UK Government Loses Personal Details of 25 Million

By Sara Driscoll  |  Posted 2007-11-20 Print this article Print

Disks containing personal data of 25 million child benefit recipients in England are lost in the mail.

The British government has lost confidential details of 25 million child benefit recipients that had been stored on two computer disks, according to officials.

HM Revenue and Customs, or HMRC, only admitted the loss Nov. 20, despite the breach occurring Oct. 18, leading to the resignation of HMRC Chairman Paul Gray. The disks were lost while being transported via internal mail from the National Audit Office department to HMRC. A junior employee at the National Audit Office is believed to have sent the disks through the mail, but the disks didnt appear at HMRC.
Sending such information via internal mail is a breach of rules governing data protection. Copies of the disks were then resent, using registered and traceable mail.
This is also the second time since March that the data protection rules had been broken by HMRC, although the first incident did not result in a data breach. Child benefit is received by all parents in the UK who have children who are teens. The disks contained names, addresses, dates of birth, bank account details, childrens names and national insurance numbers—similar to U.S. Social Security numbers. HMRC officials said the disks were password protected, but it is unclear if the data on the disks were encrypted. "If it was just password-protected with no encryption, then this is very scary," said Greg Day, security analyst at McAfee. "Also, where did these passwords go? Are they themselves secure? Unfortunately HMRC wont say." HMRC is working with UK banks, the Metropolitan Police Force and payment groups, and is also tracking bank accounts to prevent this data from being used. However, Day said the data on the disks could be used for far more than just banking fraud. "This is a serious amount of data that could mean ID theft," he said. "This is potentially much bigger than just bank fraud." The UK Chancellor of the Exchequer, Alistair Darling, has given a speech in the House of Commons, outlining the measures that will be taken to protect those whose data has been lost. However, the onus seems to be on the individuals whose data has been put at risk. He encouraged people to check bank accounts every day and ensure that passwords and other details are changed. "This is fine if you bank online, but it is doubtful that people who dont do online banking are going to visit their branch every day," Day said. "Also, and more importantly, the government should not be focusing just on banking; this could be much wider, which makes it very difficult for the government to monitor. The responsibility will ultimately fall to the user to check their own safety." Check out eWEEK.coms Security Center for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at eWEEKs Security Watch blog.
Sara Driscoll began her journalism career at 16 years old on her local newspaper, The Watford Observer. Working part time, she covered a range of beats. Leaving to complete her Journalism Degree at Bournemouth University, UK, Sara then went on to graduate and work for Emap. She began as a reporter on APR, Emap's construction title, being promoted to senior reporter with a year.Sara then joined VNU Business Publications as Deputy News Editor on CRN, the weekly trade title for channel players. She covered industry/business news from vendors, distributors and resellers, product announcements, partner announcements as well as market and trend analysis, research and in depth articles to predict up and coming trends in the sector. She was promoted within a year to News Editor, a year later to Deputy Editor and the following year became Editor. Sara remained editor of CRN for three years, launching the magazine on new platforms including CRN TV and eBooks, as well as several magazine and web site redesigns. She was called on for expert industry comment from various publications including appearing on live BBC news programs. Sara joined Ziff Davis Enterprise as Editor of eWeek Channel Insider. She runs the title in all formats – online up to the minute news, newsletters, emails alerts and events. She also manages the brand of Channel Insider in all formats - events, shows, awards, panel debates and roundtables.Sara can be reached

Submit a Comment

Loading Comments...
Manage your Newsletters: Login   Register My Newsletters

Rocket Fuel