Feeds

Government cock-up over online PIN numbers

Code for access to tax returns sent to wrong address

  • alert
  • submit to reddit

SANS - Survey on application security programs

The Government may have sent out hundreds of activation PIN numbers for its online gateway to the wrong addresses.

Reg reader Ed Hoppitt was very surprised when he received a letter from UK Online at his single detached house in Suffolk addressed to a Mr GJ Worthington and containing an activation number for the government gateway at www.gateway.gov.uk.

The Government Gateway is the entry point for citizens to all online government services, including the Inland Revenue. Services available once logged in include access to tax and VAT returns, enrolment to government schemes and the ability to send official forms to government agencies.

The letter informs Mr Worthington: "You must keep your User ID safe and not share it with anyone." Mr Hoppitt told us that he hasn't registered with UK Online and knows of no one called GJ Worthington.

When he called an enclosed helpline number, the operator asked him to open the shaded paper which protects the PIN and read it to her. She then confirmed that the computer system had Mr Worthington down as living at Mr Hoppitt's address.

A government spokeswoman refused to speculate on whether more PINs may have gone to the wrong addresses. "We are looking into the matter as we speak," she told us. It was the first UK Online had heard of a PIN going to the wrong address.

However, the government remains unconcerned over any security breach. "We are confident that security has not been compromised," we were told. "You still need a password - which wasn't in the letter - to get into the system."

The PIN number itself will expire in 14 days and presumably some time after that Mr Worthington will get in touch with UK Online to ask where the hell his letter is. ®

3 Big data security analytics techniques

More from The Register

next story
Dropbox defends fantastically badly timed Condoleezza Rice appointment
'Nothing is going to change with Dr. Rice's appointment,' file sharer promises
Audio fans, prepare yourself for the Second Coming ... of Blu-ray
High Fidelity Pure Audio – is this what your ears have been waiting for?
Did a date calculation bug just cost hard-up Co-op Bank £110m?
And just when Brit banking org needs £400m to stay afloat
MtGox chief Karpelès refuses to come to US for g-men's grilling
Bitcoin baron says he needs another lawyer for FinCEN chat
Zucker punched: Google gobbles Facebook-wooed Titan Aerospace
Up, up and away in my beautiful balloon flying broadband-bot
Apple DOMINATES the Valley, rakes in more profit than Google, HP, Intel, Cisco COMBINED
Cook & Co. also pay more taxes than those four worthies PLUS eBay and Oracle
It may be ILLEGAL to run Heartbleed health checks – IT lawyer
Do the right thing, earn up to 10 years in clink
prev story

Whitepapers

Securing web applications made simple and scalable
In this whitepaper learn how automated security testing can provide a simple and scalable way to protect your web applications.
3 Big data security analytics techniques
Applying these Big Data security analytics techniques can help you make your business safer by detecting attacks early, before significant damage is done.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Top three mobile application threats
Learn about three of the top mobile application security threats facing businesses today and recommendations on how to mitigate the risk.
Combat fraud and increase customer satisfaction
Based on their experience using HP ArcSight Enterprise Security Manager for IT security operations, Finansbank moved to HP ArcSight ESM for fraud management.