Govt Data Loss

[Gardian]

To me, absolutely fascinating events today!

For a 1st line report to the Chancellor to resign, is quite something. The sh*t must have been hitting the fan around Whitehall big time over the last few days and now the Govt has had to go public on the whole thing.

Now, of course, the lost disc(s) probably haven't got into the wrong hands and it'll all die down gradually. But the body language of the Chancellor and GB in the HofC was extraordinary - pained to say the least.

With 7+M families potentially affected, I'd say that the banks are going to be inundated with calls over the next few days.

I make no particular political point (it's just one of those cockups that 30 yrs ago would have been swept under the carpet and we'd never have heard about), but I find the politics of it all ........ well, as I said, fascinating.   

[Ron Avery]

Having worked as an Auditor for many years in a public body, IMO the whole focus of attention on this potential disaster is way off beam.  What sort of auditor and Audit Office, that also has responsibilities for computer system integrity and security systems and procedures, asks a department to download data of the most sensitive kind and send it to them in the post, unless it was a test to see if they were dumb enough to do so.

Whenever this type of review was done in the past, the auditors went to the data source, not the other way round.  So why isn't the head of the National Audit Office being asked why it made this request in the first place?

Howeverr, is this really the disaster the 24 hour news channels are making it out to be?  The data on those CDs, if we have been told the truth,  name, address and bank account number, is no more than is shown on a cheque that millions of people send and give to strangers on a daily basis without batting an eyelid.

[John L]

On the news channel I watched. It mentioned names and addresses and national insurance numbers were also on the disk/s.

[Alex H]

[quote user="Ron Avery"]

The data on those CDs, if we have been told the truth,  name, address and bank account number, is no more than is shown on a cheque that millions of people send and give to strangers on a daily basis without batting an eyelid.

[/quote]

The data contains the names of children and their dates of birth, which are common choices for bank account passwords unmongst the less computer literate in the UK

 

[Will]

[quote user="Ron Avery"]

So why isn't the head of the National Audit Office being asked why it made this request in the first place?

[/quote]

I would imagine he is keeping a low profile - his own personal scandal was revealed last month:
http://www.channel4.com/news/articles/politics/domestic_politics/the+bourn+expenditure/958952

Though some of us have been following the story in Private Eye for ages.

The latest loss of sensitive data by HMRC is just one of several similar recent cockups, the words 'straw' and 'last' spring to mind. Such is the way the blame culture, beloved by the tabloid media, works, that somebody has to be held responsible, and a particular senior civil servant has carried the can. As suggested above, the real culprit is probably a spotty oik, who might well have done something stupid like leaving the package in MacDonalds on the way to the Post Office - though it could be argued that oik's manager should be held accountable, and so on up the civil service tree.. 

[Pierre ZFP]

So how can Darling stand up and say that the information has not got into the wrong hands if he doesn't know where it is?  The unscrupulous element in society could do an enormous amouont of identity theft with this info and it is naive to think otherwise.

One thing is for sure, it's knocked the the whole ID card issue into touch for good, nobody in their right mind would trust even more sensitive data to a bunch of Bozos like this.

This even made Lux radio news this morning where it was pointed out that in Lux, if this had happened to even a small company, let alone National Data, the Chief Exec would be personally responsible and banged up for a very long time.  They take personal data seriously here.

[Deimos]

Seems a pity the ID card scheme has not yet been introduced.  Apparently the main reason (current one anyway) for the UK ID card scheme is to prevent identity theft.  Thus when the government lose personal details of half the population, if we all had ID cards we would not be at risk from identity theft and in effect quite safe.  That is the trouble with UK government IT - just to late.  [:D][:D]

Ian

[Hoddy]

Part of the reason that I've said from the outset that I won't have an identity card is because the government has been so very poor at using computer technology. I'm hoping that this fiasco will put the final nail in that particular coffin.

In the meantime I'll worry about my daughter's bank account being attacked.

Hoddy

[Pierre ZFP]

Well not really, if the personal data held on an ID card was lost/stolen then within a very short time there would be millions of cloned cards, couple that with the loss of bank account details and you could go on a huge spree of emptying bank accounts. 

