back to article How HMRC gave away the UK's national identity

Early last month Her Majesty's Customs and Revenue apologised after a laptop containing data on 400 customers was stolen. At the time the Revenue was praised by the security industry for coming clean and its "refreshing level of ethical responsibility". Earlier this month that it had lost pension records for 15,000 people …

COMMENTS

This topic is closed for new posts.

Page:

  1. Anonymous Coward
    Black Helicopters

    One has to wonder...

    ...how secure the National Identity Register will be given the cavalier attitudes shown by the government lackeys in this case.

    It's easy enough to change a bank acoount, quite another to replace your fingers and eyeballs. Still think it's all a good idea? We won't ba able to stuff the genie back in the lamp when it all goes predictably titsup.

  2. John Stag
    Unhappy

    "Customers"

    I can think of a dozen ways to describe my relationship with the revenue service, but "customer" would never have occurred to me.

  3. Kier

    Incredible data ineptitude

    And the government wonders why some of us have such strong objections to their lunatic ID card scheme...

  4. hans
    Boffin

    Refund of any losses

    BBC4 just interviewd HMRC and HMRC will re-imburse any taxpayer who suffers a loss.

    Who do HMRC get their money from again?

  5. Anonymous Coward
    Thumb Down

    A Question of Risk ?

    A few years ago, it wouldn't have been a problem....i.e sending a CD with personal data via a recognised courier as the data was put on the CD by the ICT dept, compressed and encrypted with for example a 10+ character password or AES or better e.g via Zip.

    If the CD got lost/stolen...the odds against a malicious criminal ripping the data off was minimal and even if they could it was encrypted so that it was unlikely to be cracked in my lifetime.

    The problem now is that the ICT dept has been moved away from this kind of task as it causes delay, non-ICT staff confusion (Bang the Rocks Together Guys) and frankly the exspurts in the data wanted the control of the delivery. So.....now we have non-ICT burning / Emailing / and printing our confidential data without any knowledge or training in how to secure it or wish to as security ain't there job!

    Worse they want copies of it everywhere so it doesn't slow them down. Bring Back Dumb terminals and take away their paper and pencils. No copying now.

    What do you expect if you give the keys to your house over to the party animals.

  6. Nick

    Don't Panic?

    OK, I wont.

    Being young, male, single and without child, the government gives me fork all benefits, so its unlikely my data is on there.

  7. Anonymous Coward
    Anonymous Coward

    me again

    What are the NAO doing with details of every child / family in the country?

    Have they got permission from 'the authorities' to even posses this data? Never mind whether they're allowed do things with it, send it on to third parties in third world countries etc etc.

    Losing it is bad enough, but that's only part of the problem; what bothers me is the NAO. Or were they just doing a bit of pretexting to see if some clerk in geordie world would fall for it?

    The tinfoil hat, please.

  8. Anonymous Coward
    Anonymous Coward

    Sack everyone.

    "The banking industry would like to reassure its customers that sort code and bank account, national insurance number, date of birth, name and address details are not enough in themselves for an ID fraudster to access your bank account – as additional security information and passwords are always required."

    Yes, but it's a pretty damn good start, isn't it?

    This lot can't be trusted to run a bath, never mind a country.

  9. Mark Ricahrdson
    Alert

    No risk of identity theft???

    I find it interesting that there were stories recently stating that including information such as DOB on your Facebook profile could be opening you up to identity theft, but apparently when the Government loose this information, plus bank account details, NI numbers etc, that it is not enough information for identity theft to take place!

    Apparently people will pay 30-200 USD for the details of a bank account, considerably more than for credit card details. If that is true, then someone somewhere is sitting on a potential 217,500,000 USD at the bottom end of the scale based on 7.25 million accounts. One way ticket to South America anyone?

  10. Anonymous Coward
    Unhappy

    More detail required

    What format was the data in?

    How was it encrypted? If not, why not?

  11. Anonymous Coward
    Anonymous Coward

    The arse-covering begins...

    Arrogant bastards. They say "...even if the CDs did end up in the wrong hands they did not contain enough information on their own to conduct fraud..."

    If the data was encrypted they would be falling over themselves to make it clear, so evidently it isn't.

