Stories
Slash Boxes
Comments
Search

News for nerds, stuff that matters

Slashdot Log In

Log In

Create Account  |  Retrieve Password

UK Government Loses 15 Million Private Records

Posted by Zonk on Tue Nov 20, 2007 12:26 PM
from the that's-gotta-hurt dept.
Security Government Privacy News
bestweasel writes "The BBC reports that a UK Government department has lost discs with details of 15 million benefit recipients, including names, addresses, date of birth and bank accounts. The head of the department involved, HM Revenue & Customs, has resigned and his resignation 'was accepted because discs had been transported in breach of rules governing data protection' so someone thinks it's not a trivial matter. The Chancellor will try to evade responsibility in the House of Commons at 3.30 GMT. A similar leak of a 'mere' 15,000 records from the same department happened a month or so ago. At that time, they refused to say 'on security grounds' whether the information was encrypted." We just recently talked about Britain's consideration of legal penalties for situations like this. I imagine this incident will weigh on that decision.
+ -
story

Related Stories

[+] Losing Personal Info On A Laptop Could Get You Charged 199 comments
E5Rebel writes "The UK's data protection watchdog has called for legislation that would punish corporate or government officials with access to the public's personal data ... who lose it. Unencrypted laptops with this personal information which are lost or stolen will see their owners facing criminal charges. 'HM Revenue and Customs is among the organisations that have recently suffered high profile data security breaches as a result of laptops being lost or stolen. The HMRC laptop containing taxpayer data was encrypted - but other organisations have often failed to encrypt their machines.'"
Firehose:15 million personal records lost by bestweasel (773758)
[+] IRS Data Security Still a Concern 54 comments
Lucas123 writes "Computerworld has a story about the possibility and the potential ramifications of an IRS data loss similar to the UK's recent mishap. According to one World Bank executive, it could have already happened, 'and we don't know about it.' While the IRS does offer data encryption to its workers, more than half of its 94,000 employees have permission to take taxpayer information to locations outside the IRS offices. In the 2007 filing season, roughly 128 million individual tax returns were filed. In addition to the basic personal information on those forms, an IRS breach could also jeopardize the banking information of the 46% of filers who requested direct deposit refunds. This is not the first time that IRS security has been called into question, and the Department of Treasury's progress in that arena is dubious. [PDF]"
This discussion has been archived. No new comments can be posted.
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

UK Government Loses 15 Million Private Records 25 Comments More /

 Full
 Abbreviated
 Hidden
More
Loading... please wait.

  • 25 million now... (Score:5, Informative)

    by Sirch (82595) on Tuesday November 20 2007, @12:27PM (#21421607) Homepage
    Or so says The BBC [bbc.co.uk]...

    • Re:25 million now... (Score:5, Funny)

      by Slashidiot (1179447) on Tuesday November 20 2007, @12:29PM (#21421661) Journal
      Aiming for the World Record of record losing!

    • Re:25 million now... (Score:4, Interesting)

      by ilovegeorgebush (923173) on Tuesday November 20 2007, @12:31PM (#21421685) Homepage
      Indeed. I was going to post the same thing. I'm absolutely shocked they could be so careless. Apparently, it was sent via normal post, without recorded delivery. There's a full summary from the BBC on Alistair Darling's announcement here [bbc.co.uk].

      Of particular interest is the fact that it was sent twice. Once again, by recorded delivery, after the initial package was lost in transit.

      • Three times! (Score:5, Insightful)

        by Dr_Barnowl (709838) on Tuesday November 20 2007, @12:49PM (#21422023)
        The first time this happened was in March - the discs were not lost, and were returned to sender after use, not that that actually makes any difference, since the data could easily have been copied.

        The real WTFs here are
        • That the database was being sent in it's entirety to the audit office when they only asked for a sample.
        • That the whole data was sent when they only wanted a subset of the fields.
        • That junior officers in the civil service have enough access to dump entire databases.
        • That they trusted a third-party courier instead of delivering it by hand.
        • That the files were "password protected", which is clearly code for "not encrypted properly" (probably a ZIP file..).


        Ok, it's probably worse than that though.

            • Re:Three times! (Score:5, Funny)

              by Anonymous Cowpat (788193) on Tuesday November 20 2007, @01:07PM (#21422325) Journal
              no no, why would you think that the people in the UK government would be that incompetent? The files were no doubt secured with a 30 character password, with no dictionary words or contiguous number sequences, a mixture of capitals and lower-case, numbers & other characters with not a single person's mother's maiden name in sight. Obviously, with such a complicated password, it would have to be included on a post-it note with the disc so that the audit office could actually use them.

          • Re:Three times! (Score:5, Informative)

            by jonbryce (703250) on Tuesday November 20 2007, @03:01PM (#21424245) Homepage
            Child benefit is paid to everyone who has a child regardless of how much other income they have.

          • Re:Three times! (Score:4, Informative)

            by EnglishTim (9662) on Tuesday November 20 2007, @05:51PM (#21427251)
            You want worse than that? Take a step back... If 25 million records were lost and the entire population of the UK is 60 million, that means darn near half the population is "on the dole."

