backtop

Print E-mail del.icio.us 28 comment(s) - last by littlebitstrou.. on Dec 19 at 10:27 AM
Whoops! They did it again -- Britain's government looses millions of more people's personal records.

The UK government is making a run at the record books, but not a very positive one.  Britain's government, plagued by bureaucratic fumblings, is setting new records in how many citizens' personal data one country can manage to lose.  Last month there was news of a record setting loss of 25 million citizen's records, which were sent in the mail by CD and mysteriously vanished.  "Catch Me If You Can" criminal legend Frank Abagnale publicly suggested that someone had purposefully plotted to steal the data, which included bank records, and succeeded -- due to Britain's lax security.

Now the UK officials are twiddling their thumbs and awkwardly trying to put a positive spin on the latest shocking development; they have managed to lose another 3 million citizens' data.

Britain's bureaucratic system electronically stores records for learner drivers, including information on their vehicle, name, address, and other personal information.  Much of this information was privately contracted for storage to a facility in Iowa, in the United States.  This facility revealed to government officials in May that it had lost a single hard disk, which contained over 3 million records.  The UK's Transport Secretary Ruth Kelly, in turn, sat on this information and did not reveal it to Britain's Parliament until this week.

She issued a short public apology, referencing fears of possible identity theft that the victims of this latest bumble may endure, saying, "I apologize for any uncertainty or concern that these individuals may experience."

Fortunately no banking or credit card info is included in the records, however, a malicious party could use the information to apply for credit cards and commit identity theft on a massive scale.

The loss is seen in Britain as another major embarrassment to British Prime Minister Gordon Brown, and the Labor Party (LP), who are struggling with public antipathy.  The Conservative party is seizing the issue as a further means to attack the struggling LP and build a lead into coming elections.

Security remains an increasingly hot topic, as everyone from nuclear plant officials to everyday citizens continue to show a lack of savvy for protecting themselves online.  Between lax data and network management procedures at government and business facilities, to users giving up personal information for an abstract sense of "trust", the greatest threat to public and government security is not some malicious hacker, but the users and officials themselves. 

Britain is seeing the catastrophic consequences of this ignorance, but it is unlikely to be alone as users struggle to separate real threats from fiction and safeguard themselves in the 21st century digital world.

Comments     Threshold


This article is over a month old, voting and posting comments is disabled
Something New
By Mitch101 on 12/18/2007 11:08:45 AM , Rating: 2
Anyone else feel that certain items like social security numbers, drivers licence, etc should move toward something new. Or some sort of monitoring system that tells you when your personal data is being queried or used like the credit system. Maybe add a PIN to social security or a keyword. Maybe all of the above?

I'm not sure what the solution is but its obvious that the designs are severely flawed.

In some respects I think credit card companies want fraud as for the last 10 years I wanted the ability to say I will never purchase anything more than $200.00 on this credit card unless I log into the credit card account and pre-submit I am going to make a large purchase.




RE: Something New
By Grast on 12/18/2007 11:17:03 AM , Rating: 2
I agree this type of information need to be handled in a more secure manor. I believe all personal data should be handled the same way all other clasified information is handled in the military and security agencies.

If a database does exist, security has to be based on a need to know. A department must exist which is their sole job to determine if someone really needs to know. Additionally, all access to this databased should be strictly controlled via similar processes.

I once followed the package carrier across 8 states due to the carrier shipping a production server full of customer data from one datacenter to another. The amount and type of data was considered so important. That once it left the protection of the datacenter. A employee had to keep it in sight or under lock and key until delifered to its final destination.

Losing data in the mail is stupid. The entire IT department for the British government should be layed off and told to find new professions. They obviously do not value their jobs.

Later....


RE: Something New
By Misty Dingos on 12/18/2007 11:50:15 AM , Rating: 2
Good luck with reforming the way any government handles the personal data of tax paying citizens!

I don't care who you vote for on this one. The bureaucracy will not change no matter who is in office. You want to strangle change? Get ten thousand bureaucrats to dig in their heels and slow up work. Granted as slow as most governmental agencies are that slow down might be hard to notice.