    Then "...sort code and bank account, national insurance number, date of birth, name and address details are not enough in themselves for an ID fraudster to access your bank account – as additional security information and passwords are always required"

    That's pure diversion - there's a lot you can do with that info besides trying to access a bank account. And in some cases I bet that info COULD be used to access a bank account, with a spot of social engineering to circumvent or obtain any missing information.

    * Shakes head angrily and wearily at yet another government IT fuck-up *

  12. Anonymous Coward
    Paris Hilton

    Gridbugs

    "Imagine an A4 sized envelope, with a set of gridlines printed on one side, three columns by 30 or so rows, making 90 boxes."

    These are quite common, surely? I have worked for a few national institutions in my time, and the standard internal mail envelope has generally been as described above. Sometimes they are sealed with a piece of string that wraps around a lug, sometimes there is some sticky, sometimes they have EMPIRE MADE - 1947 written on them. I have worked in places where the envelope has a set of little holes, perhaps to show that it is empty. After a few uses the grid breaks down into an assortment of crossings-out, amendments, and addresses that span more than one column.

    The alternative is often to use old envelopes, which have been ripped open and then re-sealed. These are not secure either, because it is trivia matter to re-rip and re-seal them.

    Fiddle-de-dee.

  13. RW
    Flame

    But we had policies and procdedures in place!!!

    Data loss fiascoes always come with the yap "the established policies weren't followed" or "oh gee, the policies were followed but they didn't work."

    Everybody with an IQ over, say, 65, knows perfectly well that written policies aren't good for much of anything except bum wipe. If your IT systems don't actively enforce those policies, they aren't even good for that fundamental purpose. (Yes, the pun is intentional. Mea culpa, mea maxima culpa.)

    Management mandarins have a touching faith in the efficacy of written policies and consistently forget that the sinful masses always take the easy way out. If a policy stands in the way of convenience, too bad for the policy!

    They're just like the Bolsheviks in NuLabour who, in their drive to create the New British Wo/Man (a la the Russian Bolsheviks' New Soviet Man), have passed innumerable laws against behavior and thought contrary to their ideals. Oddly enough, the crime rate goes up, the crimes become more horrific, the police squander their energies imposing draconian penalties on trivial offenses, and the government demands another round of laws against whatever is today's flavor of antisocial behavior.

    Turning back to IT, prevention of data loss debacles requires that IT systems actively prevent confidential information from being held locally on PC's or being transcribed to CDs. I suspect the only effective way to achieve these goals is to go back to mainframes with dumb terminals.This kind of regimen also implies "no taking work home on your laptop." The proof of that assertion is left as an exercise for the reader.

    The only cure may be to impose absolute liability on not only organizations, but also on their managers and directors, for any dataloss by their organization. Financial liability, at that, say to the tune of £10,000 per individual whose privacy has been compromised. It has to be vastly more expensive to allow data loss than to prevent it from happening in the first place; otherwise the beancounters will neuter any serious attempts to protect data confidentiality.

    There's also the minor detail that the possibility of personal banktuptcy focusses the mind marvelously on the issues at hand.One might want to further heighten management angst about data loss by declaring anyone responsible (sensu latu) for such loss is forbidden to ever again work in a position of responsibility or authority.

  14. Gene Cash Silver badge
    Go

    that's a common mail system

    That's exactly the same system we used to use at work before we had email and a large secure file share.

    Now I stuff the data up on the file share, give them privs to see it, and email the URL. So no data and no passwords go across the email.

    Call up Uncle Larry, I'm sure he'll be glad to sell HMRC a copy of Oracle Files Online.

  15. Anonymous Coward
    Joke

    What!?!

    British management: finest in the world

  16. John Hudson
    Happy

    Why Worry?

    I think everyone is missing the good news here. Given the track record of computing projects in the sector, chances are the discs weren't burnt properly and when they are found they will probably have no data on them at all.

  17. Anonymous Coward
    Anonymous Coward

    TNT Courier

    Is the company who are concerned with these data losses, as was reported in Parliament this evening. Seems that TNT are not exactly competent and why on earth HMRC continued to use them, apart from usual incompetence, is beyond me.

  18. Anonymous Coward
    Black Helicopters

    Not enough for fraud...

