If you cannot reproduce this, and you have confirmed that all your database values ββare correct without HTML tag characters, then what you probably see is an attempt to attack your site. Cross-Site Scripting (XSS) attackers like to change the values ββof list selection options and hidden fields, because many web developers will not think to check these values. The idea (erroneous) is that these values ββare safe because they are provided by the application, and "ordinary users" cannot change them.
If you can, record and view the context of the request that caused the error (stack trace, session values, request information). Look at the Referrer URL to see if it looks like anything other than what you expect. Look at the remote address (client IP address) and look at WhoIs. This can help you determine where the request came from, which can help you determine if it was a valid request or if it was a bit shadowy.
If this happened with an input field, such as a text field, then it may be your user "accidentally" entering an invalid character. Since this happens with a selected list that is pre-populated, I think the evidence points to an XSS attack. ASP.NET does exactly what it was supposed to do - by preventing inadvertently storing HTML tags where you don't want them.
WiseGuyEh initially mentioned the possibility of XSS in the comments. I donβt think the HTML coding trick will do anything for you in this particular situation, because your database values ββare all numbers and do not contain the characters that need to be encoded.
Another (possibly remote) possibility is that some quotation marks (") cause damage to the DOM. I only mention this because sometimes I was a victim of it myself, but I doubt that it is applicable here because of the intermittent the nature of your mistakes.