The worst database security breaches in the U.S., U.K.

 warehouse.

26 March 2010: Educational Credit Management Corporation, (ECMC), a guarantor of federal student loans, said that a theft has occurred from its headquarters involving portable media with personally identifiable information. The data were in two stolen safes and contained information on approximately 3,300,000 million individuals and included names, addresses, dates of birth, and Social Security numbers, but did not include bank or other financial account information.

24 February 2010: About 600,000 Citigroup customers got a shock earlier in the month when they received their annual tax documents with their Social Security numbers printed on the outside of the envelope. The digits were not identified as a Social Security number, and they were printed at the lower edge of the mailing envelope with other numbers and letters that together resembled a mail routing number.

6 February 2010: AvMed Health Plans announced that personal information of current and former subscribers have been compromised by the theft of two company laptops from its corporate offices in Gainesville, Florida. The information was comprehensive, including Social Security numbers and protected health information. Attempts the thwart the theft have been unsuccessful, leaving the identity data of nearly 1,100,000 vulnerable.

14 January 2010: Lincoln National Corp. (LNC) disclosed a security vulnerability in its portfolio information system that could have compromised the account data of approximately 1.2 million customers. In a disclosure letter sent to the Attorney General of New Hampshire on 4 January, attorneys for the financial services firm revealed that a breach of the Lincoln portfolio information system had been reported to the Financial Industry Regulatory Authority (FINRA) by an unidentified source.

29 October 2009: Thousands of farmers’ bank account details have been lost by the Rural Payments Agency (U.K. Department of Environment, Food, and Rural Affairs, or DEFRA ) after the government body lost two back-up tapes of confidential data belonging to all English farmers. Computer tapes containing the bank details, addresses, passwords and security questions of more than 100,000 farmers were discovered missing in May, at which point DEFRA was alerted.

23 September 2009: An employee of the Ministry of Justice lost an encrypted memory stick containing budget spreadsheets which included the names, national insurance and employee numbers of 1,500 individuals, according to the department’s resource accounts for 2008-9. The accounts also recorded an incident which occurred in September last year affecting 256 people, when IT supplier EDS lost a portable hard drive. It contained personal information about HM Prison Service staff and was being used to transfer data between systems.

28 May 2009: Aetna has contacted 65,000 current and former employees whose Social Security numbers may have been compromised in a Web site data breach. The breach was a spam campaign showing that the intruders successfully harvested e-mail addresses from the Web site, although it is not clear whether SSNs were also obtained. The spam purported to be a response to a job inquiry and requested more personal information. Aetna sent letters last week notifying the 65,000 people whose SSNs were on the site of the breach. On 11 June 2009 Hartford based insurer Aetna Inc. had a class-action suit filed against it in a Pennsylvania District Court demanding credit monitoring, punitive damages, costs, and other relief for current, former and potential employees.