    But certainly enough for identity theft.

    I also liked Darling's comment (from the BBC at http://news.bbc.co.uk/1/hi/uk_politics/7104115.stm) that "the key thing was that information was protected by biometric information, while at the moment information was "much more vulnerable" than it should be." And that's why we'll be safe when ID cards are introduced. Except that's bollocks, isn't it? Unless the government are going to take a finger from me and keep it on ice for when they need to access the data.

  19. Anonymous Coward
    IT Angle

    Auditing?

    Reading the BBC story the HMRC claims the data was lost en-route to the NAO for auditing. Surely under the DPA the data should be "depersonalised" before being sent for auditing by a third party?

    What on earth would the NAO want with a copy of that database?

    What about OUR rights to OUR data held on their systems?

    When we get audited at ******** we would never let a copy of our data containing sensitive details of every bloody bank card in the country into an auditors hands - they'd crucify us themselves if we did!

  20. Anonymous Coward
    Anonymous Coward

    CDs lost in Internal Mail

    Look guys, this can happen to anybody.

    Just be grateful HMRC saved us taxpayers 65p by not entrusting the discs to PostMan Pat.

  21. Anonymous Coward
    Stop

    Breach of Security

    I work for HMRC (no not in the Child Benefit Office) and I will let you know why the data was sent in CD format - the simple reason is that the vast majority of staff DO NOT have an external email address so they can email info to people outside of HMRC.

    This ignores the fact that the person who sent (more than once !) the info hadnt read the briefings about Data Security ( I am an old fart who has) and I know what I can/cant send.

    I am not sorry to see the boss go, but at least he has more integrity than any of our elected leaders.

  22. Ian

    They'll cover the cost

    I see they've given us an 0845 number to call if we're worried. Given that this costs me 55p a minute from my mobile, I suspect they'll soon make back the costs of dealing with the problem.

  23. Anonymous Coward
    Anonymous Coward

    incompetents incompetance

    1. I am exceptionally concerned that somebody stupid enough to do this has access to this information.

    2. These were sent to the NAO ("we aim to bring about real improvements in the delivery of public services.") in the same manner - and they presumably thought this was OK ? Ok - strictly not their brief - but FFS.

    3. The NAO has this information. Why ? Is it freely available to anyone with a gov.uk email address ?

    The resignation is a start. But I think everyone from the poster to the head of IT should be sacked. The complete chain of command. It might focus a few minds in future.

    Couldn't care less about darling. Unless someone can persuade me we won't get someone equally as evasive and incompetant in his place. Even a general election wouldn't manage that !

    (Laugh at the above comment - all I can say is thank f'k you don't have email addresses ... you really don't get this security thing at all do you)

  24. Anonymous Coward
    Flame

    @Anonymous "who works for HMRC"

    Well that just proves the point everyone else is making

    "staff DO NOT have an external email address so that they can email into to people outside of HMRC".

    FFS - this data should NOT have been emailed either!

    When will people learn that if you need, if you *really* need, to send data like this it should be, shock horror, ENCRYPTED (and no, ROT13 or chucking it in a password protected excel document is NOT encryption)

    Sack the frickin lot of 'em.

  25. Simon Lyon

    The APACS "reassurance" is bogus

    A friend of mine (over retirement age) was stuck up a mountain in Spain recently, with weather causing power cuts and an intermittent phone connection.

    He'd never set up phone or internet banking with his bank but it was desperately urgent that he arrange the transfer of some funds to someone else via BACS.

    I was able, on his behalf (posing as him in an entirely innocent exercise), able to transfer over 500 quid with only the following information:

    Name

    Address

    Sort Code/Account Number

    Date of Birth

    Branch account was opened at (correctly guessed it was the one closest to his address)

    Last transaction (as it happened I'd myself just sent him some money - wouldn't be hard for a scammer to pay a tiny amount in to the account and then quote it as the last transaction to get much more out).

    I only did this because we were both pretty sure that my saying that I was doing it on behalf of someone else wouldn't get anywhere. And I wanted to see what would happen, as an academic exercise.

    But I was amazed and fairly shocked that it actually worked!

