http://news.bbc.co.uk/1/hi/uk_politics/7103566.stm

This is ridiculous... to summarise, two computer discs holding the personal details of all families in the UK with a child under 16 have gone missing, which is 25 million individuals and 7.25 million families. They could be anywhere, and, who knows whether anyone has gotten hold of them, including criminals.

A comment from the talkback page struck me as appropriate:


Based on this and other recent losses of vast amounts of vital personal data it is clear that our institutions have still yet to understand the implications of computerisation and that our data protection laws must still be woefully inadequate for someone to act so carelessly. Surely this kind of negligence should attract a severe custodial sentence?

EDIT: I've just found out something even more startling... the government knew about this for 9 days before reporting it... 9 DAYS! Anything could happen in that time!

It's just amazing! How can any one person be so dumb as to put 25 million personal infos and bank accounts on 2 disks in the first place, even before losing them!

Is this a civil service joke or what?:confused:

It's just amazing! How can any one person be so dumb as to put 25 million personal infos and bank accounts on 2 disks in the first place

By placing them in a database, perhaps? Should they have used 25E6 disks?

Wow! I think I'm more carefull with my digital archives, and mine are hardly important! I can just imagine some idiot burning a couple of CDs, with 25 million peoples information on them, and forgetting them. Very smart!

Let's just hope no one with malicious intent has got a copy.

This story reminded me of a similar incident here in the U.S. a few months ago:
http://techdirt.com/articles/20070727/091555.shtml

There are too many people with great responsibilities on their shoulders who simply have no idea how to use a computer properly.

Watch More 4 News at 8 a friend of mine is on there about this as is another friend of mine Prof Ross Anderson- Professor of Security Engineering from Cambridge University on Newsnight at 10.30 .

Helen

Also see my web site in my signature I have blogged about this.

Im impressed... how the hell did they manage this?

Apparently by believing that sending a "password protected" CD via courier is somehow an actual security measure.

I've just found out something even more startling... the government knew about this for 9 days before reporting it... 9 DAYS! Anything could happen in that time!

Just another blunder by the party of spin

And soon they're going to put us all on the National Identity Register, trusting to luck that it'll be secure!

I've just found out something even more startling... the government knew about this for 9 days before reporting it... 9 DAYS! Anything could happen in that time

Where did you find this. I would like to blog it.

Helen

Im guessing (hoping) these CD's werent the only copy of this database in existance?

Even still, sending data like this in the normal post? Insanity.

Where did you find this. I would like to blog it.

Helen

It was actually in the comments of the Digg submission, so It doesn't have any evidence to back it up.

Here's the link to the comments:

http://www.digg.com/politics/Revenue_and_customs_chief_quits

Where did you find this. I would like to blog it.

Helen

It's also been reported by the BBC:


The data was sent on 18 October and senior management at HMRC were told it was missing on 8 November and the chancellor on 10 November.

http://news.bbc.co.uk/1/hi/uk_politics/7103566.stm

from the above link:http://news.bbc.co.uk/1/hi/uk_politics/7103566.stm
"The chancellor blamed mistakes by junior officials at HMRC, who he said had ignored security procedures when they sent information to the National Audit Office (NAO) for auditing. Mr Darling told MPs: "Two password protected discs containing a full copy of HMRC's entire data in relation to the payment of child benefit was sent to the NAO, by HMRC's internal post system operated by the courier TNT.
The package was not recorded or registered. It appears the data has failed to reach the addressee in the NAO."


maybe the 'junior officials' got the data disks confused with downloaded music disks, or something,lol

It's also been reported by the BBC:



http://news.bbc.co.uk/1/hi/uk_politics/7103566.stm


I was just about to mention this, it looks like they updated the article.

from the above link:http://news.bbc.co.uk/1/hi/uk_politics/7103566.stm
"The chancellor blamed mistakes by junior officials at HMRC, who he said had ignored security procedures when they sent information to the National Audit Office (NAO) for auditing. Mr Darling told MPs: "Two password protected discs containing a full copy of HMRC's entire data in relation to the payment of child benefit was sent to the NAO, by HMRC's internal post system operated by the courier TNT.
The package was not recorded or registered. It appears the data has failed to reach the addressee in the NAO."


maybe the 'junior officials' got the data disks confused with downloaded music disks, or something,lol

HOW can these two government agencies NOT be connected to each other via a SECURE connection so that they have no need to send cd's ? !

what the heck is wrong with them? Who did they hire for their data management/protection? a monkey?

lol password "protected". encryption is not difficult. i work for a top 25 Forbes co. and everything from thumbdrives to laptops are heavily encrypted. how an outfit like that can get away with not encyrpting PRIVATE and personal information is insane to say the least.

The 21st century and our governments idea of data transfer is sneakerware - read it and weep.

so true.

o.o This is ridiculous! I agree with nathan, a monkey must've done the job.

i was watching the news tonight and the place that asked for this information only wanted names and national insurance numbers, but it was too difficult to extract that so they sent
names
bank account details
dates of birth
home address
national insurance numbers

there might have been some other stuff too lol

it's on tonight's newsnight at the bbc site probably.

sux for the UK........

i was watching the news tonight and the place that asked for this information only wanted names and national insurance numbers, but it was too difficult to extract that so they sent
names
bank account details
dates of birth
home address
national insurance numbers

there might have been some other stuff too lol

it's on tonight's newsnight at the bbc site probably.
Seriously? So, first, they can't handle encrypted data transfers, and now we learn that their database was composed in MS Word mailing labels?

Saying that monkeys did this is a grave disservice to our primate cousins.

Seriously? So, first, they can't handle encrypted data transfers, and now we learn that their database was composed in MS Word mailing labels?

Saying that monkeys did this is a grave disservice to our primate cousins.
yes, seriously. i know someone who protects his pr0n better then that :lol:

Where did you find this. I would like to blog it.

Helen

Actually it's worse than 9 days. Go here:

http://news.bbc.co.uk/2/hi/uk_news/politics/7103566.stm

From the site above:


The data was sent on 18 October and senior management at HMRC were told it was missing on 8 November and the chancellor on 10 November.

i was watching the news tonight and the place that asked for this information only wanted names and national insurance numbers, but it was too difficult to extract that so they sent
names
bank account details
dates of birth
home address
national insurance numbers

there might have been some other stuff too lol

it's on tonight's newsnight at the bbc site probably.

Holy ****! :shock: This is all i can say!

LOL this is brilliant, think what information is digitized now, absolutely anything could go missing. And they think they can stop a full on terrorist cuberattack.

Roll on diehard4 scenario.

Interesting wee news segments showing how a "hacker" can break a password in under a minute. Both were using some kind of UNIX (one with GNOME even).

Obviously Linux is for "hackers" only.