Aircloak Challenge

The first bounty program for anonymized data re-identification.
As part of its commitment to transparency and strong anonymization, Aircloak offers the world's first bounty program for re-identification of anonymized data.

Aircloak's platform is available to participating “attackers” – white-hat privacy engineers and researchers. The challenge ends June 1.

The attackers may supply their own data sets to attack, or use one of the data sets supplied by Aircloak. The attacker may assume substantial prior knowledge of the data set. The goal of the attacker is to single out users. This is the main criteria for anonymization used by the GDPR.

Higher bounties are paid when the attacker can single out more users with less prior knowledge, with the highest bounty set at $5,000.


To participate in the challenge

Read the challenge rules and contact us at

Or sign up for challenge announcements (infrequent):

Challenge statistics

A bounty program is only as good as its attackers. Cumulative challenge statistics as of January 9 (challenge started Nov. 29, 2017).

Participants registered for announcements 75
Participants with attack accounts 23
Participants with one or more attacks 3
Participating institutions 9
Number of submitted attack sketches 9
Number of attacks 7
Number of finished attacks with payout 0
Number of finished attacks with no payout 0
Number of datasets 5
Total attack queries 9,955,250

Hall of fame


Name Attacks Total bounty
This could be you 5 $4200


Reward α κ Name Affiliation
$0 --- --% This could be you Your org | Twitter

Contact us at

Aircloak Berlin

Gormannstrasse 14
10119 Berlin

Aircloak Kaiserslautern

Paul-Ehrlich-Str. 26
67663 Kaiserslautern

Aircloak San Francisco

℅ Speedinvest
1501 Mariposa St #408
San Francisco, CA 94107

Subscribe to our Mailing List

It's just a few times a year and always very interesting – promise.