If you live in the UK and missed this you must have been living in a remote cave on the Isle of Arran or something.
In a nutshell, the National Audit office needed some sample data to do a random audit of shild benefit, which is a state benefit to which all parents/guardians of under-16 year old children are entitled. Although all the NAO asked for was 100 name,national insurance number, child benefit number tuples. What they got was an extract the entire child benefit database showing the info they'd asked for along with address and bank account details. Actally, the NAO didn't get this because some staffer burnt the lot onto 2 discs and popped them in internal post, whereupon they were lost. But that's ok, isn't it, bacause the files were password protected. (But not encrypted)
I'm slightly less rantingly angry thatn I was a few days ago, but still...WTF is going on? What makes HMRC think internal post is a secure transport system? Why are HMRC moving data on disks. WHY WASN'T IT ENCRYPTED? Ultimately, why does a junior staffer dealing with this sort of data have access to a CD burner , or come to think of it the access rights to be able to copy this data onto aany removable media anyway? Doesn't someone have the common sense to install THE MOST OBVIOUS AND BASIC security measures? How many social engineering attacks are there on this patently shite security infrastructure?
It's inexcusable, and most likely criminal under the UK's data protection laws. Apologies are not enough- I want arrests and jail time for whoever's responsible for opening me, my wife and my children to identity theft either now or at some future stage.
And forget all about ID cards.
The Register has a good article on the debacle.
I'm going for a coffee to cool down.
Wednesday, November 28, 2007
One of the 7.5 million
Subscribe to:
Post Comments (Atom)
4 comments:
Whoa dude. That's just jaw-droppingly crappy. Sorry, man.
Sorry ,I live on the Isle of Arran next door to the cave-dwellers-even they know about it.Try Whitehall!
I was even more annoyed with the poor english grammar they used!
@anonymous- Sorry for the gross stereotyping. Rockall would'ev been more appropriate, perhaps ;+)
Post a Comment