Getting the bureaucracy to responsibly handle your ID info will be harder than getting the government to set up privatized retirement plans or an honest and fair income tax system or a health care plan that actually works to the benefit of the citizen and not the government or an insurance company.

The only way to ensure that your personal data is always yours is to never let the government have it at all. No I am not saying to live in a cave in the woods. But that you have your data with you continuously. The only time the government looks at your data is when interface with the government in some way. There would of course have to be exceptions to this, namely criminals. They would have to be tracked in some way by the government.

Oh I don’t know if this idea would work at all but it does put the person in charge of their own life again.


RE: Something New
By theapparition on 12/18/2007 12:23:40 PM , Rating: 2
quote:
The only way to ensure that your personal data is always yours is to never let the government have it at all.

That's not going to happen. The biggest piece of personal information is you SSN, which is government provided. The SSN also became your financial record, for credit bureaus. Identity theft, which is why most people are worried about information leaks like this, can mostly be avoided by contacting the credit bureaus and asking them not to use your SSN, rather use another credit identifier. This way, any leaks on your SSN cannot be used for fraudulent credit purposes.


RE: Something New
By Christopher1 on 12/18/2007 12:54:31 PM , Rating: 2
We shouldn't have to ASK them to use something different as a credit identifier. They should also have on record the names and ages of people, the credit bureaus, so if they see someone who is less than 16 getting a credit card, they can say "Wait a minute? Something stinks here! Maybe we should contact this person!"

We should move to social security cards ONLY being used for social security, and set up ANOTHER card system for credit reports and other things.

Maybe the new card could have your name, age and address printed on it, as well as a CURRENT PHOTOGRAPH! That is what I really would like to see on SS cards in the near future: current photographs so that NO ONE can impersonate another person and a card that easily tells if it has been tampered with.


RE: Something New
By TomZ on 12/18/2007 1:02:11 PM , Rating: 2
quote:
We should move to social security cards ONLY being used for social security, and set up ANOTHER card system for credit reports and other things.

That doesn't solve the problem; it only changes the problem.
quote:
Maybe the new card could have your name, age and address printed on it, as well as a CURRENT PHOTOGRAPH!

Seems like you're advocating a new national ID card. There are a lot of folks that believe that the US government doesn't have the right/mandate to do that. I'm not advocating either side of that debate; I'm just saying that a debate exists.

http://www.privacy.org/pi/activities/idcard/


RE: Something New
By bodar on 12/18/2007 2:19:14 PM , Rating: 2
Hawaii allows people to put an indefinite freeze on new credit lines, so you can drop it only when you want to buy a car or apply for a new card. After that, shields up. The only real downer is that I think it takes a few days to take effect


RE: Something New
By bodar on 12/18/2007 2:22:35 PM , Rating: 2
Also it costs $15 ($5 per credit agency) every time you do it, unless you're the victim of ID theft. Then it's free.

http://www.hawaii.gov/dcca/quicklinks/id_theft_inf...


RE: Something New
By FITCamaro on 12/18/2007 1:57:50 PM , Rating: 1
This is why I am for a national ID system here in the US. Keep everything in one place instead of having duplicate records from state to state.


RE: Something New
By TomZ on 12/18/2007 3:11:35 PM , Rating: 2
The Federal Government would like that too, since it would make it much easier to compile more detailed records about all of us - where we live, where we work, where we go, who we see, what web sites we visit, etc.


Nice
By milomnderbnder21 on 12/18/2007 11:38:33 AM , Rating: 2
And people are surprised that I do not trust government to observe and collect data on me at will...

Not to say that US systems are so lax, but the more they are allowed to have, the more likely it is something bad is going to happen with it.




RE: Nice
By Christopher1 on 12/18/2007 12:57:38 PM , Rating: 2
I have to agree. I am not at all paranoid about government having my information (I abide by laws, though I am trying to get some laws I don't agree with changed) but I am seriously getting pissed at government for losing information so farking often!

It's just gotten to the point where I think that the federal government should reimburse everyone who has their personal information lost at least 100 dollars.

