Page 3 of 10 FirstFirst 123456 ... LastLast
Results 33 to 48 of 153

Thread: Government loses 15m people's personal data

  1. #33
    Admin (Ret'd)
    Join Date
    Jul 2003
    Posts
    18,481
    Thanks
    1,016
    Thanked
    3,208 times in 2,281 posts

    Re: Government loses 15m people's personal data

    Quote Originally Posted by acrobat View Post
    Yes. Its fricken horrible this.. Infact, I don't even like the idea of someone personally delivering something as important as this. If anything, it should be done in a securicor van or whatever, with armed guards and a briefcase handcuffed to someones wrist and all that. Bloody 2007.... They should be transferring data like that over a WAN or something, on a secure connection. Its just amazing that some pleb would write this onto a disk (probably zipped with WinZip unregistered version, and then burnt with Nero), and then it was just stuck in an envelope and sent via some public delivery company. (DHL, UPS, one of those types of places.. with three letters). Its madness. It makes me wonder if they where so stupid to do that, that maybe there won't be any encryption on there at all. Or maybe they put a password on the zip and wrote the password on one of the CD's. Arrrghhh.
    They were sent via HMRC internal mail .... but in these days of outsourcing, that proved to be TNT. Maybe it's a dedicated delivery, maybe not.

    My view was that this stuff shouldn't have been sent over a courier service, but it shouldn't have been sent over a WAN either, let alone a internet connection.

    This is a case where the mountain shouldn't have been posted to Mohammed, but rather Mohammed should have gone to the mountain. The data should not have left the secure building it was in. If the NAO want to audit it, they go to the data.

    And the real issue is not that some pleb did this, or that he ignored procedure to do it, but that he had the physical access to the data to be able to do it.

    One academic summed it up nicely on TV tonight (Newsnight I think) by referring to the government's intention to merge all NHS patient records into one big database. He pointed out that if your GP's surgery has 10,000 patient records, control is local, access is available to maybe a dozen or two staff in the surgery and the potential for disaster is controllable and limited to that 10,000 patients anyway.

    But if you codify 60,000,000 patient's records and give access to 300,000 NHS employees, security becomes practically impossible. There's a certain advantage to hospital and doctors records being available nationally if you're taken ill away from home, but the potential for calamitous cockup expands hugely, let alone the scope for large-scale abuse. Personally, I do NOT want my medical data accessible to anyone outside my GP's surgery, and I'll risk the consequences of being taken ill elsewhere.

    But this is typical of our current governments mania for the "one big system" solution, and for aggregating as much data about us all in one place as they possibly can. In a recent hospital visit, I was asked by the hospital if they could computerise the records (on this new national system). I refused, and they kept all records manually on paper instead, with a note that computerisation had been explicitly refused. The first step in preventing that data getting into the wrong hands is to restrict who has physical access to it, and if it's not on the computer in the first place, an unauthorised person at the other end of the country can't copy it onto a disc and lose it in the post.

  2. #34
    Mostly Me Lucio's Avatar
    Join Date
    Mar 2007
    Location
    Tring
    Posts
    5,163
    Thanks
    443
    Thanked
    445 times in 348 posts
    • Lucio's system
      • Motherboard:
      • Gigabyte GA-970A-UD3P
      • CPU:
      • AMD FX-6350 with Cooler Master Seldon 240
      • Memory:
      • 2x4GB Corsair DDR3 Vengeance
      • Storage:
      • 128GB Toshiba, 2.5" SSD, 1TB WD Blue WD10EZEX, 500GB Seagate Baracuda 7200.11
      • Graphics card(s):
      • Sapphire R9 270X 4GB
      • PSU:
      • 600W Silverstone Strider SST-ST60F
      • Case:
      • Cooler Master HAF XB
      • Operating System:
      • Windows 8.1 64Bit
      • Monitor(s):
      • Samsung 2032BW, 1680 x 1050
      • Internet:
      • 16Mb Plusnet

    Re: Government loses 15m people's personal data

    Perhaps they need to bring back some older technologies in database storage. Yes, data is held centrally BUT to gain access to the data, you have to phone down to the database room and have a guy, after a couple of security checks, physically go over and get the disc out of storage with the correct information to put into the machine.

  3. #35
    Seething Cauldron of Hatred TheAnimus's Avatar
    Join Date
    Aug 2005
    Posts
    17,168
    Thanks
    803
    Thanked
    2,152 times in 1,408 posts

    Re: Government loses 15m people's personal data

    Quote Originally Posted by Saracen View Post
    And it isn't even looking like a single system failure, but one of a catalogue of issues, of both systems and policy. Who decided to merge Customs and Inland Revenue, and at the same time, implement staffing cuts amounting to about 25%, including a lot of management. Small wonder junior officials are doing this sort of thing, if large numbers of their bosses have gone.
    Nail... Head.

