The HM Revenue & Customs (HMRC) department in the UK has breached the personal details of 25 million people.

Following 2 breaches affecting thousands of people earlier in the autumn (from a laptop theft and a lost CD), this latest data breach affects a record 25 million child benefit claimants in the UK. The breach is tied to the loss of two CDs in the mail.

The disc contained the names, National Insurance Numbers, bank details, full addresses, child benefit numbers and date of birth for 25 million individuals.

“The lost bank account numbers, names and addresses represents a gold mine for thieves and is much more valuable than credit card numbers or taxpayer ID numbers,” said Avivah Litan, vice president at Gartner Research.

The cost of closing 25 million bank accounts would be enormous. The scope of this data breach is prompting the UK to look closely at security procedures and consider new regulations. Senior officials have been implicated in knowingly passing on personal information despite earlier statements pinning the blame on a junior official. The head of HMRC has resigned since the breach went public. An investigation is now taking place.

You can read a timeline of events here.

Although State Department spokeswoman Nancy Beck has been quoted as saying that this is a textbook example of the department mitigating a threat before it can do any damage, other investigative sources told AP that they believe hackers may have stolen sensitive information and passwords and installed "back doors" on unclassified government systems.

Japanese mobile phone and Internet company KDDI reported that private information such as names and addresses of some 4 million subscribers to its Internet access service had been leaked to a third party, a Kyodo News International report said.

Officials at Bank of America confirmed a data leakage event where over 60,000 customer data records were stolen by a New Jersey data-theft ring. In the meantime, another suspect has been arrested.

This follows on the heels of another customer data leakage event at BoA only 3 months ago

An acute security breach and data leakage event leading to credit-card holder identify theft was discovered Wednesday, April 20th, at the top Israeli content and e-commerce portal Walla. According to nrg Maariv Online , the intruder gained access into private e-mail accounts and was able to read mail and change passwords, blocking rightful owners from accessing email accounts. If the account owner had previous purchased online at Walla’s e-shops, the intruder was also able to exploit his credit card.

The identity theft was performed through a URL scripting exploit. A “Walla” representative responded with a totally lame explanation that: “On the Internet, on any given moment, an intrusion is in progress “. The data leakage vulnerability was fixed later that day.

Information provider giant LexisNexis announced today that previous security breaches at the company could affect some 310,000 consumers. The incident was disclosed by the company after an internal review of data search activity for the past two years at its recently acquired Seisint unit in Boca Raton.

According to to the India Times online edition,call center employees working for an Indian BPO (Business Process Outsourcing) firm, MSource, have extruded confidential client information to in order to transfer client funds to themselves.

Shin Guo Tsai, a former chip-design engineer at Volterra Semiconductors was jailed Tuesday on federal charges of illegally emailing proprietary files from Volterra to CMSC a potential competitor in Taiwan, where he had hoped to work.

The FBI office in Palo Alto says that the case at this point entails foreign transportation of stolen property

The leaked digital assets, worth at least $100,000, related to the design of high-performance semiconductors for the computing, storage, networking and consumer markets, authorities said.

For the full story, Click here

Data leakage events in government are not only committed by government agencies - big banks can also go wrong.

In a major data leakage event affecting Federal government, computer tapes containing credit card records of U.S. senators and more than a million U.S. government employees are missing, Bank of America Corp. said yesterday, putting the customers at increased risk of identity theft.

The customer data breach, which included data on a third of the Pentagon's staff, angered lawmakers already concerned after criminals gained access to thousands of consumer profiles in a database maintained by a data profiling company, ChoicePoint

Bank of America Corp. didn't release details of how the tapes were lost, but Sen. Charles Schumer (D-N.Y.) said he had been informed by the Senate Rules Committee that the data tapes were likely stolen off a commercial plane by baggage handlers.

Read the full story at Computerworld Online

In another in a long stream of customer data leakage events; a number of Wells Fargo banking customers have become victims of identity theft after their Social Security numbers and other personal data were stored in clear-text on four computers stolen from an Atlanta office of Wells Fargo in mid-October.

What makes this more notable is that data breach marked the third time in a year that Wells Fargo computers containing consumer credit information were stolen.

The bank has responded with a number of preset responses that defy both common info-security practice and insult our consumer intelligence.

• There's still no indication that the stolen information was misused," said Wells Fargo spokeswoman Julia Tunis in San Francisco.
• The computer thefts have affected a relatively small number of Wells Fargo customers, Tunis said.
• Tunis said the computers were password protected. "Information security is taken very seriously," she said.
• Wells Fargo has very strict guidelines with vendors, both internally and externally, that must be adhered to, Tunis said. She would not be specific about those guidelines. "Doing so would jeopardize their effectiveness," Tunis said.

I liked the last explanation in particular - since not only opening up their guidelines to public scrutiny might improve their effectiveness but it also might explain why Wells Fargo's machines are getting ripped off with such ease.

For the full article from the Grand Forks, North Dakota online paper - see Wells Fargo Identify Theft

William Genovese, was arrested after a sting operation by the FBI caught him selling copies of the stolen Windows source code.