The only thing that makes government think and take pre-emptive action in these cases is the threat of LOSING MONEY, just like with businesses right now.


RE: Nice
By TomZ on 12/18/2007 1:04:11 PM , Rating: 2
quote:
The only thing that makes government think and take pre-emptive action in these cases is the threat of LOSING MONEY, just like with businesses right now.

I don't think the government really cares about losing money. After all, citizens don't hold politicians accountable for too much any more, and certainly making mistakes and paying out "compensation" is not anything that would upset the average US citizen.


RE: Nice
By littlebitstrouds on 12/18/2007 1:43:16 PM , Rating: 2
Yet another wonderful post by TomZ. Always so insightful, and full of hope... I only wish I knew how this guy could be so smart, and know everything.


RE: Nice
By straycat74 on 12/18/2007 4:54:50 PM , Rating: 2
You could start by saying why he is wrong, if he is.


RE: Nice
By littlebitstrouds on 12/19/2007 10:27:05 AM , Rating: 2
quote:
I don't think the government really cares about losing money. After all, citizens don't hold politicians accountable for too much any more, and certainly making mistakes and paying out "compensation" is not anything that would upset the average US citizen.


Probably all of it. I guess where you live, you don't vote. Cause where I live, we do, and a mass majority vote because of being upset about decisions politicians have made that we don't agree on. Please argue with your aggressive "Ughhhh I don't agree with who's in office so therefore democracy isn't working and Americans are stupid." Cause apparently there aren't voting sessions every 2 years to change the government. No accountability, what a joke.


RE: Nice
By straycat74 on 12/18/2007 4:59:54 PM , Rating: 2
The government does not worry about losing money. The government has no money. It is ours. All of the lawsuits where the government is sued and pays out. Yep thats ours.


RE: Nice
By GeorgeOrwell on 12/18/2007 11:46:58 PM , Rating: 2
I think should also mention how the average citizen gets back less than 4 cents worth of tangible goods and services for every Federal tax dollar.

Though a word to the wise: this kind of talk will land you in Gitmo these days.

Remember, "information is terrorism".


Labour Party
By psychobriggsy on 12/18/2007 12:10:38 PM , Rating: 2
It's called the "Labour Party", and like any collection of politicians they're a shower of bastards.

Anyway, apart from the fact that personal information was moved outside of the UK and even the EU onto US land without any permission from the data subjects and clearly against UK and EU law, surely the headline should be "US Secure Data Facility Loses Data"?

This government cannot run an IT project to save its life, and clearly they can't even train their employees in basic concepts like data protection, etc. Clearly this fault also lies in the expensive contractors they get to implement these system. Those who can't even teach, contract for EDS.




RE: Labour Party
By P4blo on 12/18/2007 12:21:59 PM , Rating: 2
An American company was contracted to be handling this data but err, lost it. Can someone tell me why this Jason Mick guy thinks that's entirely the fault of the UK government?

Naturally the actual losing of the HD is irrelevant. It's entirely the UK governemnts fault because........ they trusted them! Shameful!


RE: Labour Party
By TomZ on 12/18/2007 12:56:57 PM , Rating: 3
The point is that the UK government is ultimately responsible for its actions and the actions of its contractors.

BTW, before someone tries to make this a US-UK debate, I would say the same thing if a UK contractor lost information that the US government is responsible for.


I wonder
By clovell on 12/18/2007 11:57:36 AM , Rating: 2
I wonder who the private contracting firm was. See, about 3 months ago, I got an e-mail from my old university telling me that my Financial Aid records from college had been lost.

Apparently, a truck full of these records had its shipment suddenly vanish. The truck was carrying tens, if not hundreds of thousands of students' Financial Aid records. The company contracted by the great state of Louisiana was Iron Mountain. The state spun it like this: The average Joe on the street couldn't pick it up and access the information, he would have to have special computer equipment and skills and know what computer language it's in." But, the fact was that the information was NOT encrypted - probably just stored as an XML file.

That didn't surprise me as these same guys had botched some important logistics of file cleanup after Hurricane Katrina flooded a lot of the hospitals in New Orleans - where I ended up working for a while. It took over a year to get many of our files back.

