And you thought it was bad in the United States. In Chile hackers accessed and then posted the personal information of over six million people in the largest data breach in South American history.

The hacker, posting as Anonymous Coward, unleashed three compressed files that offered the taxpayer id (like our Social Security Numbers), addresses, phone numbers, and a host of other private information on the popular Chilean techblog Fayerwayer in the form of a comment on an article. Although the information was only available for two hours there’s really no way of knowing how many people saw/downloaded/accessed that data. Allegedly, the hacker posted the information to bring light to the poor security measures imposed by the government by releasing data on over 1/3 of the country’s population (of 16 million).

According to the Chilean newspaper that broke the story, El Mercurio, “The publicity has focused the country’s attention on both government IT security and also the country’s lax privacy laws. For example, Chile’s department of elections sells voter data including gender, name, address, nationality, date of birth, and information on disabilities.” That’s pretty frightening in and of itself–if the government is already going to make that data readily available for commercial purposes it stands to reason that a data breach like that would be happen.

Additionally noteworthy is that, in addition to posting the actual data, the hacker also posted tips on how to best use the data AND how he did it: apparently through the use of several proxies that allowed for near-anonymous access. Proxies are nothing new but they’re more frequently used for things like school-age children accessing sites like MySpace and Facebook after the sites have been banned from access at their schools. Further, these sites can be used to access just about anything–kind of like a baby VPN. It should come as no surprise then that given the ubiquity of these proxy sites that someone was going to take advantage of them in a place where the internet security is so lax.

Unfortunately for the affected Chileans there is no Lifelock or Debix to help bail them out of their situation so they’re going to have to take up their issues directly with the government; a government that has already made it known to them (the people) that they don’t take a particular interest in protecting their personal information.

It was revealed today that Pfizer might be in trouble again after they reported another potential data breach–this one affecting over 13,000 company employees. Like several other recent id thefts, this one was initiated by the theft of a company laptop that contained employee records. On the bright side, this time, was that there weren’t any social security numbers stored on the stolen laptop.

An employee was quoted as saying, “How many … times does this have to happen before someone figures out that the people being given access to this info are clearly incompetent and incapable of keeping it secure?”. I’ll go ahead and answer that for you–a LOT. This seems to happen all the time and it’s not just Pfizer that has some incompetent people being charged with safeguarding the identities of their employees.

Although Pfizer has said they’re now going to start encrypting all laptops, this is hardly going to prevent similar problems from arising in the future–like their employee correctly pointed out, when the people in charge of ensuring the safe handling of information can’t be counted upon to be responsible in doing their jobs all of the encryption and upper-level decisions aren’t going to do any good at all. To be cliché about it, an ounce of prevention is worth a pound of cure, but when you can’t even get an ounce of prevention into the right hands…well, then you’re going to be paying for a lot more pounds of cure; tons of cure (if you will).

Now, Pfizer has coupled these efforts with mandatory training for both employees and contractors covering the importance of data security so they’re taking the right steps but shouldn’t they have done this before the first incident last year–or at least before the most recent breach? We all make mistakes, both as individuals and as corporations, but come on, we all have enough to worry about that having to expend our mental energy on having safe identities because we have a job is really just ridiculous.

Fortunately there are several identity theft companies that provide large-scale solutions for companies in situations like Pfizer including Lifelock and their main competitor, Debix. Lifelock has been called upon in many previous cases to put locks down on the credit of affected employees to ensure no harm comes from the theft of private data.