Incidents archive
14 public-record incidents, each reframed as a bug class a static verifier can catch. Sourced from court filings, regulator orders, and official postmortems.
For AI provenance · sibling archive
EU-AI-Act / GDPR-anchored incidents — Italian DPA on ChatGPT, Clearview, NYT v. OpenAI, Samsung leak — live in the AI-provenance archive. Open the AI-provenance incidents →
JPMorgan London Whale VaR spreadsheet error — Q1 2012
Beginning in late 2011, JPMorgan's Chief Investment Office (CIO) accumulated a multi-hundred-billion-dollar notional position in synthetic credit indices that came to be known as the "London Whale" trade.
Knight Capital — August 1, 2012
Knight Capital, then a major US equity market-maker, lost roughly $460 million in 45 minutes when the market opened on August 1, 2012.
Equifax — March–July 2017
Between mid-May and late July 2017, attackers exfiltrated personal data — names, Social Security numbers, dates of birth, addresses, and some driver's-license and credit-card numbers — on roughly 147.9 million people from Equifax's consumer-dispute portal.
Wells Fargo wrong-account closures — 2017
In the course of an internal back-office cleanup at Wells Fargo around 2017, a customer-service representative loaded a CSV of account identifiers into a working table and joined it against the live customer-account ledger to drive a batch of account closures.
Strava global heat-map deanonymization — January 2018
In November 2017, Strava published a global heat-map visualizing roughly 1 billion activities — runs, rides, and other GPS-recorded exercise sessions — uploaded by its users since 2015.
Citibank / Revlon — August 11, 2020
On the night of August 11, 2020, Citibank intended to send Revlon's lenders a routine ~$7.8M interest payment.
Public Health England Excel row-truncation — October 2020
Between September 25 and October 2, 2020, Public Health England (PHE) failed to report 15,841 positive COVID-19 cases to the UK's contact-tracing system.
Robinhood GME options margin-call ordering — January 2021
During the GameStop volatility event of late January 2021, Robinhood received an early-morning collateral call from its clearinghouse (NSCC) sized in the billions, driven by the implied volatility of customer positions in GME and a handful of other meme-stocks.
Zillow Offers iBuyer shutdown — Q3 2021
On November 2, 2021, Zillow shut down its Zillow Offers iBuyer business and announced it would cut roughly 25% of staff.
Monthly revenue silently wrapped past $2.1B — 2022
A late-stage payments platform ingested transaction data from a legacy ledger system into its analytics warehouse.
Premium customers silently downgraded by a column rename — 2023
A B2C subscription business ran a renaming sweep across its customer schema: `customer_tier` was renamed to `tier` in `dim_customers`, with the old name dropped in the same migration.
Pending refunds inflated marketplace revenue by 4% — 2023
A two-sided marketplace operator owned a `fct_revenue` model that aggregated gross merchandise value, fees, and refunds per seller per day.
Marketing-segment export almost shipped a phone-number column — 2024
A growth-engineering team at a consumer fintech added a `personal_phone` column to `dim_customers` to support a new SMS-based win-back campaign.
Travel-ops booking summaries drift by one hour — Summer 2024
A travel-operations platform serving short-term rentals ran a nightly dbt job that built a `daily_bookings_summary` table for ops dashboards and partner payouts.