Government loses 25m confidential records

Government loses 25m confidential records

Summary: In the largest-ever data breach by the government, HMRC has lost the details of every child in the country

SHARE:
TOPICS: Security
0

HM Revenue & Customs has admitted to losing the details of 25 million individuals, with 7.25 million UK families potentially affected.

In a speech to parliament on Tuesday, the chancellor of the exchequer, Alistair Darling, said that two discs containing the details of everybody in the UK who claims and receives child benefits had been lost.

Details on the discs, which were only password protected, included names, addresses, dates of birth, national insurance numbers and bank and building society account details.

"This is an extremely serious matter," said Darling. "HMRC failed to meet the high standards expected of it. I recognise that millions of people across the country will be concerned."

The discs were lost during a National Audit Office (NAO) investigation in October. A junior official in HMRC sent the unencrypted discs to the NAO, but HMRC were not informed that the discs had not arrived to be audited until 8 November. Darling himself was informed of the loss on 10 November — three weeks after the discs had failed to arrive at the NAO.

Edward Leigh, the chair of the Public Accounts Committee, later said that the information the NAO requested had specifically been national insurance numbers, and not other personal details.

HMRC had not followed procedures for data transit, said Darling. HMRC had given the discs to courier TNT, but had failed to record or register the discs. When those discs did not arrive, a further two discs with the same information were sent by registered post; those discs did arrive.

"Again, they should never have let this happen," said Darling.

When Darling was informed on 10 November, he ordered searches for the data. When nothing had been found by 14 November, Darling asked the Metropolitan Police to become involved.

Darling said that there had, as yet, been no evidence of fraudulent activity.

"So far the data has not been found," said Darling. "The police told me there was no reason to believe the discs have fallen into the wrong hands, or been used for fraudulent purposes."

Read this

10 most foolish mistakes of IT pros

End users aren't the only ones who can mess up the smooth running of a network. Here is a list of the most common mistakes IT pros make, plus some tips on how to avoid these errors...

Read more

Last week Paul Gray, chairman of HMRC, offered to resign over the matter, and did so formally on Tuesday.

This is the second major data-loss incident involving HMRC to emerge this month. On 6 November, it was revealed that the pension details of 15,000 Standard Life customers were sent to the pension provider by HMRC via an unnamed third-party courier at the end of September. The disc went missing and was not encrypted.

Topic: Security

Tom Espiner

About Tom Espiner

Tom is a technology reporter for ZDNet.com. He covers the security beat, writing about everything from hacking and cybercrime to threats and mitigation. He also focuses on open source and emerging technologies, all the while trying to cut through greenwash.

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

0 comments
Log in or register to start the discussion