I can see it now.  Ah Mr Deimos, so you want to withdraw all you money, very well, if I could just see your ID card please?

What we need to protect us is criminals Hackers and Con artists to test out security.  In fact I know 2 computer hackers who make a very good living employed by a large bank specifically to try and break in to systems. The old 'Poacher turned Gamekeeper' scenario

[Will]

Which is why illegal immigrants are employed as security guards in sensitive locations?

http://www.telegraph.co.uk/news/main.jhtml?xml=/news/2007/11/14/nsmith114.xml

[Deimos]

[quote user="Pierre ZFP"]

Well not really, if the personal data held on an ID card was lost/stolen then within a very short time there would be millions of cloned cards, couple that with the loss of bank account details and you could go on a huge spree of emptying bank accounts. 

I can see it now.  Ah Mr Deimos, so you want to withdraw all you money, very well, if I could just see your ID card please?

What we need to protect us is criminals Hackers and Con artists to test out security.  In fact I know 2 computer hackers who make a very good living employed by a large bank specifically to try and break in to systems. The old 'Poacher turned Gamekeeper' scenario

[/quote]

Whilst the government has not yet explained how the ID card system will prevent identity theft (and despite many experts advising to the contrary) they do assure us regularly that it will prevent such illegal activity.  I guess the ways and means this works are "top secret" (as most things are these days).

Actually, being serious, this was always bound to happen, will happen again, etc.  In my experience of government IT - an embarrassment to the industry (but contractors get very rich).  My first job was in compiling health service statistics and I was given a project to try and identify somebody from a supposedly anonymous data set - no problem at all (and I'm no hacker).  It does beggar believe as to why the government feels it needs more and more of such systems when the ones already there are useless.  More systems = more risk.

I wonder if I should call the Inland Revenue and ask them to remove all records about me from their systems for security reasons (i.e. they have already proven they cannot keep it secure).  Same request worked with the NHS health records database.

Ian

[Will]

Some more points on this debacle.

There has been debate on the radio this morning about why items like this are trusted to the ordinary mail, rather than being sent by recorded delivery. The recorded delivery service merely records the fact that an item has been delivered - it doesn't guarantee that an item will be delivered, will not be lost or misplaced in the post, or that it will be delivered intact, or track its progress through the system. The slightly more secure and infinitely more expensive special delivery offers a few more safeguards, such as guaranteed delivery, but doesn't mean that it will be delivered to the addressee. It's much the same with the French system: it is not uncommon for even big corporations to claim, when they have failed to act on an accusé de reception letter, that it was delivered to the wrong person or that an empty envelope was received - the contents must have fallen out in the post. The postal system is good, but it is not secure, and certainly not suitable for sensitive data.

At the risk of opening up a can of worms, the person responsible is reputed to be in the NW of England. HMRC has been, and still is, under great pressure to move virtually all of its operations out of the expensive south east to cheaper areas, where there is a great pool of potential staff currently unemployed. Replacing dedicated, experienced staff with those plucked off the dole queue is not conducive to efficiency and good service - which was the focus for HMRC's predecessors a few years ago, but has now been superseded by cost-cutting.

At the same time, staff training is being drastically reduced by HMRC - do we smell even more potential disasters?

[Russethouse]

The other frightening piece of info said to have been compromised is 'mothers maiden name'. eeeeek[:@][:@]

Just for reference: a few days ago I received a little gizmo from our bank - now every time I enter my online account I have to enter my bank card into this little gadget, enter my pin code and the gizmo generates a number that I need to enter my online account - how it works I have no idea but in the light of this breach maybe everyone with online accounts will be getting something similar.

[Will]

Yes, I've had one of those for a few months now, but the bank system still does not seem to have been updated to work with it. We also have a similar thing for accessing work websites from remote locations. In that case we had to personally visit the office to sign for the gizmo - which seems to be very similar to the bank one - because it was too valuable to be sent through the post.

This seems to have come full circle (though we are now being told that apparently the discs in question were being sent via the government's own internal post system).

[Alex H]

[quote user="Russethouse"]

The other frightening piece of info said to have been compromised is 'mothers maiden name'. eeeeek[:@][:@]

Just for reference: a few days ago I received a little gizmo from our bank - now every time I enter my online account I have to enter my bank card into this little gadget, enter my pin code and the gizmo generates a number that I need to enter my online account - how it works I have no idea but in the light of this breach maybe everyone with online accounts will be getting something similar.

