HMRC data loss leaves 25 million exposed

By on

The head of HM Revenue and Customs (HMRC) has resigned after it was revealed in parliament that the personal details of 25 million Britons had been "lost in the post"..

Chancellor of the Exchequer Alistair Darling said in a statement that two CDs with the details of 25 million families had been sent to the National Audit Office by courier firm TNT but failed to arrive.

The material was apparently put in the post by a junior employee at the HMRC office in Washington, Tyne & Wear.

The disks, which were password protected but not encrypted, contained names, addresses, dates of birth, child benefit numbers, National Insurance numbers and bank or building society account details.

Paul Gray, chairman of HMRC, has already resigned and opposition MPs are calling on Darling to do likewise.

"The lost bank account numbers, names and addresses represents a gold mine for thieves and is much more valuable than credit card numbers or taxpayer ID numbers," said Avivah Litan, vice president at Gartner Research.

"Bank account numbers sell for the highest price on the black market, between US$30 and US$400, which is significantly more than the 50 cents to US$5 that criminals pay for credit cards.

"If evidence emerges that the data fell into criminal hands, the UK banks may be forced to close the 15 million accounts and issue new ones at an enormous cost to them and a major inconvenience for their customers."

This is the third in a series of data breaches at HMRC. The organisation lost the details of a number of high net worth individuals in October, and banking details for 15,000 savers went missing earlier this month when a laptop was stolen.

"Another week and another high profile data breach for the government," said Joseph Hoban, vice president at data protection firm GuardianEdge.

"This is not the first time that public data has been compromised and, if lacklustre security continues to rule, it certainly will not be the last.

"It is time that tougher security measures were taken to protect our most confidential files. Securing two disks with only a password is not sufficient."

Darling has described the incident as "extremely regrettable" but has resisted calls for his resignation.

The loss has also sparked renewed calls for a data breach law that would force the government and companies to inform people if their data had been put at risk.

"California introduced data breach notification legislation some time ago, which compels businesses to inform customers if their personal data may have been compromised," said Richard Turner, vice president of sales at security firm RSA.

"The introduction of similar legislation would not only be a significant step in combating fraud, but constitutes a basic human entitlement.

"Public awareness of security breaches would serve to focus organisations on ensuring that confidential information is adequately protected, and enable the public to take appropriate safeguards in the event of a compromise."
Copyright ©v3.co.uk
Tags:

Most Read Articles

You must be a registered member of iTnews to post a comment.
| Register

Poll

New Windows 10 users, are you upgrading from...
Windows 8
Windows 7
Windows XP
Another operating system
Windows Vista
How should the costs of Australia's piracy scheme be split?
Rights holders should foot the whole bill
50/50
ISPs should foot the whole bill
Government should chip in a bit
Other
View poll archive

Whitepapers from our sponsors

What will the stadium of the future look like?
What will the stadium of the future look like?
New technology adoption is pushing enterprise networks to breaking point
New technology adoption is pushing enterprise networks to breaking point
Gartner names IBM a 'Leader' for Disaster Recovery as a Service
Gartner names IBM a 'Leader' for Disaster Recovery as a Service
The next era of business continuity: Are you ready for an always-on world?
The next era of business continuity: Are you ready for an always-on world?

Log In

Username:
Password:
|  Forgot your password?