The worst database security breaches in the U.S., U.K.

Published 22 July 2010

On 6 February 2010 AvMed Health Plans announced that personal information of current and former subscribers have been compromised by the theft of two company laptops from its corporate offices in Gainesville, Florida; the information was comprehensive, including Social Security numbers and protected health information; attempts the thwart the theft have been unsuccessful, leaving the identity data of nearly 1,100,000 vulnerable; this is only one of many cases of database breaches — and the number of cases is growing

Breaking into databases in which the personal information of people is being held, and stealing that information, is a growing trend among cybercriminals. The fact that more and more information on more and more people is stored digitally makes this line of crime only more attractive.

Privacy Rights Clearinghouse offers a useful list of the worst database security breaches in the United States and the United Kingdom in the last five years. Here are some of these breache.

29 June 2010: Approximately 470,000 Anthem Blue Cross customers were notified that their personal information might have been accessed during a security breach of the Pasadena-based company’s Web site.  Only customers who had pending insurance applications in the system were being contacted because information was viewed through an on-line tool that allows users to track the status of their application. Social Security and credit card numbers were potentially viewed.

In a 15 June 2010 press release, the Information Commissioner’s Office expressed its concern over the numerous data breaches the U.K’s National Health Service (NHS) had suffered. Mick Gorill, head of enforcement at the ICO, said: “Everyone makes mistakes, but regrettably there are far too many within the NHS. Health bodies must implement the appropriate procedures when storing and transferring pateints’ sensitive personal information.” In a chart of security breaches reported to the ICO, NHS has the highest number of stolen data and hardware, “Lost in Transit”, and Lost data and hardware occurrences among the central and local governments, and various other private sectors.

4 June 2010: Approximately 200,000 individuals may have had their information stolen by hackers in India and a 19-year-old in New York, who allegedly tried to sell the information to a Colorado marketing firm for half a million dollars. The Eden Prairie company obtained a secret court order last month to block Eric Porat of Brooklyn from selling, destroying, altering, or distributing purloined data on nearly 200,000 individuals. Digital River suspects that the information was stolen by hackers in New Delhi, India, possibly with help from a contractor working for Digital River.

21 April 2010: Affinity Health Plan, a New York managed care service, is notifying 409,262 current and former customers employees that their personal data might have been leaked through the loss of an unerased digital copier hard drive. Some personal records were found on the hard drive of a copier found in a New Jersey