You can read about it here:

http://blog.nola.com/times-picayune/2007/10/studen...

I just wonder if it was maybe the same company. If nothing else, this problem isn't unique to the UK.




RE: I wonder
By JustTom on 12/18/2007 1:10:20 PM , Rating: 1
I do wonder why such sensitive data is not encrypted. I work at an university and the data I have access to from home is truly chilling.


CD? External HDD???
By odiHnaD on 12/18/2007 11:33:08 AM , Rating: 2
I think more than anything what astounds me is that information of this magnitude is on physical media in the first place.

Why put this on a CD or an External HDD?

This type of data should never leave the data center which should be under surveillance 24/7 in addition to being under lock and key (preferably electronically secured and logged).

And lastly I won't even get started on the fact that there was no File System level encryption or any type of electronic security at all for that matter...




Looses
By deeznuts on 12/18/2007 12:46:54 PM , Rating: 2
Marcus, I hate to be a spelling Nazi, but the loose - lose typo just bugs the living crap out of me. Especially in your sub-headline. Most typos I can handle, that one just kills me!

The UK just keeps getting better. Remember when it was discovered their nukes were protected by bicycle locks?
http://news.bbc.co.uk/1/hi/programmes/newsnight/70...

Bic pen anyone?




By GeorgeOrwell on 12/18/2007 10:01:35 PM , Rating: 1
Say the US goes to the national ID system. Then 30M - 50M identities get stolen in a similar fashion.

The problems that will arise from this theft will have a significant negative impact on the economy.

It may mean a large number of people cannot get jobs. Or get fired from their existing job. Cannot buy cars, houses, or obtain credit.

And that will be just the beginning of the problems as this is the "first wave". Future waves will be many many people turning to crime and underground economies to make ends meet. Maybe a lot of these people will simply come back to the US as Mexican immigrants with new identities.

Most importantly, it is really unclear with the "better than citizen" treatment of illegal immigrants what any sort of official ID is good for anyway. An official ID, at least today, comes with far more downside than upside.

For instance, instead of an official US ID, if you have a matricula consular card, you can open a bank account, get insurance, buy a car, etc. Everything that matters in the US is available to illegal immigrants. Except you can also get no documentation small business loans of up to $50K (unavailable to citizens), free medical care, free school, food vouchers, etc. All without the obligation of paying social security, taxes, etc.

All in all, as the US spirals into the dirt, it looks like the monkeys running the show are greedier and dumber than ever: a true idiocracy.

But maybe the dumbest of the dumb are the citizens themselves, the suckers that continue to pay taxes even though they get nothing in return.




By TomZ on 12/19/2007 9:02:57 AM , Rating: 1
quote:
But maybe the dumbest of the dumb are the citizens themselves, the suckers that continue to pay taxes even though they get nothing in return.

Last time I checked, paying taxes wasn't considered optional. Well, technically it is optional if you don't mind spending time in jail that is.


Revenue loses 6,500 people's data
By Kougar on 12/19/2007 12:52:12 AM , Rating: 2
Have another one to report on:

quote:
The data cartridge had been sent by courier to the offices in Cardiff The personal details of 6,500 customers belonging to a pension firm have been lost at an office of HM Revenue and Customs (HMRC) in Cardiff.

Names, addresses, date of births, national insurance numbers and pension contributions were included on a data cartridge which has been lost. It had been sent by courier in September from Countrywide Assured.

The HMRC has apologised about its seventh such loss of data and has told the Information Commissioner.


Source: http://news.bbc.co.uk/1/hi/wales/7149767.stm




"Game reviewers fought each other to write the most glowing coverage possible for the powerhouse Sony, MS systems. Reviewers flipped coins to see who would review the Nintendo Wii. The losers got stuck with the job." -- Andy Marken

DailyTech Poll
Which web browser do you use on your primary personal machine? 






44 Comments









botimage
Copyright 2009 DailyTech LLC. - RSS Feed | Advertise | About Us | Ethics | FAQ | Terms, Conditions & Privacy Information | Kristopher Kubicki