According to a post on the BBC News Website, mistakes by junior officials at HM Revenue and Customs have resulted in the details of 25 million child benefit recipients.
The Chancellor of the Exchequer - Alistair Darling - said information including Bank Details of Seven (7) Million families had been sent on discs to the National Audit Office by - wait for it - UNRECORDED OR UNREGISTERED DELIVERY!!!
Worse still, the discs had never arrived at their destination!
The data included parents names, children’s names, addresses, dates of birth, child benefit and national insurance numbers and in some cases bank or building society accounts. Mr Darling said that the data was not enough to access accounts but said that anyone who felt that they had been a victim of fraud would be reimbursed by their banks (allegedly - but knowing banks that’d probably take ages).
Darling said:
"Contrary to all HMRC standing procedures two password protected discs containing a full copy of HMRC’s entire data in relation to the payment of child benefit was sent to the National Audit Office by HMRC’s internal postal system operated by the courier TNT.
"The package was not recorded or registered."
"Mr Speaker, it appears that the data has failed to reach the addressee at the NAO.
"Mr Speaker I also have to tell the house that on finding that the package had not arrived at the NAO a further copy of this data was sent - this time by registered post which did arrive at the NAO However, again HMRC should never have let this happen."
You can find Alistair Darling’s enter statement (point by point) here, and incase it mysteriously disappears from the BBC’s Website (unlikely but always good to have contingencies in place - backups even ;)) , you can also find it:
Alistair Darling’s Statement (20-11-2007) - Point By Point Download / View Only
Now the thing is, we live in a "digital" age, and last time I checked, the Royal Mail, while an admirable service, is not always the most reliable or rather isn’t the most punctual postal service - sure it’s better than what I got used to in Tanzania, but it still could do with some serious improvements. But here’s the question.
The world is linked together by an invisible digital network - the Internet - in fact you’re reading my blog - because it’s on the Internet! Now, this Internet is used in government departments and many other places. It is really useful for sending large files - and there are many ways to do this - not least of which is a SSH session - in fact we have people like British Telecom (BT) advertising their "Online Backup Services", they call it the Digital Vault.
There is also this wonderful invention known as email - and indeed Secure Email. What on earth were these records doing being ferried around by a public postal service, in a format that is unencrypted. At the very least had the CDs been encrypted with some PKI based security system - that way to anyone apart from it’s intended recipients they’d be coasters.
In the last 10 years, there have been a plethora of blunders, silly and grossly over-priced projects (air traffic control systems come to mind, patient appointment systems that didn’t work as intended)
While they might have had rudimentary password protection, it’s not exactly difficult to break zip and Office file password protection (the tools can be found with a simple Google!!). As a government organisation, they really should have far better consultants and advisers, those people who can tell them how to best serve the people - after all that’s what a government is supposed to do!!
I’ll probably write more later, but I just found this out from a friend, and was compelled to blog about it.
Warm Regards,
Shabbir
0 Responses to “British Government Admits Massive Security Breach”