|
|
|
20 Nov 2007
Comments:3
HM Revenue and Customs (HMRC) has been slammed by security experts after being responsible for what has been described as ‘one of the world’s biggest ID protection failures’.
As a result of the government faux pas, which involved the loss of computer discs in the post, thought to contain the confidential details of 15 million child benefit recipients along with over seven million people's bank details, HMRC chairman Paul Gray has resigned.
Earlier today the Chancellor of the Exchequer, Alistair Darling was forced to issue a statement which admitted an investigation is still in progress, after attempts to locate the missing CD’s failed. Darling added that an independent review of HMRC’s security procedures is taking place, with the full results being published in Spring 2008.
However Tom de Jongh, product manager at SafeBoot, said: “Basic policies were ignored. It appears that the fundamental policies upon which the National Audit Office and HMRC operate are flawed and it is no wonder that this breach has occurred. The Chancellor freely admits that NAO and HMRC broke clear procedures, but that will not reassure the millions of families that are praying their financial details don’t get into the wrong hands.”
Brian Spector, general manager for content protection group at Workshare, said: “It is staggering that an organisation responsible for the data of over 25 million child benefit claimants is still copying data onto CDs and not ensuring its full protection through encryption techniques. It has never been acceptable for businesses or government departments to lose data, but in today’s information society, the flagrant disregard for the protection and security of this type of data is not acceptable.
“The money invested in IT by the UK government must now be prioritised on security to ensure that the data of those the government serve – the public - is secure and protected.”
Jamie Cowper, director of European marketing at PGP Corporation, said: “Thes e discs should never have been transported in the first place – information of this type should only be transmitted using the strongest security protocols available such as encrypted batch transfer – but more to the point, these details should not have been stored in this medium.
Discs are easy to lose, but difficult to protect. This type of information should only be stored on formats where the data can be encrypted transparently, so that it remains protected wherever it resides, and whether at rest or in motion."
Further Reading:
Tax man loses 25m people’s records
http://www.channelweb.co.uk/computing/news/2203890/25m-records-lost-tax-man
Related articles
In this video find out about the fast-growing Chinese vendor's plans for market domination and how the channel is its route of choice
Find out what gifts Acer has in store for partners for 2012 in this exclusive roundup of its recent conference
CRN's premier networking event is back on 17 May at the Ricoh Arena
Date: Thu 17 May 2012
Channel fighters preparing to square up once more on 24 May
Date: Thu 24 May 2012
The proliferation of endpoint devices within the enterprise has highlighted the shortcomings of one of the traditional approaches to data security
This Forrester report compares the costs and benefits of legacy email and productivity software with Google Apps
Dave discovers the unexpected demographical anomalies of online shopping
Mark Needham, founder of distributor Widget, argues that John Browett leaves for Apple with Dixons in better shape than when he arrived
|
|
|
Do you agree?
security breach
I think Alistair Darling should resign.
Posted by j turner | 22 Nov 2007
IT Problem or People Problem?
Let's be realistic about this. Is this an IT security challenge or a people based challege? A knee-jerk reaction immediately suggests that we need to improve IT security; but what about the people who use the IT? People are the problem..the contents of a CD were placed there by an individual. The posting of the CD [internal or not] was done by an individual. What policies, procedures or process were in place and did someone by-pass these mechanisms? Education and or training in information security is perhaps a better solution to some of the technical challeges. IT security needs to be in place but surely it is only part of the solution not the whole solution?
Posted by NRL | 20 Nov 2007
Information Loss
We spend time keeping our details secret. We shred anything which can be used to commit identity Fraud and then what happens, HMRC screws up and our details could be with the very poeple we have been trying to keep this information from. So now what are we supposed to do - is there any way we can find out if our details are on the missing discs and if so, what can we do.
Posted by Mark Stockton | 20 Nov 2007
Have your say