Two compact discs containing bank details and addresses of 9.5 million parents
and the names, dates of birth and National Insurance numbers of all 15.5 million
children in the country went missing after a junior employee of HM Revenue and
Customs put them in the post, unrecorded and unregistered.
Today, the Telegraph reports that even more British citizen's privacy and identities have been compromised:
... since the loss of the HMRC discs came to light, "quite a number of
organisations, both public and private sector, have come to us saying that they
think they have found a problem... almost on a confessional basis, bringing to
our attention problems they have encountered with security in their own
organisations".
And Andrew Porter reports in the Telegraph today that witness protection program participants have also had their real identities compromised:
The missing data discs are understood to contain both the real names and the new
identities of up to 350 people who have had their identities changed after
giving evidence against major criminals.
2 comments:
From Press Association on The Guardian (Saturday, December 8, 2007),
The Government was warned of serious flaws in the security of child benefit data three years before 25 million people's records were lost in the post, it was claimed.
Internal auditors raised concerns that junior staff had access to the database and information was not being encrypted.
They also told Whitehall bosses that weak procedures meant mistakes and fraud were unlikely to be detected.
The worries were highlighted in a letter circulated by Treasury risk manager Richard Fennelly in March 2004, and obtained by the News of the World.
They could be particularly damaging for Prime Minister Gordon Brown - who was Chancellor at the time - because in the recent debacle a junior HM Revenue and Customs official has been blamed for losing the discs containing names, addresses and bank account details. The information was also apparently not encrypted.
Mr Fennelly reported that internal auditors had been assessing the security of the child benefit records system, and listed a succession of criticisms.
He wrote: "Fraudulent/malicious activity was not being detected...Live support staff had root access and could do anything without being detected with obvious risks." There were also worries that there was "no encryption between certain elements in the system".
Shadow work and pensions secretary Chris Grayling told the newspaper: "This document blows apart Gordon Brown's claims in Parliament that this was a one-off incident.
"Now we know that internal watchdogs in the government were warning three years ago that the child benefit database was at risk.
"Because no one took any action we now face a situation where millions of bank account details and information about all our children has been lost."
New data blunders heap further pressure on Government
By Michael McHugh
The Independent
"First it emerged yesterday that two computer discs with details of more than 7,000 motorists in Northern Ireland had gone astray in the post.
"Then it was disclosed that personal details of dozens of prisoners intended for Norfolk Police were wrongly delivered to a private company.
"Finally, trade unions on Merseyside revealed that personal details of 1,800 health authority staff had been accidentally sent out to a number of private firms.
"The latest security breaches follow the loss by HM Revenue & Customs of two computer discs containing the entire child benefit database with details of 25 million people. The discs with the details of the motorists went missing after they were sent by Parcelforce from the Northern Driver and Vehicle Agency (DVA) in Coleraine, Co Londonderry, to the Driver and Vehicle Licensing Agency in Swansea. The unencrypted discs contained the names and addresses of the owners of 7,685 vehicles, together with the vehicles' details. In Norfolk, letters containing confidential details of dozens of prisoners who were about to be released had accidentally ended up with a private company.
"Meanwhile, the Unite union was demanding an inquiry after personal details of 1,800 employees of the Sefton Primary Care Trust were sent to four private companies which were all bidding for a contract with the trust's sexual health department...."
Post a Comment