    On the whole space required front. A quick look at one of my dirty great partitioned tables, shows 96,302,667 rows at 4,776MB. Un-Compressed, with some rather big indexes at ~7,500MB.

    I'd guess that the data wasn't even compressed, the only password protection would be on the actual database file itself, which is hardly designed to obfuscate the data.
    throw new ArgumentException (String, String, Exception)

  4. #36
    ɯʎɔɐɹsɐʌʍ mycarsavw's Avatar
    Join Date
    Feb 2007
    Posts
    4,945
    Thanks
    1,097
    Thanked
    652 times in 481 posts
    • mycarsavw's system
      • Motherboard:
      • P8H77-M Pro
      • CPU:
      • i5 3350P
      • Memory:
      • 16Gb
      • Storage:
      • Lots
      • Graphics card(s):
      • R9 285
      • PSU:
      • HX 620w
      • Case:
      • FD Define Mini
      • Operating System:
      • W10
      • Monitor(s):
      • BenQ G2420HDBL + GL2450HT
      • Internet:
      • Sky

    Re: Government loses 15m people's personal data

    For those worried about the data, there's a helpline. No idea what they're going to tell you, but I'll find out soon.

    0845 302 1444

    What has just hit me is, children's names and details are on there too.
    |Kata: "Read title as 'fisting'. Not sure why I clicked. Relieved, really."|
    |TAKTAK: "It was so small that mine wouldn't fit into it"|

  5. #37
    Seething Cauldron of Hatred TheAnimus's Avatar
    Join Date
    Aug 2005
    Posts
    17,168
    Thanks
    803
    Thanked
    2,152 times in 1,408 posts

    Re: Government loses 15m people's personal data

    Quote Originally Posted by mycarsavw View Post
    What has just hit me is, children's names and details are on there too.
    throw new ArgumentException (String, String, Exception)

  6. #38
    Senior Member usxhe190's Avatar
    Join Date
    Sep 2007
    Posts
    1,688
    Thanks
    149
    Thanked
    82 times in 63 posts

    Re: Government loses 15m people's personal data

    lol at the above

  7. #39
    Senior Member joshwa's Avatar
    Join Date
    Jul 2003
    Location
    Sheffield, UK
    Posts
    4,856
    Thanks
    132
    Thanked
    67 times in 62 posts
    • joshwa's system
      • Motherboard:
      • PC Chips M577 AT/ATX
      • CPU:
      • AMD K6-2 500Mhz
      • Memory:
      • 128mb PC100 SDRAM
      • Storage:
      • 8GB Fujitsu
      • Graphics card(s):
      • 3dfx Voodoo 3 3000 AGP (16mb)
      • PSU:
      • ATX 500watt
      • Case:
      • Midi Tower AT
      • Operating System:
      • Windows 98 SE
      • Monitor(s):
      • 22" TFT Widescreen

    Re: Government loses 15m people's personal data

    So is the only safe way to avoid any future problems to change your bank account?

  8. #40
    Senior Member
    Join Date
    Jun 2007
    Posts
    322
    Thanks
    43
    Thanked
    3 times in 3 posts

    Re: Government loses 15m people's personal data

    i will never trust anyone that has access millions of people financial data!!

  9. #41
    ɯʎɔɐɹsɐʌʍ mycarsavw's Avatar
    Join Date
    Feb 2007
    Posts
    4,945
    Thanks
    1,097
    Thanked
    652 times in 481 posts
    • mycarsavw's system
      • Motherboard:
      • P8H77-M Pro
      • CPU:
      • i5 3350P
      • Memory:
      • 16Gb
      • Storage:
      • Lots
      • Graphics card(s):
      • R9 285
      • PSU:
      • HX 620w
      • Case:
      • FD Define Mini
      • Operating System:
      • W10
      • Monitor(s):
      • BenQ G2420HDBL + GL2450HT
      • Internet:
      • Sky

    Re: Government loses 15m people's personal data

    Quote Originally Posted by joshwa View Post
    So is the only safe way to avoid any future problems to change your bank account?
    BBC NEWS | Politics | Q&A: Child benefit records lost

    What are people advised to do?

