Government loses 15m people's personal data

[Saracen]

Yes. Its fricken horrible this.. Infact, I don't even like the idea of someone personally delivering something as important as this. If anything, it should be done in a securicor van or whatever, with armed guards and a briefcase handcuffed to someones wrist and all that. Bloody 2007.... They should be transferring data like that over a WAN or something, on a secure connection. Its just amazing that some pleb would write this onto a disk (probably zipped with WinZip unregistered version, and then burnt with Nero), and then it was just stuck in an envelope and sent via some public delivery company. (DHL, UPS, one of those types of places.. with three letters). Its madness. It makes me wonder if they where so stupid to do that, that maybe there won't be any encryption on there at all. Or maybe they put a password on the zip and wrote the password on one of the CD's. Arrrghhh.

They were sent via HMRC internal mail .... but in these days of outsourcing, that proved to be TNT. Maybe it's a dedicated delivery, maybe not.

My view was that this stuff shouldn't have been sent over a courier service, but it shouldn't have been sent over a WAN either, let alone a internet connection.

This is a case where the mountain shouldn't have been posted to Mohammed, but rather Mohammed should have gone to the mountain. The data should not have left the secure building it was in. If the NAO want to audit it, they go to the data.

And the real issue is not that some pleb did this, or that he ignored procedure to do it, but that he had the physical access to the data to be able to do it.

One academic summed it up nicely on TV tonight (Newsnight I think) by referring to the government's intention to merge all NHS patient records into one big database. He pointed out that if your GP's surgery has 10,000 patient records, control is local, access is available to maybe a dozen or two staff in the surgery and the potential for disaster is controllable and limited to that 10,000 patients anyway.

But if you codify 60,000,000 patient's records and give access to 300,000 NHS employees, security becomes practically impossible. There's a certain advantage to hospital and doctors records being available nationally if you're taken ill away from home, but the potential for calamitous cockup expands hugely, let alone the scope for large-scale abuse. Personally, I do NOT want my medical data accessible to anyone outside my GP's surgery, and I'll risk the consequences of being taken ill elsewhere.

But this is typical of our current governments mania for the "one big system" solution, and for aggregating as much data about us all in one place as they possibly can. In a recent hospital visit, I was asked by the hospital if they could computerise the records (on this new national system). I refused, and they kept all records manually on paper instead, with a note that computerisation had been explicitly refused. The first step in preventing that data getting into the wrong hands is to restrict who has physical access to it, and if it's not on the computer in the first place, an unauthorised person at the other end of the country can't copy it onto a disc and lose it in the post.

[Lucio]

Perhaps they need to bring back some older technologies in database storage. Yes, data is held centrally BUT to gain access to the data, you have to phone down to the database room and have a guy, after a couple of security checks, physically go over and get the disc out of storage with the correct information to put into the machine.

[TheAnimus]

And it isn't even looking like a single system failure, but one of a catalogue of issues, of both systems and policy. Who decided to merge Customs and Inland Revenue, and at the same time, implement staffing cuts amounting to about 25%, including a lot of management. Small wonder junior officials are doing this sort of thing, if large numbers of their bosses have gone.

Nail... Head.

On the whole space required front. A quick look at one of my dirty great partitioned tables, shows 96,302,667 rows at 4,776MB. Un-Compressed, with some rather big indexes at ~7,500MB.

I'd guess that the data wasn't even compressed, the only password protection would be on the actual database file itself, which is hardly designed to obfuscate the data.

[mycarsavw]

For those worried about the data, there's a helpline. No idea what they're going to tell you, but I'll find out soon.

0845 302 1444

What has just hit me is, children's names and details are on there too.

[TheAnimus]

What has just hit me is, children's names and details are on there too.

[usxhe190]

lol at the above

[joshwa]

So is the only safe way to avoid any future problems to change your bank account?

[craigtrap]

i will never trust anyone that has access millions of people financial data!!

[mycarsavw]

So is the only safe way to avoid any future problems to change your bank account?

BBC NEWS | Politics | Q&A: Child benefit records lost

What are people advised to do?

* Mr Darling said people should check their bank accounts for any "irregular activity"
* He said there was no need for people to close accounts as the details would not be sufficient to allow fraudsters to access them
* But people should not give out personal or account details "requested unexpectedly" by phone or by email
* Banking industry body Apacs advised people who bank online to monitor accounts and change passwords if they are a child's name or date of birth
* Contact your bank immediately, but only if you spot something suspicious as banks are expecting to be overwhelmed with calls
Banks also warn customers to be on the lookout for signs of ID theft and fraud - such as regular post like bank statements going missing, bills for items you have not bought, or letters approving or denying you credit you know nothing about

[usxhe190]

* But people should not give out personal or account details "requested unexpectedly" by phone or by email

Lol - yes people shouldn't because the government will do it for you...!

