backtop


Print 39 comment(s) - last by lco45.. on Nov 27 at 4:06 AM


Frank Abagnale (left) thinks the data was stolen. Abagnale's own former amazing criminal escapades were brought to the public eye when he was played by Leonardo DiCaprio (center) in the 2002 film "Catch Me If You Can," based on his autobiography.  (Source: Dreamworks SKG)
Government says no sign of criminal activity; famed convict says otherwise

In what could be the high tech snafu of the young century, the United Kingdom's government has lost two computer discs which contained bank account information and other valuable personal information for every parent in the United Kingdom with a child under 16.

The Child Benefit data housed 25 million individuals' name, address, date of birth, National Insurance information, and often times bank account information.  Protection and use of this information was under the domain of the government department Her Majesty's Revenue & Customs (HMRC).

Chancellor Allistair Darling of the Labour Party, issued a warning that seemed to say two things, stating first that there was no evidence that the data had gone to criminals, and then going on to state that people should "monitor their bank accounts for unusual activity."

The Conservative Party was quick to attack this lapse, calling it a "catastrophic failure."

Addressing the Members of Parliament (MPs), Chancellor Darling told them, "[This was] an extremely serious failure on the part of HMRC to protect sensitive personal data entrusted to it in breach of its own guidelines."

He went on to say, "The missing information contains details of all Child Benefit recipients: records for 25 million individuals and 7.25 million families," drawing gasps from his audience.

Apparently junior HMRC officials ignored security procedures, send the discs to the the National Audit Office (NAO).  The discs never arrived at the office.  The discs were sent on October 8th, and senior HMRC officials didn't realize the loss until a full month later, on November 8.  It took them another two days to inform the Chancellor.

Chancellor Darling does his best to describe how the scenario played out, stating:
Two password protected discs containing a full copy of HMRC's entire data in relation to the payment of child benefit was sent to the NAO, by HMRC's internal post system operated by the courier TNT.  The package was not recorded or registered. It appears the data has failed to reach the addressee in the NAO. The police tell me that they have no reason to believe that this data has found its way into the wrong hands.  The police are not aware of any evidence that it has been used for fraudulent purposes or criminal activity.
The government has set up a hotline number (0845 302 1444) where concerned citizens can get more details.

The government blamed the banking system for the delay in releasing the information, stating that the banks were adamant that they needed time before the government made the announcement. 

Chancellor Darling also tried to downplay any threat to citizens stating, "If someone is the innocent victim of fraud as a result of this incident, people can be assured they have protection under the Banking Code so they will not suffer any financial loss as a result."

The loss is under investigation by some of Britain's top cops -- the Metropolitan Police and the Independent Police Complaints Commission (IPCC), which monitors the HMRC.  HMRC Chairman Paul Gray is the highest government official currently to resign over the scandal.  His office had several previous security lapses in which less significant data had gone missing.

U.K.'s Shadow Chancellor George Osborne (Conservative Party) scathingly stated:
Let us be clear about the scale of this catastrophic mistake - the names, the addresses and the dates of birth of every child in the country are sitting on two computer discs that are apparently lost in the post, and the bank account details and National Insurance numbers of 10 million parents, guardians and carers have gone missing  Half the country will be very anxious about the safety of their family and the security and the whole country will be wondering how on earth the government allowed this to happen.
Osborne told his fellow government leaders they needed to "get a grip." He states the incident is the final nail in the coffin of efforts to create a national ID database, citing that the government can't be trusted with the information.  The finger-pointing continued throughout the U.K.'s government yesterday.  Some pointed to the aging "relics" of computers in the government offices, others blamed various government departments for various failings.

Weighing in on the issue is an interesting outside observer former convict-turned-FBI fraud expert Frank Abagnale, interviewed by ComputerWorld UK.  Abagnale, made infamous by his autobiography which became the motion picture Catch Me If You Can, impersonated professionals from doctors to airplane pilots and used his guises to pass false checks, worth $2.5 million at the time, before finally being caught by the FBI.

Abagnale states that he believes the data loss was a theft despite the U.K.'s insistence to the contrary.  He says the impact will last for years, and the government needs to be more frank with its citizens on what is to be done.  He says the breach demonstrates that the U.K is severely lagging behind the U.S. in data breach notification laws.  He also agrees with Shadow Chancellor Osborne's statements that the breach proves that a national ID database is a horrible idea.

“It was not just a mistake.  I truly believe that someone paid for the information to be stolen.  It’s what happens all the time, that someone acted in collusion with somebody else to steal this data” says Abagnale.

Abaganale went on to warn the U.K.'s government that if they think their technology is foolproof to think again.  “When people say their system is foolproof, they are underestimating the creativity of fools,” he said.

The U.S. may be doing slightly better, and so far has not fallen victim to a data loss this epic, but it has its own security issues.  A recent report by DailyTech detailed that IRS employees had fallen victim to social engineering scams, designed to test their security awareness.  The Department of Homeland Security in the U.S. has also been battered by more direct attacks from hackers.  These stories show just how proactive the government has to be in protecting its citizen's data.


Comments     Threshold


This article is over a month old, voting and posting comments is disabled

Cliffs:
By NicePants42 on 11/21/2007 3:18:36 PM , Rating: 5
1. UK Gov't creates encrypted personal records of it's citizenry.
2. UK Gov't decides to send this information by burning disks and mailing them.
3. Incompetence of UK Postal Service pwns incompetence of UK Gov't.
4. Hilarity ensues.




RE: Cliffs:
By Screwballl on 11/21/07, Rating: -1
RE: Cliffs:
By Helbore on 11/21/2007 4:16:34 PM , Rating: 4
It was sent via TNT, a private courier, not the Post Office.

I am just pointing this out, because if it went via Royal Mail, then nobody would be worried that it didn't arrive. All it would mean is that the disks were stuck in a backlog and would probably be delivered in about three months time.


RE: Cliffs:
By MrPoletski on 11/24/2007 6:12:36 AM , Rating: 2
HAHA too true


RE: Cliffs:
By 3kliksphilip on 11/21/2007 6:12:02 PM , Rating: 4
Lets just hope the password for the discs wasn't 123. Or password.


RE: Cliffs:
By Ajax9000 on 11/21/2007 7:23:17 PM , Rating: 3
Or that the thief doesnt have a 8800GTX and a spare 600 Euros ...
http://www.behardware.com/news/9181/cuda-breaks-pa...


RE: Cliffs:
By Mean MrMustard on 11/22/07, Rating: 0
RE: Cliffs:
By lco45 on 11/27/2007 4:06:41 AM , Rating: 2
What's the connection between socialism and data loss?


"Game reviewers fought each other to write the most glowing coverage possible for the powerhouse Sony, MS systems. Reviewers flipped coins to see who would review the Nintendo Wii. The losers got stuck with the job." -- Andy Marken

Related Articles













botimage
Copyright 2014 DailyTech LLC. - RSS Feed | Advertise | About Us | Ethics | FAQ | Terms, Conditions & Privacy Information | Kristopher Kubicki