I’m treading carefully here to avoid political comment but, for those who haven’t seen tonight’s news, a UK Government department has lost the personal details for 25 million people including names, dates of birth, national insurance/child benefit numbers and bank details. On a CD. In the post.
So, I’d like to thank HM Revenue and Customs for making such a monumental **** up with my family’s personal information. In this day and age, I find it amazing that two government departments have to transfer data between one another on CD (isn’t that why they have a Government Secure Intranet?) but to send that in the internal mail (unregistered) is amazingly inept (and, according to tonight’s BBC News, against Government guidelines). Furthermore, the news report I heard said that the passwords protecting the data could be cracked in seconds, so I’m interpreting that as a statement that the data wasn’t even encrypted.
What makes it so galling is that the information was being transferred to the National Audit Office. Surely they can be trusted to access the Revenue’s systems directly without needing a database extract on CD? And why did it take nearly 3 weeks for someone to report that the data was missing?
Fair enough, names and dates of birth are public information and bank details are not exactly top secret (my bank has told me it’s not something to be too concerned about) but it puts my own attempts to maintain data security into perspective. If the Government can’t keep my identity safe, who can?
Anybody who is concerned about the implications of this data breach should check out the HMRC and APACS information on the data loss.
Leave a Reply