Slashdot Mirror

← Back to Stories (view on slashdot.org)

UK Government Loses 15 Million Private Records

Posted by Zonk on from the that's-gotta-hurt dept.

bestweasel writes "The BBC reports that a UK Government department has lost discs with details of 15 million benefit recipients, including names, addresses, date of birth and bank accounts. The head of the department involved, HM Revenue & Customs, has resigned and his resignation 'was accepted because discs had been transported in breach of rules governing data protection' so someone thinks it's not a trivial matter. The Chancellor will try to evade responsibility in the House of Commons at 3.30 GMT. A similar leak of a 'mere' 15,000 records from the same department happened a month or so ago. At that time, they refused to say 'on security grounds' whether the information was encrypted." We just recently talked about Britain's consideration of legal penalties for situations like this. I imagine this incident will weigh on that decision.

23 of 339 comments (clear)

  1. 25 million now... by Sirch · · Score: 4, Informative

    Or so says The BBC...

    --
    We Build Beautiful Websites
    1. Re:25 million now... by Slashidiot · · Score: 5, Funny

      Aiming for the World Record of record losing!

      --
      Tis women makes us love, Tis Love that makes us sad, Tis sadness makes us drink, And drinking makes us mad.
    2. Re:25 million now... by ilovegeorgebush · · Score: 3, Interesting

      Indeed. I was going to post the same thing. I'm absolutely shocked they could be so careless. Apparently, it was sent via normal post, without recorded delivery. There's a full summary from the BBC on Alistair Darling's announcement here.

      Of particular interest is the fact that it was sent twice. Once again, by recorded delivery, after the initial package was lost in transit.

      --
      ilovegeorgebush
    3. Re:25 million now... by TheRaven64 · · Score: 5, Insightful

      That was my first thought. The one good thing about this kind of disaster is that there is now a strong concrete example of why it is a bad idea to give the government any more data than they absolutely need. Whenever someone suggests a massive central database we can say 'you lost 15 million private records, why should we trust you with any more?'

      --
      I am TheRaven on Soylent News
    4. Re:25 million now... by Bloke+down+the+pub · · Score: 4, Informative

      Weren't these the same idiots who just passed a law to "punish irresponsible data loss"?
      No, that would be Parliament. The people who lost the data were HM Customs & Revenue. These are two different bunches of idiots.
      --
      It's true I tell you, feller at work's next door neighbour read it in the paper.
    5. Re:25 million now... by Black.Shuck · · Score: 3, Funny

      Weren't these the same idiots who just passed a law to "punish irresponsible data loss"?
      The data isn't lost. It's just been inadvertently shared.
  2. And they expect us to trust them... by ditoa · · Score: 5, Insightful

    With a nationwide DNA database? Please. They can't be trusted with anything.

    1. Re:And they expect us to trust them... by magarity · · Score: 4, Funny

      Ah, but with a national database of everything, the missing disks could be located with a simple search query!

  3. Trust the Government by Vanders · · Score: 5, Insightful

    The fact that 25million records were being sent via. post burnt on DVDs should give some idea of the level of technical competency in the public sector. Apparently they were being sent to the Audit Office, but why the Audit Office needed an off line copy of the data, and a complete copy at that, isn't addressed: no doubt some ridiculous bureaucratic idiocy that makes Brazil look sane.

    The idea of burning an unencrypted copy of your sensitive data to a DVD and handing it to a random delivery company should horrify even the most incompetent sysadmin or DBA. Apparently no one in HM Customs & Revenue thought anything of it.

    These are the sorts of people who want to build a massive database of all our personal details and tie them to ID cards. They tell us the data will be "perfectly safe". I wouldn't trust them to run a mail server.

    --
    Syllable : It's an Operating System
  4. This give us hope by owlnation · · Score: 3, Funny

    We've been heading towards the totalitarian Peoples Democratic Republic of (formerly Great) Britain for some time now. This kind of thing is actually encouraging.

    In a country where you are watched by security camera most of the day, and can be detained without charge for longer than anywhere on Earth, it is reassuring to note that the UK Government is so incredibly incompetent that there will always be a way to escape. No need for tunnels, gliders, or under the floor of a Trabant -- it should be pretty much possible to just walk through the border with a library card altered in crayon.