    * Mr Darling said people should check their bank accounts for any "irregular activity"
    * He said there was no need for people to close accounts as the details would not be sufficient to allow fraudsters to access them
    * But people should not give out personal or account details "requested unexpectedly" by phone or by email
    * Banking industry body Apacs advised people who bank online to monitor accounts and change passwords if they are a child's name or date of birth
    * Contact your bank immediately, but only if you spot something suspicious as banks are expecting to be overwhelmed with calls
    Banks also warn customers to be on the lookout for signs of ID theft and fraud - such as regular post like bank statements going missing, bills for items you have not bought, or letters approving or denying you credit you know nothing about
    |Kata: "Read title as 'fisting'. Not sure why I clicked. Relieved, really."|
    |TAKTAK: "It was so small that mine wouldn't fit into it"|

  10. #42
    Senior Member usxhe190's Avatar
    Join Date
    Sep 2007
    Posts
    1,688
    Thanks
    149
    Thanked
    82 times in 63 posts

    Re: Government loses 15m people's personal data

    * But people should not give out personal or account details "requested unexpectedly" by phone or by email
    Lol - yes people shouldn't because the government will do it for you...!

  11. #43
    Huge Member Brucelles's Avatar
    Join Date
    Mar 2007
    Location
    Carcassonne
    Posts
    1,756
    Thanks
    56
    Thanked
    203 times in 101 posts
    • Brucelles's system
      • Motherboard:
      • Gigabyte GA-F2A78M-D3H
      • CPU:
      • AMD A8-6600K APU
      • Memory:
      • 16Gb DDR4 800
      • Storage:
      • 1Tb Samsung, 320 Gb no name I can recall, 500Gb Sandisk SDD
      • Graphics card(s):
      • PNY - XLR8 GeForce 8800GTS
      • PSU:
      • 550W Corsair
      • Case:
      • Zalman
      • Operating System:
      • Windows 10 Pro
      • Monitor(s):
      • Samsung S27C590H
      • Internet:
      • Orange Livebox Wireless ADSL - Sucks something rotten, and SFR Neuf box. Sucks less.

    Re: Government loses 15m people's personal data

    I wonder how much I can sell this disk for?

    (Thanks Evilmunky)
    Eagles may soar, but weasels never get sucked into jet intakes.

  12. #44
    Seething Cauldron of Hatred TheAnimus's Avatar
    Join Date
    Aug 2005
    Posts
    17,168
    Thanks
    803
    Thanked
    2,152 times in 1,408 posts

    Re: Government loses 15m people's personal data

    find it on eBay!
    throw new ArgumentException (String, String, Exception)

  13. #45
    mush-mushroom b0redom's Avatar
    Join Date
    Oct 2005
    Location
    Middlesex
    Posts
    3,510
    Thanks
    201
    Thanked
    388 times in 294 posts
    • b0redom's system
      • Motherboard:
      • Some iMac thingy
      • CPU:
      • 3.4Ghz Quad Core i7
      • Memory:
      • 24GB
      • Storage:
      • 3TB Fusion Drive
      • Graphics card(s):
      • nViidia GTX 680MX
      • PSU:
      • Some iMac thingy
      • Case:
      • Late 2012 pointlessly thin iMac enclosure
      • Operating System:
      • OSX 10.8 / Win 7 Pro
      • Monitor(s):
      • Dell 2713H
      • Internet:
      • Be+

    Re: Government loses 15m people's personal data

    I don't see, given the numbers they're spending on IT, why they don't just implement a UK wide private fibre network. Everyone would need some secure way of logging on (maybe smartcards), access could be controlled centrally - something like LDAP.

    That way, data would never leave the control of the dept who need it, and there would be no possibilty of it getting lost as you could simply remove all the optical disk writers.

    Sure it'd cost a bit, but over the lifecycle of the network, I'm sure it'd easily pay for itself as the govt wouldn't need to pay ISP fees etc.

  14. #46
    Banhammer in peace PeterB kalniel's Avatar
    Join Date
    Aug 2005
    Posts
    31,038
    Thanks
    1,878
    Thanked
    3,379 times in 2,716 posts
    • kalniel's system
      • Motherboard:
      • Gigabyte Z390 Aorus Ultra
      • CPU:
      • Intel i9 9900k
      • Memory:
      • 32GB DDR4 3200 CL16
      • Storage:
      • 1TB Samsung 970Evo+ NVMe
      • Graphics card(s):
      • nVidia GTX 1060 6GB
      • PSU:
      • Seasonic 600W
      • Case:
      • Cooler Master HAF 912
      • Operating System:
      • Win 10 Pro x64
      • Monitor(s):
      • Dell S2721DGF
      • Internet:
      • rubbish

    Re: Government loses 15m people's personal data

    Something like that already exists I think.