  26. Simon Lyon

    Could've been worse - no, sorry, it WILL be worse ...

    Skip forward 5 years. The NAO asks for a dump of the National Identity Register ...

    Anyone here think that procedures at HMRC, the Passport Office or any other government dept will have changed in any useful fashion by then? Anyone?

    [sound of crickets chirruping]

  27. Anonymous Coward
    Flame

    @ Breach of Security - anonymous cowardly employee of the people

    "I work for HMRC (no not in the Child Benefit Office) and I will let you know why the data was sent in CD format - the simple reason is that the vast majority of staff DO NOT have an external email address so they can email info to people outside of HMRC."

    Are you seriously suggesting emailing the records of millions of people ?

    This cuntry is phooked - it is time to overthrow these useless bath stewards or give up and leave.

  28. Anonymous Coward
    Go

    Consistent Policy

    The NAO should audit HMRC and look for all evidence of data being burnt to CDs or emailed in unencrypted format - ie. all breaches of policy.

    If there is indeed a policy against this, every person who was involved should be fired (assuming it was gross misconduct/negligence). This would also include everyone who received such information and did not report it.

    The man at the top acted with honour (note not the Chancellor). It's the people below him who have put everyone at risk.

    There should be a policy regarding protection of the public's personal data that is as severe as the policy that compels people to hand over their encryption keys. If you don't encrypt the public's personal data (to a certain standard) and keep the keys safe you're liable to go to jail for 2 years - i.e. make it a criminal offense. Only if this is in place can the government be trusted to put in nationwide systems with health and ID information.

    If encrypted, CDs / DVDs are safe (perhaps safer than putting the data unencrypted on a password protected server for FTP download).

  29. Anonymous Coward
    Anonymous Coward

    Not so junior member of staff

    I used to work at HMRC - although not at the Child Benefit Office. The 'it was a junior member of staff' argument is bogus. Junior and middle-ranking staff there don't have floppy drive or CD read access for security reasons. Most lack external email. They definitely don't have CD burning capabilities and certainly lack access to a complete copy of a key system database. Simply to have the ability to copy the database onto disc as has been described would require a level of privilege more in keeping with somebody in a fairly senior position.

  30. Anonymous Coward
    Black Helicopters

    No clue, no evidence and no security

    I smell an election winner here.

    Vote for us or we will hand out your personal details to Nigerian scammers.

    As for claims that there is "no evidence the information is in the wrong hands" .........................WTF ? they have no evidence that the information is where it should be either.

  31. John PM Chappell
    Flame

    Me too...

    ... I have often impersonated my father, as, contrary to their contract as it happens, banks and others often refuse to deal with my mother unless they first speak to him, even though all accounts are 'shared' (i.e. joint and several liability and authority) and this has been established and re-iterated multiple times.

    I do this by knowing little more than my father's date of birth and his mother's maiden name, in addition to the family address.

    Oh, to the HMRC guy, in common with other posters - thank fuck you don't typically have external email access. Perhaps this kind of fiasco will highlight why decent IT staff and decent Admin staff are needed and that you cannot get them for £5.50 to £6.00 an hour.

  32. chris ohare
    Paris Hilton

    HM-arsey

    So, they balls up. OK.

    But a few times! First they lose a few details, then a few more...are they just trying to work out how many peoples details can go AWOL before we string someone up!?

    Then after losing that info, they set up an 0845 number as Ian mentioned, costing more than enough to call. How about a standard geographical number? Or could someone use it to find out where the numpties work?

    BOHICA anyone!?

    Paris icon: 'cos I'm starting to think even she could run a tighter ship than this lot.

  33. Chris G

    Open source

    Great isn't it? HM gov wants more and more information on us in order to control everyone and then they want to make it open source by sending it unencrypted, on cds via a company who is notoriously good at losing almost anything they carry from a wardrobe for MFI to an envelope for the gov.

  34. Alan Ferris
    Flame

    Just remind me...

    If it's a £5000 fine for a doctor who loses a single patient's records on a laptop stolen from a car, how much is the fine for the boss ( who is responsible, that's why he's the boss) at HMRC ?

    Who knows their 24,000,000 times table?

  35. teacake

    The only surprise...

