Slashdot Mirror

← Back to Stories (view on slashdot.org)

UK Government Loses 15 Million Private Records

Posted by Zonk on from the that's-gotta-hurt dept.

bestweasel writes "The BBC reports that a UK Government department has lost discs with details of 15 million benefit recipients, including names, addresses, date of birth and bank accounts. The head of the department involved, HM Revenue & Customs, has resigned and his resignation 'was accepted because discs had been transported in breach of rules governing data protection' so someone thinks it's not a trivial matter. The Chancellor will try to evade responsibility in the House of Commons at 3.30 GMT. A similar leak of a 'mere' 15,000 records from the same department happened a month or so ago. At that time, they refused to say 'on security grounds' whether the information was encrypted." We just recently talked about Britain's consideration of legal penalties for situations like this. I imagine this incident will weigh on that decision.

8 of 339 comments (clear)

  1. And they expect us to trust them... by ditoa · · Score: 5, Insightful

    With a nationwide DNA database? Please. They can't be trusted with anything.

  2. Re:25 million now... by Slashidiot · · Score: 5, Funny

    Aiming for the World Record of record losing!

    --
    Tis women makes us love, Tis Love that makes us sad, Tis sadness makes us drink, And drinking makes us mad.
  3. Trust the Government by Vanders · · Score: 5, Insightful

    The fact that 25million records were being sent via. post burnt on DVDs should give some idea of the level of technical competency in the public sector. Apparently they were being sent to the Audit Office, but why the Audit Office needed an off line copy of the data, and a complete copy at that, isn't addressed: no doubt some ridiculous bureaucratic idiocy that makes Brazil look sane.

    The idea of burning an unencrypted copy of your sensitive data to a DVD and handing it to a random delivery company should horrify even the most incompetent sysadmin or DBA. Apparently no one in HM Customs & Revenue thought anything of it.

    These are the sorts of people who want to build a massive database of all our personal details and tie them to ID cards. They tell us the data will be "perfectly safe". I wouldn't trust them to run a mail server.

    --
    Syllable : It's an Operating System
  4. Offering 100,000 - 1 odds it was clear text by lena_10326 · · Score: 5, Insightful

    At that time, they refused to say 'on security grounds' whether the information was encrypted.
    Then it wasn't. If it had, the first thing out of their mouths would have been "relax, it was all encrypted".
    --
    Camping on quad since 1996.
  5. Three times! by Dr_Barnowl · · Score: 5, Insightful
    The first time this happened was in March - the discs were not lost, and were returned to sender after use, not that that actually makes any difference, since the data could easily have been copied.

    The real WTFs here are
    • That the database was being sent in it's entirety to the audit office when they only asked for a sample.
    • That the whole data was sent when they only wanted a subset of the fields.
    • That junior officers in the civil service have enough access to dump entire databases.
    • That they trusted a third-party courier instead of delivering it by hand.
    • That the files were "password protected", which is clearly code for "not encrypted properly" (probably a ZIP file..).


    Ok, it's probably worse than that though.
    1. Re:Three times! by Anonymous+Cowpat · · Score: 5, Funny

      no no, why would you think that the people in the UK government would be that incompetent? The files were no doubt secured with a 30 character password, with no dictionary words or contiguous number sequences, a mixture of capitals and lower-case, numbers & other characters with not a single person's mother's maiden name in sight. Obviously, with such a complicated password, it would have to be included on a post-it note with the disc so that the audit office could actually use them.

      --
      FGD 135
  6. Re:yeah, it'll weigh on them by paeanblack · · Score: 5, Funny

    At that time, they refused to say 'on security grounds' whether the information was encrypted.

    That should read 'on job security grounds' ...

  7. Re:25 million now... by TheRaven64 · · Score: 5, Insightful

    That was my first thought. The one good thing about this kind of disaster is that there is now a strong concrete example of why it is a bad idea to give the government any more data than they absolutely need. Whenever someone suggests a massive central database we can say 'you lost 15 million private records, why should we trust you with any more?'

    --
    I am TheRaven on Soylent News