U.K. rocked by loss of 25m records
- By Joab Jackson
- Nov 21, 2007
U.S. agency officials stung by data loss can take some solace in the fact that the United States isn't the only country struggling with data security issues. A U.K. finance head admitted last week that Her Majesty's Revenue and Customs department (HMRC) lost 25 million records with personal information.
HRMC Chairman Paul Gray has resigned because of this operational failing.
The information, an entire database of child service benefit recipients, was encoded on a set of optical disks, according to a statement
to the House of Commons from Chancellor of the Exchequer Alistair Darling.
As part of a routine procedure, the treasury office sent the password-protected disks by courier to another agency, the National Audit Office. They never arrived at their destination.
Although the package was dispatched on Oct. 18, the NAO didn't report that it didn't arrive until Nov. 8. HMRC then began a search. The missing disks have not surfaced.
The disks had the names, addresses, dates of birth, government and banking identification numbers for 25 million individuals, from 7.25 million families.
"I regard this as an extremely serious failure by HMRC in [its] responsibility to the public," Darling said. "I recognize that millions of people across the country will be concerned about what has happened. I deeply regret this and apologize for the anxiety that will undoubtedly be caused."
Darling noted that the police have not found any evidence that the information has been put to malicious use. The agencies contacted the affected people and their financial institutions. Their accounts will be monitored for suspicious activity, and the U.K. banking code will ensure that affected citizens will not suffer any monetary loss from forged transactions, Darling said.
'This announcement is breathtaking because of the scale of the loss," noted Graham Titterington, an analyst for London consulting firm Ovum, in a statement. "If the data has fallen into the hands of identity thieves, which is unlikely, the entire national identity ecosystem is undermined for two generations. The U.K. government, and the nation, is reduced to hoping that these two CDs are languishing in a trash can somewhere.'
Titterington also noted that this event argues against concentrating too much personal data in a single system.
"So long as it is physically possible for junior officials to download complete databases there can be no confidence in the security of information contained in them," he said.
Joab Jackson is the senior technology editor for Government Computer News.