UK HMRC loses details of 25m people!

Posted By: Sabot | Nov 20th, 2007 @ 11:36 AM
page 1 of 1
Comments: 20 | Views: 3619
#Nov 20th, 2007 @ 11:36 AM
Sabot
Sabot
This story is incredible!

http://news.bbc.co.uk/1/hi/uk_politics/7103566.stm

This a serious lapse of security of personal data. I don't believe I've heard of a more serious security breach.

HMRC have lost personal data again!


#Nov 20th, 2007 @ 11:52 AM
Lloyd_Humph
Lloyd_Humph
There is a lesson to be learned here.

DONT HIRE STUPID PEOPLE
#Nov 20th, 2007 @ 11:54 AM
Jaz
Jaz
jesus, it was 15m this morning.

First they don't know illegal immigrants are working in the security services (not MI5 but who knows), now they just lose some dics containing everyones data,  25m thats like over a third of the UK
#Nov 20th, 2007 @ 12:17 PM
Ray6
Ray6
Sabot wrote:
This story is incredible!

http://news.bbc.co.uk/1/hi/uk_politics/7103566.stm

This a serious lapse of security of personal data. I don't believe I've heard of a more serious security breach.

HMRC have lost personal data again!




Names.
Addresses.
Bank details.

A f**** up of unbelievable proportions.

What amazes me is that the alarm wasn't raised when it was discovered the package was missing ... the numpty just copied the files and sent them again!


#Nov 20th, 2007 @ 1:27 PM
esoteric
esoteric
Amazing. These stories pops up too often I think. (Well, not the stories, but the events they represent.)
#Nov 20th, 2007 @ 1:34 PM
andy_hanger18
andy_hanger18
I'm not saying that this means what has happened is not wrong and potentially dangerous but I do believe that the CD's were password protected, so that probably means encrypted. Hopefully, if someone has them they can't be read .... easily
#Nov 20th, 2007 @ 1:51 PM
Lloyd_Humph
Lloyd_Humph
andy_hanger18 wrote:
I'm not saying that this means what has happened is not wrong and potentially dangerous but I do believe that the CD's were password protected, so that probably means encrypted. Hopefully, if someone has them they can't be read .... easily


Ray6 wrote:


What amazes me is that the alarm wasn't raised when it was discovered the package was missing ... the numpty just copied the files and sent them again!




You think so?
#Nov 20th, 2007 @ 2:02 PM
evildictaitor
evildictaitor
andy_hanger18 wrote:
I'm not saying that this means what has happened is not wrong and potentially dangerous but I do believe that the CD's were password protected, so that probably means encrypted. Hopefully, if someone has them they can't be read .... easily


No, HMR confirmed that they were password protected but was unencrypted.
#Nov 20th, 2007 @ 2:04 PM
Dr Herbie
Dr Herbie
Well, I'm one of the people affected by this and my bank details are probably on those DVDs (we get our child benefit paid directly to our account).

I am mildly concerned, not not outraged.

1. The DVD contents were password protected.
2. The DVDs were not stolen, they're just lost.
3. They weren't lost in a public mail system, they were lost within an internal mail system.


Wherever I have encountered internal mail systems, at universities and companies, they've been like giant black holes; letters go in never to be seen again.

So I'm not going to loose sleep over this, but I will follow that story if it continues.

mediaFrenzy++;


Herbie
#Nov 20th, 2007 @ 2:10 PM
CplCarrot
CplCarrot

Reading between the lines I fear that there is more to this than meets the eye.
The data was held in a database which would hopefully be normalized to some extent. So given the level of competence displayed and the fact that it spanned 2 DVDs I am suspecting that someone has taken a backup of the Oracle/SQL database and applied a simple password to that backup process. I doubt that the junior official has gone to the effort of identifying the relevant tables and intermediate tables and extracted the data to csv files.
 
If this is the case then I strongly suspect that the data contains even more details than those revealed.

#Nov 20th, 2007 @ 2:23 PM
magicalclick
magicalclick
Interesting, children under 16. Someone loves child. Wink
#Nov 20th, 2007 @ 2:33 PM
ScanIAm
ScanIAm
Eventually, we're going to have to keep track of our own data and the companies/governments that serve us will have to hit a single data repository for info using a public key we gave them for one purpose, only.

It'll take us away from the need to keep umpteen copies of the exact same data at each company, and still allow privacy and security.

We can't just drop off the grid and expect to survive in modern society without someone having access to this stuff, so we need to figure out a way to mitigate the risks by avoiding the need to keep it everywhere.

#Nov 20th, 2007 @ 2:40 PM
webmonkey
webmonkey

I think the bigger issue is being missed in a lot of the media coverage.

