Data breaches are high stakes, high drama crimes. Not only do they impact the target companies, but milllions of innocent consumers can have their financial worlds turned inside out as a result of one breach. Here is a run down of some high profile data breach cases.
On May 28, 2009, Aetna Insurance contacted 65,000 users to let them know that their personal data may have been compromised. The company was alerted to the breach when customers began complaining of spam emails asking for personal information. While it wasn't clear if any Social Security Numbers had been compromised, Aetna erred on the side of caution, notifying 65,000 current and former employees of the breach and offering free credit monitoring services.
Corneilus Allison, a former employee is the plaintiff in a class action lawsuit alleging that Aetna failed "to adequately protect the private personal information of its current, former and potential employees."
This wasn't Aetna's first experience with data loss. In 2006 a laptop containing sensitive information was stolen from an employee's car. Aetna notified 38,000 customers of the breach, offering free credit monitoring to the victims. According to a company spokesman, the employee carrying the laptop did not follow corporate data protection policies.
On May 1, 2009, LexisNexis disclosed a data breach to 32,000 customers. Although the data theft took place between June 2004 and October 2007, notification was withheld while the US Postal Service investigated. The USPS was investigating, apparently, because the thieves has set up phony post office boxes as part of the scam. LexisNexis bills itself as the "world’s largest collection of public records, unpublished opinions, forms, legal, news, and business information." According to Douglas Curling, COO of parent company ChoicePoint, the database company has suffered 45-50 breaches.
In 2008, credit card processor Heartland Payment Systems was breached. The exact number of financial records stolen remains a mystery, but on August 17, 2009 Albert Gonzales was indicted for stealing more than 130 million credit and debit records. Heartland was one of his high-profile victims, and the system he hacked processess 100 million card transactions every month.
Virginia was the victim of an interesting twist on identity theft. On April 30, 2009 a hacker posted a ransom note on the website of the Prescription Monitoring Program. The hacker claimed to have stolen a database containing millions of customer pharmaceutical records.
The note read "You have 7 days to decide. If by the end of 7 days, you decide not to pony up, I'll go ahead and put this baby out on the market and accept the highest bid".
The hacker demanded $10 million by May 7 in return for a password that would access the stolen records. The Commonwealth elected not to pay the ransom. As of this writing, the disposition of the database containing 8 million patient records and 35 million prescriptions is still unclear.
In 2008, RBS Worldpay, a division of the Royal Bank of Scotland, admitted to a massive data breach involving 2.6 million records. In 2009, they were awarded an IRS contract to process taxpayer credit card payments.
Norm Coleman was embroiled in a legal battle over his photo finish election loss to Al Franken. Adria Richards was an IT pro who exposed an unprotected donor data base stored on his campaign website. She says she did not download any information.
But the database turned up on Wikileaks, a website devoted to "untraceable mass document leaking." Whoever was responsible, one thing is clear; 4,700 of Coleman's on-line donors had their financial data strewn all over the Internet.