Monday, December 03, 2007
More missing data
As the Western Mail reports this morning that yet more government data has gone missing, the Times gives us an insight into the dangers we face if this information gets into the wrong hands.
The Department for Work and Pensions has launched an urgent investigation into how discs containing the unencrypted details of thousands of benefit claimants were missing for a year. Two discs were apparently found at the home of a former contractor to the DWP who had forgotten to return them. The Western Mail tells us that these discs contain data on what kind of benefits the individuals receive, and could be accessed by any standard computer. They are not protected by a password.
Meanwhile the Times has decided to find out for itself what dangers await people if the HMRC discs containing details on 25 million people fall into the wrong hands. Their findings should be enough to persuade the Government and the police to redouble their efforts to find this missing data:
Without paying a single penny, The Times downloaded banking information belonging to 32 people, including a High Court deputy judge and a managing director. The private account numbers, PINs and security codes were offered as tasters by illegal hacking sites in the hope that purchases would follow.
Richard Thomas, the Information Commissioner, will begin an investigation into the security breach today and Scotland Yard is also investigating. Experts said that the findings suggested that more personal data than ever before was going astray. The Times found: More than 100 websites trafficking British bank details A fraudster offering to sell 30,000 British credit card numbers for less than £1 each A British “e-passport” for sale, although the Government insists that they are unhackable.
It is difficult to know how to counter this sort of data market, especially as so many of these sites are based outside of British jurisdiction. The Data Protection Registrar believes that he needs additional powers to prevent breaches of data protection. He says that reckless failure to protect information should result in prosecution and that his staff should have powers to raid government and business premises.
Senior police officers are concerned that current methods of dealing with large-scale data protection breaches are unworkable. Detective Chief Inspector Charlie McMurdie, of the Metropolitan Police e-crime unit, said: “At the moment people report internet crimes to a local police station but no one locally has the resources to investigate properly.”
In my view there needs to be a systematic and detailed investigation into this issue, which will make recommendations for government as to how they can minimise the risk of identity theft and fraud to tens of thousands of British citizens. If the Commons Justice Committee has already started such a wide-ranging investigation then so be it, but they need to work quickly and the Government's response to their report must be swift and decisive.
The Department for Work and Pensions has launched an urgent investigation into how discs containing the unencrypted details of thousands of benefit claimants were missing for a year. Two discs were apparently found at the home of a former contractor to the DWP who had forgotten to return them. The Western Mail tells us that these discs contain data on what kind of benefits the individuals receive, and could be accessed by any standard computer. They are not protected by a password.
Meanwhile the Times has decided to find out for itself what dangers await people if the HMRC discs containing details on 25 million people fall into the wrong hands. Their findings should be enough to persuade the Government and the police to redouble their efforts to find this missing data:
Without paying a single penny, The Times downloaded banking information belonging to 32 people, including a High Court deputy judge and a managing director. The private account numbers, PINs and security codes were offered as tasters by illegal hacking sites in the hope that purchases would follow.
Richard Thomas, the Information Commissioner, will begin an investigation into the security breach today and Scotland Yard is also investigating. Experts said that the findings suggested that more personal data than ever before was going astray. The Times found: More than 100 websites trafficking British bank details A fraudster offering to sell 30,000 British credit card numbers for less than £1 each A British “e-passport” for sale, although the Government insists that they are unhackable.
It is difficult to know how to counter this sort of data market, especially as so many of these sites are based outside of British jurisdiction. The Data Protection Registrar believes that he needs additional powers to prevent breaches of data protection. He says that reckless failure to protect information should result in prosecution and that his staff should have powers to raid government and business premises.
Senior police officers are concerned that current methods of dealing with large-scale data protection breaches are unworkable. Detective Chief Inspector Charlie McMurdie, of the Metropolitan Police e-crime unit, said: “At the moment people report internet crimes to a local police station but no one locally has the resources to investigate properly.”
In my view there needs to be a systematic and detailed investigation into this issue, which will make recommendations for government as to how they can minimise the risk of identity theft and fraud to tens of thousands of British citizens. If the Commons Justice Committee has already started such a wide-ranging investigation then so be it, but they need to work quickly and the Government's response to their report must be swift and decisive.