  5. Offering 100,000 - 1 odds it was clear text by lena_10326 · · Score: 5, Insightful

    At that time, they refused to say 'on security grounds' whether the information was encrypted.
    Then it wasn't. If it had, the first thing out of their mouths would have been "relax, it was all encrypted".
    --
    Camping on quad since 1996.
    1. Re:Offering 100,000 - 1 odds it was clear text by Zelos · · Score: 3

      Exactly - all they'd have to say is "it's encrypted using AES-256/whatever, everyone whose details are on the disk will be dead by the time it's decrypted".

      Although, considering that the government is using the time taken to break decryption as an excuse to raise the time they can hold 'terrorists' without charge, they probably want to avoid mentioning that.

    2. Re:Offering 100,000 - 1 odds it was clear text by TheRaven64 · · Score: 4, Funny

      - STOP BUGGERING ME!! I strongly suspect that this doesn't mean what you think it means...
      --
      I am TheRaven on Soylent News
  6. Three times! by Dr_Barnowl · · Score: 5, Insightful
    The first time this happened was in March - the discs were not lost, and were returned to sender after use, not that that actually makes any difference, since the data could easily have been copied.

    The real WTFs here are
    • That the database was being sent in it's entirety to the audit office when they only asked for a sample.
    • That the whole data was sent when they only wanted a subset of the fields.
    • That junior officers in the civil service have enough access to dump entire databases.
    • That they trusted a third-party courier instead of delivering it by hand.
    • That the files were "password protected", which is clearly code for "not encrypted properly" (probably a ZIP file..).


    Ok, it's probably worse than that though.
    1. Re:Three times! by Anonymous+Cowpat · · Score: 5, Funny

      no no, why would you think that the people in the UK government would be that incompetent? The files were no doubt secured with a 30 character password, with no dictionary words or contiguous number sequences, a mixture of capitals and lower-case, numbers & other characters with not a single person's mother's maiden name in sight. Obviously, with such a complicated password, it would have to be included on a post-it note with the disc so that the audit office could actually use them.

      --
      FGD 135
    2. Re:Three times! by Anonymous Coward · · Score: 3, Informative

      This is 25 million people who receive child benefit, which is a small amount paid to people with children under the age of 16. So what it really means is that nearly half the population has children.

    3. Re:Three times! by jonbryce · · Score: 4, Informative

      Child benefit is paid to everyone who has a child regardless of how much other income they have.

    4. Re:Three times! by EnglishTim · · Score: 3, Informative

      You want worse than that? Take a step back... If 25 million records were lost and the entire population of the UK is 60 million, that means darn near half the population is "on the dole."

      It's Child Benefit, not 'the dole'. Child Benefit is paid to the primary carer of all children in the UK, and is not means tested. According to the article, 7.5 million families are affected, which from the figure of 25 million people, results in an average of 3.3333 people's details per family.

    5. Re:Three times! by Cassius+Corodes · · Score: 3, Insightful

      You are completely right sir! We shouldn't let the incompetent government near us! Lets put all our services in the hands of model corporations like Enron. They are never inefficient!

      --
      Control is an illusion, order our comforting lie. From chaos, through chaos, into chaos we fly
  7. Re:yeah, it'll weigh on them by paeanblack · · Score: 5, Funny

    At that time, they refused to say 'on security grounds' whether the information was encrypted.

    That should read 'on job security grounds' ...

  8. Oh please. by Harold+Halloway · · Score: 4, Insightful

    "The Chancellor will try to evade responsibility..." In what way could be held responsible? The data was copied and sent in clear breach of the agency's (and the Government's) rules. The last time I checked, it wasn't the Chancellor's responsibility to monitor personally all packages sent by Government agencies. Had the security breach happened due to actions which did NOT breach any rules then I might agree with you, however this is not the case here. Put it this way: If ministerial resignation (and that is what you are implying should happen) is to follow every breach of security then that is a green light to every ne'er-do-well and Tory malcontent working in Government to start posting confidential data left, right and centre.

  9. Re:Listen up, Brits by Anonymous Coward · · Score: 4, Funny

    Not offended old bean, we were more than pleased to get rid
    of that bunch of God-bothering homophobic nutjobs. Enjoy the
    Turkey.

    Toodle pip!

  10. Just trying to help by ZorbaTHut · · Score: 4, Funny

    Did they look behind the couch?

    That's where I always lose things.

    They might be there.

    --
    Breaking Into the Industry - A development log about starting a game studio.