diff --git a/supply-chain-security/compromises/1984/login-bell.md b/supply-chain-security/compromises/1984/login-bell.md
new file mode 100644
index 000000000..a5b91633f
--- /dev/null
+++ b/supply-chain-security/compromises/1984/login-bell.md
@@ -0,0 +1,17 @@
+# "Unix Support Group" event
+
+According to [secondary sources research](https://niconiconi.neocities.org/posts/ken-thompson-really-did-launch-his-trusting-trust-trojan-attack-in-real-life/), a [well-known, published author](https://dl.acm.org/doi/10.1145/358198.358210) deployed a compiler trojan attack on the Unix login command by advertising a non-backwards-compatible feature to Bell Labs' Unix Support Group, making its way to the `login` command within a month.
+
+## Impact
+
+None as reported.
+
+## Type of compromise
+
+Compiler backdoor, possibly compounded with human elements.
+
+## References
+
+1. [Ken Thompson Really Did Launch His "Trusting Trust" Trojan Attack in Real Life](https://niconiconi.neocities.org/posts/ken-thompson-really-did-launch-his-trusting-trust-trojan-attack-in-real-life/)
+
+Note: it's likely this event occured in the 70s but, absent primary sources, we picked the year _Reflections_ was published.
diff --git a/supply-chain-security/compromises/README.md b/supply-chain-security/compromises/README.md
index fbb938d9e..12ed615ae 100644
--- a/supply-chain-security/compromises/README.md
+++ b/supply-chain-security/compromises/README.md
@@ -95,3 +95,4 @@ of compromise needs added, please include that as well.
 | [SquirrelMail backdoor](2007/squirrelmail.md) | 2007 | Source Code | [1](https://lwn.net/Articles/262688/) |
 | [gentoo rsync compromise](2003/gentoo-rsync.md) | 2003 | Source Code Repository | [1](https://archives.gentoo.org/gentoo-announce/message/7b0581416ddd91522c14513cb789f17a) |
 | [Debian infra compromise](2003/debian.md) | 2003 | Publishing infrastructure | [1](https://www.debian.org/News/2003/20031202) |
+| [Unix Support Group login backdoor](1984/login-bell.md) | <1984 | Dev Tooling | [1](https://niconiconi.neocities.org/posts/ken-thompson-really-did-launch-his-trusting-trust-trojan-attack-in-real-life/) |