U.K. rocked by loss of 25m records

U.S. agency officials stung by data loss can take some solace in the fact that the United States isn't the only country struggling with data security issues. A U.K. finance head admitted last week that Her Majesty's Revenue and Customs department (HMRC) lost 25 million records with personal information.

HRMC Chairman Paul Gray has resigned because of this operational failing.

The information, an entire database of child service benefit recipients, was encoded on a set of optical disks, according to a statement to the House of Commons from Chancellor of the Exchequer Alistair Darling.

As part of a routine procedure, the treasury office sent the password-protected disks by courier to another agency, the National Audit Office. They never arrived at their destination.

Although the package was dispatched on Oct. 18, the NAO didn't report that it didn't arrive until Nov. 8. HMRC then began a search. The missing disks have not surfaced.

The disks had the names, addresses, dates of birth, government and banking identification numbers for 25 million individuals, from 7.25 million families.

"I regard this as an extremely serious failure by HMRC in [its] responsibility to the public," Darling said. "I recognize that millions of people across the country will be concerned about what has happened. I deeply regret this and apologize for the anxiety that will undoubtedly be caused."

Darling noted that the police have not found any evidence that the information has been put to malicious use. The agencies contacted the affected people and their financial institutions. Their accounts will be monitored for suspicious activity, and the U.K. banking code will ensure that affected citizens will not suffer any monetary loss from forged transactions, Darling said.

'This announcement is breathtaking because of the scale of the loss," noted Graham Titterington, an analyst for London consulting firm Ovum, in a statement. "If the data has fallen into the hands of identity thieves, which is unlikely, the entire national identity ecosystem is undermined for two generations. The U.K. government, and the nation, is reduced to hoping that these two CDs are languishing in a trash can somewhere.'

Titterington also noted that this event argues against concentrating too much personal data in a single system.

"So long as it is physically possible for junior officials to download complete databases there can be no confidence in the security of information contained in them," he said.

About the Author

Joab Jackson is the senior technology editor for Government Computer News.

inside gcn

  • Global Precipitation Measurement of Florence

    USDA geotargets the press

Reader Comments

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above

More from 1105 Public Sector Media Group