GPWizard F1 Forum
Everything Else => Off Topic => Topic started by: Wizzo on November 21, 2007, 10:52:04 AM
-
Confidential data about 25 million recipients of Child Benefit has been compromised by the loss of a computer disc by the UK's HM Revenue and Customs (HMRC).
HMRC Chairman Paul Gray has announced his resignation following the scandal, but one security expert has said that the whole fiasco could have been avoided by adopting better security practices.
"The loss of this data by HM Revenue and Customs is yet another example of the danger of putting sensitive information on an easy-to-lose format such as discs and the result of internal policies not being backed up by good security practice," said Greg Day, security analyst at McAfee.
It emerged this afternoon that the incident happened over a week ago and it is still unclear just how much damage has been done.
"The department will need to explain to consumers why it has taken 10 days to disclose this breach and the extent of the risk to their personal details. At this point we would have to assume the worst until more details are given and the public and the government should be taking steps to limit the damage and risk, if and when the data enters the wrong hands," said Day.
Chancellor Alistair Darling made a statement in the House of Commons this afternoon, telling the House: "This is an extremely serious matter. The HMRC has failed to meet the high standards expected of it."
Darling admitted that the lost disc had still not been found but there was "no evidence" that it had fallen into the wrong hands.
According to the Chancellor, some 25 million individuals' records have been compromised, with data such as names, addresses, dates of birth and bank account numbers exposed.
The breach occured when the disc was posted from HMRC to the National Audit Office.
Another security expert questioned the need for the data to be downloaded onto a disc and put in the post.
Chris Mayers, chief security architect at Citrix, said: "Why did this information even need to be transported at all? In these days of secure remote access there is rarely any need for data to be written onto a CD and transported anywhere.
"All organisations handling sensitive data need to realise there is nothing more important than their responsibility to keep that data secure. That means ensuring data is properly encrypted, and travels only when necessary: not on ordinary CDs, print-outs, or even on laptops - all of which appear to go missing with appalling regularity," Mayers continued.
Another security expert was concerned that the data on the discs wasn't even encrypted.
Dominic Hoskins of Panda UK said: "Not content with physically sending the discs via an unsecured and untraceable delivery system they also failed to protect the data on the discs by not even encrypting it."
-
Network Rail's as bad Wiz, they put our N.I numbers on our overalls, next thing, some people had child tax credits claimed on their behalf, good eh.
-
And these clowns want us to put all our information on one database so theycan issue ID cards. I don't think so.
-
They were covering this story last night on Newsnight (I think), and they mentioned that HMRC have had 42 laptops stolen from them in the last 12 months. They really need to learn lessons from Singapore, where this sort of thing could never happen despite their having much more information on file (they've had ID cards for many years, for instance).
-
Everytime I see Gordon Brown I feel like going -----> :sick:
Neil.P
-
Apparently when Alistair Darling was asked about the whole fiasco, he called it a "wake-up call".
No, Mr Darling, it is not a "wake-up call". A "wake-up call" is when you nearly lose some information. This is more like a wake-up call, fire alarm, fire engine siren and post-mortem. Which probably explains why Alistair Darling's comment has now become a running joke when my family and I discuss politics...
-
The Scottish government have lost 250 peoples pension info on a disc in the post. For some reason they posted it to the NHS in Glasgow.
-
This is becoming more and more common. Over here, a laptop was stolen from the home of a Veterans Admin. employee had the personal info, including Social Security numbers, of up to 26 million veterans.
The same thing happened with a laptop stolen from the car of a Kaiser Permanente Health Insurance employee. It had the records of 38,000 people on it.
Even my undergrad alma mater, Ohio University, accidentally made the records of 300,000 current and former students accessible from an unsecured website.
This trend seems to be getting worse insted of better.
-
Someone needs to go and teach the government staff information security as a matter of urgency. Unfortunately none of the UK government departments is willing to offer me that job yet (I have information management training and would know what to tell them).
-
Just when you think it couldn't get any worse it does. Amongst the records on the two discs were the details of 350 people on a witness protection program. Of course being the government it didn't just have their new details it had their old IDs as well. And of course the press found out.
-
Oh, and the government have put out a substantial reward out for the disks. Since the disks themselves are worth about 50p if copied (the value is in the information, not in the disk itself), one can only presume this is a face-saving measure.
-
I heard on the news the other day that teams of Police officers are searching rubbish tips for the missing discs. I wonder who's paying for that?
-
We are of course Wiz.
-
They seem to have done it again. They have lost data relating to 3 million learner drivers from their secure facility in......Iowa.
Why does the British government need a secure facility in Iowa?
http://uk.news.yahoo.com/pressass/20071217/tuk-millions-of-l-driver-details-lost-6323e80_3.html
-
Unless they specifically got permission off the 3 million learner drivers, I would add that this is against the 8th provision of the Data Protection Act. An organisation must ask people to opt in before it can transfer their personal information outside the EU, even if there's a brilliant reason for it happening... ..which I can't see here!
-
That's a big part of the problem. Governments are bad enough, but the private contractors they far things out to are even worse. Odd as it may sound, Iowa City is a major I.T. center. It is home to Univ. of Iowa.
You would be amazed how much of your personal government data is sitting in Bengaluru, formerly known as Bangalore.
-
That doesn't make it legal, cos :(
-
I didn't say that it did. I just said that, sadly, it still happens all the time, and is getting worse by the day.