    The only surprise is that we haven't yet had a comment from "heystoopid" attributing this cock-up to the Peter Principle...

  36. Dom

    Amazing!

    What an amazing situation. Why was such detailed information going to the National Audit Office? Unencrypted?

    Trouble is, this is the fault of some idiot civil servant. As was said once in Yes Minister, "Governments may come and go, but the Civil Service is forever". The faceless morons who claim more and more money off the taxpayer (their REAL employer) are the ones who should be sacked. In fact I believe that EVERYONE in the department where the CD's were sent from should be sacked. That should galvanize the mind of other uncivil servants.

    Yes, the information could be used to obtain monies from people's accounts, to say otherwise is just plain lying (the true job of an MP).

    And this is the Government that wants us to give them even MORE personal information. Where will that end up, I wonder? Up the revolution!

  37. Anonymous Coward
    Flame

    Has anyone heard of ...

    the Data Protection Act 1998?

    The Information Commissioners Office deal with this and indicates that action can be taken if personal information is used, held or disclosed unfairly, for a reason that is not the one it was collected for, or without proper security. The first and third parts of that seem remarkedly familiar ...

    Have a look at page 5 at the following link :

    http://www.ico.gov.uk/upload/documents/library/data_protection/practical_application/dp_how_to_complain_final.pdf

    Any solicitors out there want to run a class action against HM Government?

  38. Anonymous Coward
    Thumb Down

    Responsibility

    With regard to dealing with who's responsible - let's be honest, nothing will happen. Being in a public service union seems to make you immune to having to be responsible for your actions.

    No one will get sacked for this and therefore it will carry on. Until people know that breaking rules/regulations/policies is going to have dire consequences who cares? Especially if your employer is too scared to fire you for incompentence.

  39. Anonymous Coward
    Alert

    Erm.... not enough information ???

    The last time I checked it didn't take a vast amount of information to apply for most type of borrowing online. After working in the banking industry it doesn't take much:

    First name, family name, address (best if over 3 years). time at address, DOB, bank details (to prove you can defraud yourself with a direct debit), erm.... well that's about it really. So how come we're being told that hey - it's not a problem that we have potentially provided ALL your personal information to anyone....? Not only that, what about someone who's going to make a scam out of this misfortune?

    Frankly, it's not going to be long before some 'junior civil servant' somewhere in the country will download the whole lot of us and post the list on a website somewhere. Then where we be? Not to mention if they get our biometric data so they can really prove that they are us.

    As I have said before, if you want my pic to get false ID, I am sure you will find me on one of up to 4million + CCTV cameras in this country, but then I could perhaps be detained for 28 days on the pretence that I actually farted.......

  40. Gary Heard
    Coat

    Hmmmm

    Don't I remember, about a year ago, that the armed forces have a problem with USB keys? So, think this though, that Database was less than 2 CD's, so certainly less than 1.5Gb. You can get a memory stick, windows XP is so user friendly, for under a tenner that would hold ALL of that database. So, let me think, if the price is $200 per account 25,000,000 people (in this debacle), so from this it would be worth FIVE (American) Billion dollars. (Sorry, 4,999,999,990 -- forgot the cost of the stick)

    How do we know that the whole countries data isn't already in the wild?

    Final point. from the fact it was put on a CD, they obviously don't have the connectivity to send it down a pipe -- probably in use by all the spin merchants in Westminster -- getting the final draft for ID cards written -- to convince us we need them

  41. BitTwister

    Tosseurs

    > apologised after a laptop containing data on 400 customers was stolen. At the time the Revenue was praised by the security industry for coming clean and its "refreshing level of ethical responsibility".

    Er, aside from the minor ethical problem of allowing anyone to take personal data out of the building in the first place. I've worked in considerably smaller places where absolutely no IT-related equipment/media is allowed in OR out with an employee, for what I've always thought were bleedin' obvious reasons...

  42. Anonymous Coward
    Anonymous Coward

    @TNT Courier

    "...why on earth HMRC continued to use them, apart from usual incompetence, is beyond me..."

    Because they were the lowest tender.

    And because probably they have better lawyers than HMRC who would sue the arse off anyone who had the temerity to cancel a contract just because of gross inefficiency.

