Data security, courtesy UK govt



  • It might have already been posted, but to prove that stupid people can reduce any system to tatters:

    <q>Two computer discs holding the personal details of all families in the UK with a child under 16 have gone missing.
    The Child Benefit data on them includes name, address, date of birth, National Insurance number and, where relevant, bank details of 25 million people.</q>



  • Well, thank goodness there wasn't any sensitive data on those disks.  Congrats to the government for averting a tragedy.



  • What's also great about this incident is that what was just a lost package, most likely fallen behind someone's desk, has now become a "find the treasure" campaign, so any corrupt (but blissfully unaware) employee at the company now knows there's an envelope with potentially millions of dollars worth of information in it.  Yes, disclosing the information is usually a good thing, but for things like this I would rather the gov't keep it under wraps.



  • The annoying thing is the govt DID try to keep it under wraps, the CDs (or were they DVDs?  We don't know) went missing on 18 October.  This story broke 20 Nov.

    Other things that bother me:

    1. They say the disks (whatever format) were password protected.  WHAT?!  Is it a MS Access database, zip file, Excel spreadsheet or what?  No mention of encryption either in any of the stories I've read.

    2. Yeah everybody else has said it but they say it was a junior civil servant who burned all this stuff to CD/DVD.  So more or less anybody in HMRC has got access to the entire database?

    3. The disks were being sent to the National Audit Office.  Why did they need the entire database?!  If there was a specific problem the NAO were investigating surely they could have specified which records they wanted to look at?

    4. And these goons want to introduce a national ID card scheme, to quote Scott Adams (via Dogbert) I wouldn't trust these goobers with anything more dangerous than string.

    5. Civil servants suck civil servants suck civil servants suck....ok you get the picture.

    I'm changing my bank account tomorrow!



  • @upsidedowncreature said:

    1. They say the disks (whatever format) were password protected.  WHAT?!  Is it a MS Access database, zip file, Excel spreadsheet or what?  No mention of encryption either in any of the stories I've read.


    Well, I hear a new story about this every five minutes or so, and on one BBC news story, the info on the disks was "unencrypted".



  • @Mal1024 said:

    @upsidedowncreature said:
    1. They say the disks (whatever format) were password protected. WHAT?! Is it a MS Access database, zip file, Excel spreadsheet or what? No mention of encryption either in any of the stories I've read.


    Well, I hear a new story about this every five minutes or so, and on one BBC news story, the info on the disks was "unencrypted".
    Well judging by Brown's answers today in PMQ's, they were unencrypted, and accessed by someone who shouldn't have had access.

    TRWTF[tm] is that this isn't the first time HMRC have managed to lose (unencrypted) data, again mentioned in PMQ's, this time by Cameron.

    And this made me chuckle: Experian(UK) have jumped onto the bandwagon. A Google search for 'HMRC' produces a sponsored link titled "ID Fraud Concerns?"
     



  • @skippy said:

    Yes, disclosing the information is usually a good thing, but for things like this I would rather the gov't keep it under wraps.

    As someone whose information (and that of my ex and my 8 year old daughter) is most likely amongst that that was lost, I'd very much rather they didn't keep it quiet.

    Now that we know, yes there's going to be a treasure hunt for it, if someone doesn't already have it. But if someone does have it and uses it to commit fraud, at least we know, and the banks are prepared for the possibility. That should make it that bit easier to convince them that activity on your account that you don't recognise is fraudulent.

    For what it's worth, I use my bank's telephone banking service to transfer money to another account occasionally (the internet banking service takes 4 working days while the phone service is instantaneous; go figure...). The last few times I've done this, as well as the usual security questions I've been put on hold for a few moments while they "perform routine security checks" on my account. I wonder if that new extra step is because of this...
     



  • @PJH said:

    TRWTF[tm] is that this isn't the first time HMRC have managed to lose (unencrypted) data, again mentioned in PMQ's, this time by Cameron.

    No, TRWTF is that within a fortnight this will have been forgotten.


Log in to reply
 

Looks like your connection to What the Daily WTF? was lost, please wait while we try to reconnect.