            It's Child Benefit, not 'the dole'. Child Benefit is paid to the primary carer of all children in the UK, and is not means tested. According to the article, 7.5 million families are affected, which from the figure of 25 million people, results in an average of 3.3333 people's details per family.

      • Re:25 million now... (Score:5, Insightful)

        by TheRaven64 (641858) on Tuesday November 20 2007, @01:17PM (#21422515) Homepage Journal
        That was my first thought. The one good thing about this kind of disaster is that there is now a strong concrete example of why it is a bad idea to give the government any more data than they absolutely need. Whenever someone suggests a massive central database we can say 'you lost 15 million private records, why should we trust you with any more?'

  • yeah, it'll weigh on them (Score:3, Interesting)

    by Nursie (632944) on Tuesday November 20 2007, @12:28PM (#21421639) Homepage
    And the government will give itself a nice fat getout clause so that it's immune when it loses everyone's data, but any company or individual outside the government is in trouble.

    Just watch and wait.

  • And they expect us to trust them... (Score:5, Insightful)

    by ditoa (952847) on Tuesday November 20 2007, @12:29PM (#21421651)
    With a nationwide DNA database? Please. They can't be trusted with anything.

  • Trust them with the national ID card program now? (Score:3, Insightful)

    by Gandalf_the_Beardy (894476) on Tuesday November 20 2007, @12:33PM (#21421713)
    15,000 records for the pension provider and now somewhat like a third of all peopl in the UK sent on what appears to be unencrypted discs. When I queried this with Standard Life they said that they had no choice but to accept the data like that and that the Govt refused to encrypt it. This being the same Govt that wants to hold all of our medical records in one national database, along with all of the ID card details. For the US peope reading, the National Insurance number is synonmous with your SSN, although not of quite as much use for fraud. It's still not something that you want to allow out into the wild.

  • Trust the Government (Score:5, Insightful)

    by Vanders (110092) on Tuesday November 20 2007, @12:34PM (#21421735) Homepage
    The fact that 25million records were being sent via. post burnt on DVDs should give some idea of the level of technical competency in the public sector. Apparently they were being sent to the Audit Office, but why the Audit Office needed an off line copy of the data, and a complete copy at that, isn't addressed: no doubt some ridiculous bureaucratic idiocy that makes Brazil look sane.

    The idea of burning an unencrypted copy of your sensitive data to a DVD and handing it to a random delivery company should horrify even the most incompetent sysadmin or DBA. Apparently no one in HM Customs & Revenue thought anything of it.

    These are the sorts of people who want to build a massive database of all our personal details and tie them to ID cards. They tell us the data will be "perfectly safe". I wouldn't trust them to run a mail server.

  • Where's the Backup? (Score:3, Funny)

    by digitaldc (879047) * on Tuesday November 20 2007, @12:37PM (#21421807)
    Didn't anyone learn ANYTHING from the last 5,000 years of record keeping?

  • This give us hope (Score:4, Funny)

    by owlnation (858981) on Tuesday November 20 2007, @12:41PM (#21421869)
    We've been heading towards the totalitarian Peoples Democratic Republic of (formerly Great) Britain for some time now. This kind of thing is actually encouraging.

    In a country where you are watched by security camera most of the day, and can be detained without charge for longer than anywhere on Earth, it is reassuring to note that the UK Government is so incredibly incompetent that there will always be a way to escape. No need for tunnels, gliders, or under the floor of a Trabant -- it should be pretty much possible to just walk through the border with a library card altered in crayon.

  • Offering 100,000 - 1 odds it was clear text (Score:5, Insightful)

    by lena_10326 (1100441) on Tuesday November 20 2007, @12:46PM (#21421949) Homepage

    At that time, they refused to say 'on security grounds' whether the information was encrypted.
    Then it wasn't. If it had, the first thing out of their mouths would have been "relax, it was all encrypted".

  • Oh please. (Score:4, Insightful)

    by Harold Halloway (1047486) on Tuesday November 20 2007, @12:59PM (#21422191)
    "The Chancellor will try to evade responsibility..." In what way could be held responsible? The data was copied and sent in clear breach of the agency's (and the Government's) rules. The last time I checked, it wasn't the Chancellor's responsibility to monitor personally all packages sent by Government agencies. Had the security breach happened due to actions which did NOT breach any rules then I might agree with you, however this is not the case here. Put it this way: If ministerial resignation (and that is what you are implying should happen) is to follow every breach of security then that is a green light to every ne'er-do-well and Tory malcontent working in Government to start posting confidential data left, right and centre.

  • Just trying to help (Score:5, Funny)

    by ZorbaTHut (126196) on Tuesday November 20 2007, @01:40PM (#21422837) Homepage
    Did they look behind the couch?

    That's where I always lose things.

    They might be there.

    • Re:Listen up, Brits (Score:4, Funny)

      by Anonymous Coward on Tuesday November 20 2007, @01:00PM (#21422209)
      Not offended old bean, we were more than pleased to get rid
      of that bunch of God-bothering homophobic nutjobs. Enjoy the
      Turkey.

      Toodle pip!

All trademarks and copyrights on this page are owned by their respective owners. Comments are owned by the Poster. The Rest © 1997-2009 Geeknet, Inc.