Slashdot Mirror

← Back to Stories (view on slashdot.org)

In UK, 12M Taxpayers Lost With USB Stick

Posted by kdawson on from the and-your-little-data-too dept.

An anonymous reader tips a piece from the UK's Daily Mail that recounts another sad tale of the careless loss of massive amounts of private user data. "Ministers have been forced to order an emergency shutdown of a key Government computer system to protect millions of people's private details. The action was taken after a memory stick was found in a pub car park containing confidential passcodes to the online Government Gateway system, which covers everything from tax returns to parking tickets. An urgent investigation is now under way into how the stick, belonging to the company which runs the flagship system, came to be lost."

15 of 258 comments (clear)

  1. How it came to be lost? by Guido+del+Confuso · · Score: 5, Insightful

    I've got a better question. I'd like to know how this memory stick came to be in the first place!

    Putting aside the question of whether such a database of private information has any reason to exist, what possible excuse is there for putting the information to access that database on a portable USB device? It was not a question of if such a device would be lost, but when.

    Good security policy demands redundancy for just this reason. A verification system should require--at the very least--a combination of something you know (your personal pin), and something you have (for example, a SecurID or in this case, a USB key with the passcodes on it). That way, if the physical token is lost, security isn't immediately compromised.

    This kind of careless attitude towards security wouldn't fly in the corporate world. It's only because it's the government doing it that security is so lax. After all, nobody's job is on the line over this. It's next to impossible to fire a government employee in most countries, epic incompetence--or even outright misconduct--notwithstanding. So expect to see more of this, because there's no incentive to change.

    1. Re:How it came to be lost? by MrMr · · Score: 5, Insightful

      Sorry to disappoint you, but the careless attitude appears to be entirely that of the 'corporate world'. Oversight of the subjects has long been a privatised matter in the UK.

    2. Re:How it came to be lost? by KGIII · · Score: 4, Insightful

      This is the one of the few types of story on /. where people aren't clamoring to say that information needs to be free or that it wants to be. Alas, I must agree with you. That would have been much funnier.

      --
      "So long and thanks for all the fish."
    3. Re:How it came to be lost? by Dan541 · · Score: 4, Insightful

      The Industry standard is unencypted.

      --
      An SQL query goes to a bar, walks up to a table and asks, "Mind if I join you?"
    4. Re:How it came to be lost? by sgbett · · Score: 3, Insightful

      It's insecure because the default user response to this kind of 'security' is to affix said passwords to screen using a post-it note.

      Admittedly, that isn't the system itself being insecure per se...

      --
      Invaders must die
  2. Forget how it was lost. by N1AK · · Score: 4, Insightful

    "An urgent investigation is now under way into how the stick, belonging to the company which runs the flagship system, came to be lost." I dont particularily care how it was lost, people will always manage to lose things and expecting otherwise is very niave. What I really want to know is how the hell that much sensitive data was doing on a USB stick in the first place.

  3. Bet by Sasayaki · · Score: 5, Insightful

    I will bet $100 AUD (Or about 50 UK pounds) that there will be absolutely no jailtime served by anyone involved in the loss of this data, with the possible exception of the poor soul who found it.

    Not the first time it's happened by far, and it certainly won't be the last... would you trust a surveillance society that can't even keep track of its own inventory?

    --
    Check out my sci-fi book "Lacuna" at http://goo.gl/MVxX8
    1. Re:Bet by jimicus · · Score: 4, Insightful

      I will bet $100 AUD (Or about 50 UK pounds) that there will be absolutely no jailtime served by anyone involved in the loss of this data, with the possible exception of the poor soul who found it.

      After the number of high-profile security breaches, the number of well-meaning people who have been treated as suspects by the police and the willingness of the media to pay for such stories, it seems that the only sensible thing to do is very quietly hand it over to a journalist.

    2. Re:Bet by robably · · Score: 4, Insightful

      would you trust a surveillance society that can't even keep track of its own inventory?

      There isn't supposed to be any trust in a surveillance society - that's the whole reason for the surveillance.

  4. The unknown by TheP4st · · Score: 4, Insightful

    This USB stick with sensitive/valuable data got returned and appropriate actions could be taken to minimize damage. But the number of incidents like this we've seen lately raise the question how many other lost USB sticks and other storage media with passwords, personal data etc that are floating around unknown to the people whose integrity and personal finances quite possibly are at stake.

    --
    "I have downloaded hundreds and hundreds of records, why would I care if somebody downloads ours?" Robin Pecknold
  5. Surveillance Society by MrKaos · · Score: 4, Insightful

    For a government that collects so much surveillance on their citizens you would expect an outcry for some accountability when private data is lost.

    --
    My ism, it's full of beliefs.
    1. Re:Surveillance Society by Sasayaki · · Score: 4, Insightful

      Silly citizen. The rules apply to you, not us.

      --
      Check out my sci-fi book "Lacuna" at http://goo.gl/MVxX8
  6. Re:Same old same old... by prefect42 · · Score: 3, Insightful

    To an extent it's just because that's what sells papers. There are always kids being stabbed and planes crashing and data being lost. It's just if kids being stabbed becomes a hot topic, you print more stories on stabbed kids.

    I really don't think much has changed, but the Mail is keen to point out that the world is ending, and it's probably Johnny Foreigner's fault.

    --

    jh

  7. Why was the stick needed? by Jeppe+Salvesen · · Score: 4, Insightful

    I have witnessed how strict, inflexible security rules force people to break the security in order to get their job done.

    --

    Stop the brainwash

  8. Re:Same old same old... by Candid88 · · Score: 3, Insightful

    That's what reading a "newspaper" like the Daily Mail will do to you. If you read tomorrow's copy you'll find out it's all 100% due to immigrants, the EU and Gordon Brown (who "according to a source", was seen carrying out the stabbings himself).

    In reality though, looking at the police stats, there's actually only been a single 14 year-old (and no one younger) who's been murdered this year in the UK. There was a clump of teen stabbings in London at the start of the year but this has reversed to actually being slightly below average over the year.

    The murder rate in the UK currently stands at 1.4 per 100,000 which is only about 1/4 the US murder rate of 5.5 per 100,000 (which itself is extremely low by historical standards).

    So clearly the actual statistics and reality aren't coming out in the media. My problem with this is that it's pretty hard for a rational and correct solution to be engineered when everyone's being told irrational scare stories everyday by newspapers with a clear finnancially vested interest in exaggerating facts.