    Now, if the 'junior official' had only put the envelope inside another envelope and sealed both, we wouldn't have had all this fuss, as that is the standard Gov operating procedure for sending Restricted information internally. See http://www.theregister.co.uk/2007/09/26/bt_secure_tin_cups/ for more details.

  43. lglethal Silver badge
    Thumb Down

    I think people are missing the point here...

    BOTH the HMRC and the NAO need to be strung up! I mean obviously the person from the NAO knew this data was coming across via CD! Surely THEY should have picked up on that being a REALLY BAD IDEA!

    NAO: "Hi i need a copy of your entire database, could you send that to me?"

    HMRC: "Aww sorry mate no email. Oh wait i can burn it on to a CD or 2 and send it to you via internal mail.

    NAO: "Brilliant."

    HMRC: "Umm why do you need the database?"

    NAO: "Oh sorry the boss is calling gotta go." *click*

    On a personal note, ive already had 2 copies of my personal details lost by the HMRC because of there refusal to send official HMRC documents via registered post overseas. So the loss of 25 million accounts comes as no surprise to me!

  44. Anonymous Coward
    Anonymous Coward

    0845 number

    The geographical alternative to the helpline number they're giving out is 0191 2251144.

  45. Anonymous Coward
    Stop

    Breach of Security

    I work for HMRC (no not in the Child Benefit Office) and I will let you know why the data was sent in CD format - the simple reason is that the vast majority of staff DO NOT have an external email address so they can email info to people outside of HMRC.

    This ignores the fact that the person who sent (more than once !) the info hadnt read the briefings about Data Security ( I am an old fart who has) and I know what I can/cant send.

    I am not sorry to see the boss go, but at least he has more integrity than any of our elected leaders.

  46. Anonymous Coward
    Unhappy

    Information

    The NAO only wanted the National Insurance numbers, not all the other details.

    The stupidy shown in the media is astounding, why did this scapegoat have access to the entire database in one instance in an unencrypted form and then burn it to a CD or DVD. Why didn't he offer to sell it for a few hundred grand cash months ago.

    The medical records and DNA data would be very good for insurance companies and banks to have a sly glance at through a third party company. When are they being leaked ? would be nice to cut out all the high risk people from mortgages, pensions and insurance.

  47. Anonymous Coward
    Unhappy

    Not surprised in the least

    If I had a pound for every senior manager who knows nothing about IT, I wouldn't have to work again. They keep their default passwords, demand that security controls are circumvented when it doesn't suit what they want to do, or it's inconvenient, and generally act like children. There is where the blame lies for this.

    Please don't just slag off "civil servants" - there's a world of difference between the senior Sir Humphreys and the poor donkey workers at the bottom just trying to keep their heads above water and the service to the public decent while their jobs disappear all around them. Meanwhile £££s are spent on consultants to tell us what we already know......

    We caught a senior manager the other week taking 4 minutes to figure out why he couldn't make the guillotine work....he had it upside down!

    The Peter Principle is most definitely alive and well.

  48. Stew Wilson
    Joke

    Title

    > Apparently people will pay 30-200 USD for the details of a bank account,

    > considerably more than for credit card details. If that is true, then someone

    > somewhere is sitting on a potential 217,500,000 USD at the bottom end of the

    > scale based on 7.25 million accounts. One way ticket to South America

    > anyone?

    One-way to Clackton-on-Sea more like.

    I can grumble. I live in Blighty but get paid in the worthless Yanqui peso. Try using a real currency next time you want people to care.

  49. threaded
    Alien

    @ Nick: Don't Panic?

    It may be true that you are not in receipt of child benefits, but I would hazard that your mother was.

    This isn't just the current data, it's all the data they have!

  50. Anonymous Coward
    Anonymous Coward

    Title

    For those who don't want 0845 numbers (from www.saynoto0870)

    HM Revenue & Customs (Inland Revenue) 0845 3021444 0191 2251144 Child Benefit accounts

    HM Revenue & Customs (Inland Revenue) 0845 3003900 0191 4033000

    If people want account and sort codes, why not read Private Eye's "Eye Need" column, where hard-up folk post such info in the hope someone will put cash in?

Page:

This topic is closed for new posts.