In a comment on another blog, Neil Schwartzman reminded readers that the recent theft of email list data from Aweber wasn't the first time in history that spammers stole email addresses from a service provider. As he points out, something similar happened to Lyris' Sparklist service back in 2002. He also pointed out that convicted felon Jason Smathers stole 30,000,000 addresses from AOL in 2003. The Ameritrade data leak from a few years ago comes to mind, as well. In that case, it may have been an ongoing issue from 2005 through 2007. Yuck.
In 2006, email marketer Datran settled with the New York Attorney General over allegations of misuse of email list and/or subscriber profile data. On that issue, Fox News reported that "Spitzer accused Datran of knowing of the companies' pledges [never to share data with a third party], but [that Datran, as a third party, was] spamming those consumers with unsolicited e-mails anyway, advertising discount drugs, diet pills and other products. [...] Spitzer's staff said they believe it is the largest deliberate breach of Internet privacy discovered by U.S. authorities."
It strikes me that perhaps the Aweber breach wasn't quite the "largest data breach in email marketing history" as suggested elsewhere.
On a semi-related note, this Chronology of Data Breaches, published by the Privacy Rights Clearinghouse, is very interesting. Maybe somebody needs to start something similar for email-specific data breaches? Sadly, there may have been enough of them by this point to warrant a standalone time line.