  15. #47
    HEXUS.social member finlay666's Avatar
    Join Date
    Aug 2006
    Location
    Newcastle
    Posts
    8,546
    Thanks
    297
    Thanked
    894 times in 535 posts
    • finlay666's system
      • CPU:
      • 3570k
      • Memory:
      • 16gb
      • Graphics card(s):
      • 6950 2gb
      • Case:
      • Fractal R3
      • Operating System:
      • Windows 8
      • Monitor(s):
      • U2713HM and V222H
      • Internet:
      • cable
    H3XU5 Social FAQ
    Quote Originally Posted by tiggerai View Post
    I do like a bit of hot crumpet

  16. Received thanks from:

    chicken (21-11-2007)

  17. #48
    Admin (Ret'd)
    Join Date
    Jul 2003
    Posts
    18,481
    Thanks
    1,016
    Thanked
    3,208 times in 2,281 posts

    Re: Government loses 15m people's personal data

    Quote Originally Posted by joshwa View Post
    So is the only safe way to avoid any future problems to change your bank account?
    I suppose it depends on the degree of risk you want to run. So far, there's no evidence (according to repeated claims) that these discs have fallen into the wrong hands. They're probably sitting in someone's in-tray in the wrong department, and when that person gets back from holiday, they'll come to light. Or they've got caught in the bottom of a mail sack and will be found in a TNT depot somewhere.

    But meantime, it's about far more than just your bank account. If you were trying to get into ID theft, a huge database of names and addresses, kids names, NI numbers and so on would be a VERY good start. We don't know what, if any, other data may have been on these discs.

    But I have a couple more questions. In what form was this data stored? I don't mean the medium or the encryption. I mean, is it data designed to be read by a specific application which understands the data format, or is it some form of clear-text list, CSV or such?

    If it's a database dump, it'll take rather more effort to understand the data structure in order to be able to reconstitute it into usable data. If you can just import it into Excel as a ruddy great list, then it'll be far easier.

    Alastair Darling kept going on yesterday about how there was no evidence of misuse or that it had fallen into the wrongs hands. Gordon Brown today at PMQ's kept making that same point. But would there yet be that evidence?

    Which brings me back to your question, joshwa. It isn't just about bank accounts, but about a vast quantity of fundamental data which might not constitute sufficient for id theft on it's own, but it sure as hell is a good start. Is it not conceivable that some criminal somewhere would choose to bundle this up, say a million records at a time, and flog it off to 25 different groups or individuals that would then use it as the foundation for an ID theft bonanza?

    But if it were just about bank accounts, then yes, the ONLY way to be sure to avoid future bank problems (arising directly from this incident) is to change bank accounts. Even if they recover the discs, they've been ought of control for several weeks now. How long does it take to copy two discs? 10 minutes? So could you be sure the data wasn't still out there even if the discs are recovered. If I had the discs and had nefarious motives, that's exactly what I'd do - copy them and then allow the originals to be recovered, then sit and wait until the immediate hubbub had died down. Then, stealthily and quietly .......

    Fortunately (he says with a smug grin) I don't have kids of an age where I'm on this database, and so I'm confident I'm not on this list. If I were, I'd have been at my bank by now, changing the account for a new one. This would not be because I thought it was likely to be a problem, but because if I change it, I can be sure that at least the compromised bank details can't be a problem. A small risk becomes zero risk (from this incident), which is better than a small but existing risk and concern, and my peace of mind factor goes back up to where it was before.

    So personally, despite Darling and Brown's reassurances, I'd be changing my bank account.

    Oh, and Darling kept assuring people that individuals wouldn't suffer if fraud results. Cobblers. Individual bank account holders might not suffer as a result, but as Labour spokespeople have kept saying, the banking code would protect account holders ...... so the banks suffer. But banks aren't just alien edifices - they have employees and shareholders. And for anyone reading this thinking that the fat cat bank shareholders can afford the loss, and it doesn't affect you, think again. It probably does. Who are all those bank shareholders? By an large, investment groups, pension funds and insurance companies. If it doesn't threaten to impact directly on people via bank shares and dividends, it threatens to impact indirectly on your pension fund, life assurance and so on.

    And when the government are asked if they'll underwrite the banks losses if fraud occurs, they hedge. One Labour minister said, more or less, "that's a conversation we'll have to have with the bank". I'll bet it is. For a start, how can you ever determine if a given fraud results as a result of this cockup, or just on someone who happens to be on the list?

    So, if fraud occurs, either the banks absorb the costs and it will impact on pensions, etc. Or the government underwrite the loss. after all, it was a government department that allowed it to happen. But wait, if the government underwrite the losses, it'll be taxpayers paying for it.

    No wonder Ministers don't want to answer the question about who pays, and whether the government will compensate banks if they lose. Whatever they say, it'll be public that end up footing the bill for government mistake (in the single event) and incompetence (in having such poor access controls that it could happen) in the wider picture and longer term.

Page 3 of 10 FirstFirst 123456 ... LastLast

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. Privacy concern - Scan orders being reported to 3rd parties.
    By Paranoid2000 in forum SCAN.care@HEXUS
    Replies: 35
    Last Post: 09-06-2006, 07:35 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •