HMRC Data Breach Affects 25 Million
Who Breached: HM Revenue & Customs (HMRC), UK
Number Affected: 25 million
Information breached: Bank details, National Insurance Numbers
The HM Revenue & Customs (HMRC) department in the UK has breached the personal details of 25 million people.
Following 2 breaches affecting thousands of people earlier in the autumn (from a laptop theft and a lost CD), this latest data breach affects a record 25 million child benefit claimants in the UK. The breach is tied to the loss of two CDs in the mail.
The disc contained the names, National Insurance Numbers, bank details, full addresses, child benefit numbers and date of birth for 25 million individuals.
“The lost bank account numbers, names and addresses represents a gold mine for thieves and is much more valuable than credit card numbers or taxpayer ID numbers,” said Avivah Litan, vice president at Gartner Research.
Ironically, the previous breach associated with the laptop was applauded by the media. Given that the data on the laptop was protected, notification was not required. HMRC was commended for their responsibility towards data security.
However, in this incident, responsibility is not something that HMRC will be applauded for. According to the opposition party, senior officials were aware about the decision to put the personal information of millions onto computer discs.
Citing an internal e-mail, members of the Conservative party said blame for the scandal went higher than just the junior civil servant so far blamed by the government for violating security rules.
The National Audit Office (NAO) released a series of emails with the HMRC. The NAO, the intended recipient of the data, requested that personal information such as bank accounts be removed from the data request, as not needed. However, the HMRC did not want to incur the costs of filtering the data. The discs were sent by internal mail, and were not protected.
Ironically, this mistake could cost many millions of dollars more than filtering the data, or protecting it, would have. The cost of closing 15 million bank accounts would be enormous. The scope of this data breach is prompting the UK to look closely at security procedures and consider new regulations.
The emails implicate senior officials in knowingly passing on personal information despite earlier statements pinning the blame on a junior official. The head of HMRC has resigned since the breach went public. An investigation is now taking place.
You can read a timeline of events here.
Via Guardian Unlimited (2), Canada.com, vnunet (2), ZDnet Tags: hmrc, data breach, data loss, uk data breach, nao, identity theft, business security, it security, government security
One Comment on “HMRC Data Breach Affects 25 Million”
January 24th, 2008 at 6:41 am
[...] Argh, I hate this kind of thing .. give us £5.99 and we’ll send you some PDFs to allow you to claim compensation from the govt. for identity fraud arising from the loss of confidential data, if you read around a little bit I doubt they’ll be paying much out unless something serious really does happen but the ambulance chasers with the website will have made a few quid. And even then if they did get forced to pay some kind of compensation - don’t you people get it? if you sue the Govt. where do you think the money comes from? that’s right - your own pocket, we fund the govt. they don’t really “earn” money; they are not Comet, or Sofa Warehouse, we are the share-holders - you might as well take an extra £10 out of your monthly salary and put it in the bank as compensation; as if the govt. have to pay the entire nation compensation they’ll pay for it one way or another via via your tax money, or by shutting down a hospital etc; it’s like fining police forces and the NHS for not performing.. by doing so you reduce their capacity to pay for improving things and give them a further excuse to grumble about how they don’t get enough funds. [...]