Slashdot Mirror

← Back to Stories (view on slashdot.org)

UK Government Loses 15 Million Private Records

Posted by Zonk on from the that's-gotta-hurt dept.

bestweasel writes "The BBC reports that a UK Government department has lost discs with details of 15 million benefit recipients, including names, addresses, date of birth and bank accounts. The head of the department involved, HM Revenue & Customs, has resigned and his resignation 'was accepted because discs had been transported in breach of rules governing data protection' so someone thinks it's not a trivial matter. The Chancellor will try to evade responsibility in the House of Commons at 3.30 GMT. A similar leak of a 'mere' 15,000 records from the same department happened a month or so ago. At that time, they refused to say 'on security grounds' whether the information was encrypted." We just recently talked about Britain's consideration of legal penalties for situations like this. I imagine this incident will weigh on that decision.

16 of 339 comments (clear)

  1. 25 million now... by Sirch · · Score: 4, Informative

    Or so says The BBC...

    --
    We Build Beautiful Websites
    1. Re:25 million now... by Slashidiot · · Score: 5, Funny

      Aiming for the World Record of record losing!

      --
      Tis women makes us love, Tis Love that makes us sad, Tis sadness makes us drink, And drinking makes us mad.
    2. Re:25 million now... by TheRaven64 · · Score: 5, Insightful

      That was my first thought. The one good thing about this kind of disaster is that there is now a strong concrete example of why it is a bad idea to give the government any more data than they absolutely need. Whenever someone suggests a massive central database we can say 'you lost 15 million private records, why should we trust you with any more?'

      --
      I am TheRaven on Soylent News
    3. Re:25 million now... by Bloke+down+the+pub · · Score: 4, Informative

      Weren't these the same idiots who just passed a law to "punish irresponsible data loss"?
      No, that would be Parliament. The people who lost the data were HM Customs & Revenue. These are two different bunches of idiots.
      --
      It's true I tell you, feller at work's next door neighbour read it in the paper.
  2. And they expect us to trust them... by ditoa · · Score: 5, Insightful

    With a nationwide DNA database? Please. They can't be trusted with anything.

    1. Re:And they expect us to trust them... by magarity · · Score: 4, Funny

      Ah, but with a national database of everything, the missing disks could be located with a simple search query!

  3. Trust the Government by Vanders · · Score: 5, Insightful

    The fact that 25million records were being sent via. post burnt on DVDs should give some idea of the level of technical competency in the public sector. Apparently they were being sent to the Audit Office, but why the Audit Office needed an off line copy of the data, and a complete copy at that, isn't addressed: no doubt some ridiculous bureaucratic idiocy that makes Brazil look sane.

    The idea of burning an unencrypted copy of your sensitive data to a DVD and handing it to a random delivery company should horrify even the most incompetent sysadmin or DBA. Apparently no one in HM Customs & Revenue thought anything of it.

    These are the sorts of people who want to build a massive database of all our personal details and tie them to ID cards. They tell us the data will be "perfectly safe". I wouldn't trust them to run a mail server.

    --
    Syllable : It's an Operating System
  4. Offering 100,000 - 1 odds it was clear text by lena_10326 · · Score: 5, Insightful

    At that time, they refused to say 'on security grounds' whether the information was encrypted.
    Then it wasn't. If it had, the first thing out of their mouths would have been "relax, it was all encrypted".
    --
    Camping on quad since 1996.
    1. Re:Offering 100,000 - 1 odds it was clear text by TheRaven64 · · Score: 4, Funny

      - STOP BUGGERING ME!! I strongly suspect that this doesn't mean what you think it means...
      --
      I am TheRaven on Soylent News
  5. Three times! by Dr_Barnowl · · Score: 5, Insightful
    The first time this happened was in March - the discs were not lost, and were returned to sender after use, not that that actually makes any difference, since the data could easily have been copied.

    The real WTFs here are
    • That the database was being sent in it's entirety to the audit office when they only asked for a sample.
    • That the whole data was sent when they only wanted a subset of the fields.
    • That junior officers in the civil service have enough access to dump entire databases.
    • That they trusted a third-party courier instead of delivering it by hand.
    • That the files were "password protected", which is clearly code for "not encrypted properly" (probably a ZIP file..).


    Ok, it's probably worse than that though.
    1. Re:Three times! by Anonymous+Cowpat · · Score: 5, Funny

      no no, why would you think that the people in the UK government would be that incompetent? The files were no doubt secured with a 30 character password, with no dictionary words or contiguous number sequences, a mixture of capitals and lower-case, numbers & other characters with not a single person's mother's maiden name in sight. Obviously, with such a complicated password, it would have to be included on a post-it note with the disc so that the audit office could actually use them.

      --
      FGD 135
    2. Re:Three times! by jonbryce · · Score: 4, Informative

      Child benefit is paid to everyone who has a child regardless of how much other income they have.

  6. Re:yeah, it'll weigh on them by paeanblack · · Score: 5, Funny

    At that time, they refused to say 'on security grounds' whether the information was encrypted.

    That should read 'on job security grounds' ...

  7. Oh please. by Harold+Halloway · · Score: 4, Insightful

    "The Chancellor will try to evade responsibility..." In what way could be held responsible? The data was copied and sent in clear breach of the agency's (and the Government's) rules. The last time I checked, it wasn't the Chancellor's responsibility to monitor personally all packages sent by Government agencies. Had the security breach happened due to actions which did NOT breach any rules then I might agree with you, however this is not the case here. Put it this way: If ministerial resignation (and that is what you are implying should happen) is to follow every breach of security then that is a green light to every ne'er-do-well and Tory malcontent working in Government to start posting confidential data left, right and centre.

  8. Re:Listen up, Brits by Anonymous Coward · · Score: 4, Funny

    Not offended old bean, we were more than pleased to get rid
    of that bunch of God-bothering homophobic nutjobs. Enjoy the
    Turkey.

    Toodle pip!

  9. Just trying to help by ZorbaTHut · · Score: 4, Funny

    Did they look behind the couch?

    That's where I always lose things.

    They might be there.

    --
    Breaking Into the Industry - A development log about starting a game studio.