Aircloak Attack Challenge

The first bounty program for anonymized data re-identification.
As part of its commitment to transparency and strong anonymization, Aircloak offers the world’s first bounty program for re-identification of anonymized data.

Aircloak’s platform is available to participating “attackers” – white-hat privacy engineers and researchers.

The current attack challenge is hosted on

The attackers may supply their own data sets to attack, or use one of the data sets supplied by Aircloak. The attacker may assume substantial prior knowledge of the data set. The goal of the attacker is to single out users. This is the main criteria for anonymization used by the GDPR.

Higher bounties are paid when the attacker can single out more users with less prior knowledge, with the highest bounty set at $10,000.

To participate in the challenge

Read the challenge rules and and find contact information at

Subscribe to our Newsletter


Attack Challenge statistics

A bounty program is only as good as its attackers. Cumulative challenge statistics as of May 22 (challenge started Nov. 29, 2017).

Participants registered for announcements 96
Participants with attack accounts 33
Participants with one or more attacks 4
Participating institutions 12
Number of submitted attack sketches 11
Number of attacks 9
Number of finished attacks with payout 2
Number of finished attacks with no payout 0
Number of datasets 5
Total attack queries 33M

Hall of Fame


Name Attacks Total bounty
Aloni Cohen – MIT
Kobbi Nissim – Georgetown University
1 $5000
Apostolos Pyrgelis – UCL (University College London)
Carmela Troncoso – EPFL
Emiliano De Cristofaro – UCL
1 $5000



Reward α κ Name Affiliation
$5000 0 100% Aloni Cohen / Kobbi Nissim MIT / Georgetown Univ.
$5000 0 95% Apostolos Pyrgelis / Carmela Troncoso / Emiliano De Cristofaro UCL / EPFL