[Brucelles]

I wonder how much I can sell this disk for?

[TheAnimus]

find it on eBay!

[b0redom]

I don't see, given the numbers they're spending on IT, why they don't just implement a UK wide private fibre network. Everyone would need some secure way of logging on (maybe smartcards), access could be controlled centrally - something like LDAP.

That way, data would never leave the control of the dept who need it, and there would be no possibilty of it getting lost as you could simply remove all the optical disk writers.

Sure it'd cost a bit, but over the lifecycle of the network, I'm sure it'd easily pay for itself as the govt wouldn't need to pay ISP fees etc.

[kalniel]

Something like that already exists I think.

[finlay666]

I found it ...........on eBay

Find Two CD-R's - Have data on them - some sort of database on eBay within, Other, Everything Else (end time 28-Nov-07 08:01:11 GMT)

[Saracen]

So is the only safe way to avoid any future problems to change your bank account?

I suppose it depends on the degree of risk you want to run. So far, there's no evidence (according to repeated claims) that these discs have fallen into the wrong hands. They're probably sitting in someone's in-tray in the wrong department, and when that person gets back from holiday, they'll come to light. Or they've got caught in the bottom of a mail sack and will be found in a TNT depot somewhere.

But meantime, it's about far more than just your bank account. If you were trying to get into ID theft, a huge database of names and addresses, kids names, NI numbers and so on would be a VERY good start. We don't know what, if any, other data may have been on these discs.

But I have a couple more questions. In what form was this data stored? I don't mean the medium or the encryption. I mean, is it data designed to be read by a specific application which understands the data format, or is it some form of clear-text list, CSV or such?

If it's a database dump, it'll take rather more effort to understand the data structure in order to be able to reconstitute it into usable data. If you can just import it into Excel as a ruddy great list, then it'll be far easier.

Alastair Darling kept going on yesterday about how there was no evidence of misuse or that it had fallen into the wrongs hands. Gordon Brown today at PMQ's kept making that same point. But would there yet be that evidence?

Which brings me back to your question, joshwa. It isn't just about bank accounts, but about a vast quantity of fundamental data which might not constitute sufficient for id theft on it's own, but it sure as hell is a good start. Is it not conceivable that some criminal somewhere would choose to bundle this up, say a million records at a time, and flog it off to 25 different groups or individuals that would then use it as the foundation for an ID theft bonanza?

But if it were just about bank accounts, then yes, the ONLY way to be sure to avoid future bank problems (arising directly from this incident) is to change bank accounts. Even if they recover the discs, they've been ought of control for several weeks now. How long does it take to copy two discs? 10 minutes? So could you be sure the data wasn't still out there even if the discs are recovered. If I had the discs and had nefarious motives, that's exactly what I'd do - copy them and then allow the originals to be recovered, then sit and wait until the immediate hubbub had died down. Then, stealthily and quietly .......

Fortunately (he says with a smug grin) I don't have kids of an age where I'm on this database, and so I'm confident I'm not on this list. If I were, I'd have been at my bank by now, changing the account for a new one. This would not be because I thought it was likely to be a problem, but because if I change it, I can be sure that at least the compromised bank details can't be a problem. A small risk becomes zero risk (from this incident), which is better than a small but existing risk and concern, and my peace of mind factor goes back up to where it was before.

So personally, despite Darling and Brown's reassurances, I'd be changing my bank account.

Oh, and Darling kept assuring people that individuals wouldn't suffer if fraud results. Cobblers. Individual bank account holders might not suffer as a result, but as Labour spokespeople have kept saying, the banking code would protect account holders ...... so the banks suffer. But banks aren't just alien edifices - they have employees and shareholders. And for anyone reading this thinking that the fat cat bank shareholders can afford the loss, and it doesn't affect you, think again. It probably does. Who are all those bank shareholders? By an large, investment groups, pension funds and insurance companies. If it doesn't threaten to impact directly on people via bank shares and dividends, it threatens to impact indirectly on your pension fund, life assurance and so on.

And when the government are asked if they'll underwrite the banks losses if fraud occurs, they hedge. One Labour minister said, more or less, "that's a conversation we'll have to have with the bank". I'll bet it is. For a start, how can you ever determine if a given fraud results as a result of this cockup, or just on someone who happens to be on the list?

So, if fraud occurs, either the banks absorb the costs and it will impact on pensions, etc. Or the government underwrite the loss. after all, it was a government department that allowed it to happen. But wait, if the government underwrite the losses, it'll be taxpayers paying for it.

No wonder Ministers don't want to answer the question about who pays, and whether the government will compensate banks if they lose. Whatever they say, it'll be public that end up footing the bill for government mistake (in the single event) and incompetence (in having such poor access controls that it could happen) in the wider picture and longer term.