T7

Travel-ops booking summaries drift by one hour — Summer 2024

A travel-operations platform serving short-term rentals ran a nightly dbt job that built a `daily_bookings_summary` table for ops dashboards and partner payouts.