[/quote]

 

One of these http://en.wikipedia.org/wiki/SecurID ?

 

[Gastines]

Last year we visited our banks and gave written instructions that no money was to be transfered to another account unless by our personal visit. We asked for a signed copy from the managers. With the execption of our DD's I hope it will save us losing the 10 euros I have saved this year, or at least give us some legal clout if they do manage to lose it.

Regards

[pip24]

After watching the child benefit scandal on the News last night I could not believe what followed shortly after. Was it an ironic coincidence that the Benefit Fraud is a Crime Ad was shown or was someone having a laugh?

The Ad says "NO IFS, NO BUTS Benefit fraud is a crime and those breaking the law face a criminal record". 7.5million items of security sensitive information has been stolen or lost. So on the same scale of punishment what will the result be? 25 years or Hanging!

Will says that the Civil Service Tree is arguably accountable. I agree. More heads should roll for this one. Apart from yesterdays resignation no one has responded with integrity I think that the hierarchy involved should watch the Ad for themselves, remember NO IFS, NO BUTS and do the decent thing and resign.

Russethouse, a point that you brought up of mothers maiden name. On family history sites you can tell some one that you may be related and ask to see their tree. This is just one way to get this information. It frightens me. Link this to the above scandal and things go deeper than they seem, if you see what I am getting at.

[Will]

[quote user="Tandem_Pilot"]

One of these http://en.wikipedia.org/wiki/SecurID ?

[/quote]

No, the bank one is larger, and has a slot into which you put your chip and pin card (or at least mine does). The work one is very similar to the SecurID though it's from a different supplier.

 

[Russethouse]

 The family history site flaw  is surely well known to many now, however you give that information of your own free will, its a bit different when its been stolen from you !

I had to smile as the truck photographed in the news item belonged to a company who touted for our business last year and we turned down, if they can't get a few discs from the NW to London , what price Ramallah ? [8-)]

[PeterG]

Earlier this year the Financial Services Authority fined the Nationwide £980,000 for security breaches of customer's information that went missing with an employees laptop. So if the authorities fine the HMRC, who will end up paying the fine..........The taxpayer!!!!!!!!!!

[Russethouse]

My 'gizmo' sounds more like Wills, but I have yet to use it. Does this mean that if I go abroad I need to get another one ? ( I often travel alone so MOH will need to keep the gizmo here)

[Will]

My English bank gizmo was sent to our address in France, so one would assume it will work there. The other one, that lets me log on to the office system, has worked from Austria, Finland, Denmark, Holland and Germany as well as Britain and France (have I really been to those places since I had the thing?)

We asked the bank for another one, but you can only have one per user name. So Judie had to set up her own online identity, rather than us sharing the log in details (which we should not have done anyway, although the account is in joint names).

[Frederick]

Years ago when I  worked at Heathrow. I saw daily guys that were checked through onto aircraft with brief cases handcuffed to them .....These were bank couriers taking computor discs  back and forth ....If the banks can do it ...then why not the civil service ? . it cant be that hard to find sombody to personal courier this information up and down the M1 . I suspect now that the Police are in the building  forcing open locked desk drawers and the like ..... a lot of staff are very worried now .... many will  end up having  background checks done on them and their families and  they will be re vetted ......this could have done us a favour ....

[Deimos]

I see it is now reported that the head of HMRC who resigned has resigned ON FULL PAY whilst an early retirement deal is negotiated.  For me it has always been that if you quit your job, you go.  Sometimes you give notice, sometimes your employer allows you to depart immediately, sometimes you "work" out your notice on gardening leave.  Either way you do not continue to get paid after you have left.  How do these people get these contracts and how come the government as an employer is so daft as to offer them ?

Ian

[Valleyboy]

I have to say that I admire Paul Gray's courage in taking the blame for his department's failure, and wonder what Sir Ian Blair thinks of his action. But... how about a conspiracy theory... the "junior official " was in league with an "illegal immigrant" security guard, and the discs are now somewhere in Eastern Europe?