Someone made a mistake and sent something important by a none recorded mail service, that happens, people make mistakes.

The thing I find astonishing, is that a junior Customs official was able to make a complete copy of the entire child benefit database in the first place.

Very few people should have anywhere near that level of access to that data.

#Nov 20th, 2007 @ 2:42 PM
ScanIAm
ScanIAm
Dr Herbie wrote:
Well, I'm one of the people affected by this and my bank details are probably on those DVDs (we get our child benefit paid directly to our account).

I am mildly concerned, not not outraged.

1. The DVD contents were password protected.
2. The DVDs were not stolen, they're just lost.
3. They weren't lost in a public mail system, they were lost within an internal mail system.


Wherever I have encountered internal mail systems, at universities and companies, they've been like giant black holes; letters go in never to be seen again.

So I'm not going to loose sleep over this, but I will follow that story if it continues.

mediaFrenzy++;


Herbie


Not to be the aforementioned numpty, but what the heck is a child benefit?
#Nov 20th, 2007 @ 2:44 PM
Lloyd_Humph
Lloyd_Humph
ScanIAm wrote:

Dr Herbie wrote: Well, I'm one of the people affected by this and my bank details are probably on those DVDs (we get our child benefit paid directly to our account).

I am mildly concerned, not not outraged.

1. The DVD contents were password protected.
2. The DVDs were not stolen, they're just lost.
3. They weren't lost in a public mail system, they were lost within an internal mail system.


Wherever I have encountered internal mail systems, at universities and companies, they've been like giant black holes; letters go in never to be seen again.

So I'm not going to loose sleep over this, but I will follow that story if it continues.

mediaFrenzy++;


Herbie


Not to be the aforementioned numpty, but what the heck is a child benefit?


Gov't gives parents money per month for having a child. I /think/ everybody with a child gets it, but it may only be for those with incomes lower than X amount.
#Nov 20th, 2007 @ 2:50 PM
CplCarrot
CplCarrot
Lloyd_Humph wrote:

ScanIAm wrote: 
Dr Herbie wrote: Well, I'm one of the people affected by this and my bank details are probably on those DVDs (we get our child benefit paid directly to our account).

I am mildly concerned, not not outraged.

1. The DVD contents were password protected.
2. The DVDs were not stolen, they're just lost.
3. They weren't lost in a public mail system, they were lost within an internal mail system.


Wherever I have encountered internal mail systems, at universities and companies, they've been like giant black holes; letters go in never to be seen again.

So I'm not going to loose sleep over this, but I will follow that story if it continues.

mediaFrenzy++;


Herbie


Not to be the aforementioned numpty, but what the heck is a child benefit?


Gov't gives parents money per month for having a child. I /think/ everybody with a child gets it, but it may only be for those with incomes lower than X amount.


Basic Child Benefit goes to all children so even Gordon Brown's details would be on there if he has ever claimed it as would Tony Blair's and I am sure he would have!

I still think that what is out there on a post room floor or in the wrong person's in-tray is a complete backup of the database. Interestingly this is the form that the data was apparently related to:
http://www.telegraph.co.uk/news/graphics/2007/11/20/childbenefit.pdf

Its a 12 page PDF with about as much data on it as any social engineer could ever dream of.

#Nov 21st, 2007 @ 9:02 AM
GoddersUK
GoddersUK
evildictaitor wrote:
No, HMR confirmed that they were password protected but was unencrypted.


What the (I need to watch my language) is the point of that?

And they expect us to trust them with ID card data?
#Nov 21st, 2007 @ 9:03 AM
GoddersUK
GoddersUK
CplCarrot wrote:
So given the level of competence displayed and the fact that it spanned 2 DVDs I am suspecting that someone has taken a backup of the Oracle/SQL database 


Come on, this is the UK government we're talking about here - they probably used Access 95 or something to create the database.

Tongue Out
#Nov 21st, 2007 @ 1:07 PM
GoddersUK
GoddersUK
Hehe

Unfortunately all the links I can find have been taken down by ebay Sad
#Nov 21st, 2007 @ 1:17 PM
Lloyd_Humph
Lloyd_Humph
GoddersUK wrote:
Hehe

Unfortunately all the links I can find have been taken down by ebay


Article wrote:
“We can’t guarantee it will reach you in the post, they have a habit of going missing you see.”


hurrr
#Nov 21st, 2007 @ 1:17 PM
Harlequin
Harlequin
ScanIAm wrote:
Not to be the aforementioned numpty, but what the heck is a child benefit?


Less chores for you when they grow up. Means they are the ones to mow the lawn and empty the dishwasher Wink