A parents' guide to the HMRC data giveaway
Don't panic
Regcast training : Hyper-V 3.0, VM high availability and disaster recovery
If you are a recipient of child benefit in the UK, the chances are your records and bank details were included in one of the two CDs that Her Majesty's Revenue and Customs (HMRC) has lost. HMRC has said we have nothing to fear, despite the fact it doesn't know where these unencrypted CDs are or who has been accessing them.
All the same, APACS, the British banking payments association, is advising people concerned about the situation to ring a dedicated Revenue phone line - 0845 302 1444. APACS reassures parents that "there is no evidence that the lost data has fallen into criminal hands".
The organisation, in an advisory page on its website, said: "The missing data contained sort code and bank account details, national insurance numbers, dates of birth, names and address details, of all families in receipt of child benefit, as well as the names and dates of birth of those children for whom child benefit is payable."
It again claimed that this information, on its own, was insufficient for a fraudster to access your account.
APACS advises people not to close accounts but to look out for dodgy transactions. If you spot such a transaction you should get in touch with your bank. If, however, you receive post suggesting you have opened an account or applied for a card with a company you have had no contact with, possible evidence that your ID has been copied, you should contact the police. APACS' advice is here.
As for finding out what information HMRC has on you, one Register reader told us:
Hi,I have just spoken to the HMRC helpline, and wanted to know exactly what information relating to me had been lost.
Obviously the could not give me the information over the phone, that would not be secure!
For anyone interested in getting a copy of their information that HMRC are holding, you can write to the address below with a covering letter. This letter should contain your request for the data held about you, plus the following: -Your full name -Address -NI Number -Child Benefit number (if you know it)
It may be prudent to send this letter as a recorded delivery, or a secure delivery method - you would not want this information falling into the wrong hands!
Send to:
RM BP5001, Benton Park View, Long Benton, Newcastle-upon-Tyne. NE98 1ZZ
Do it soon, as they may have a sudden increase in requests.
A spokeswoman for HMRC told the Reg: "It's business as usual here. There is no need for people to phone us or their bank. The phoneline (0845 302 1444) has not seen a huge volume of traffic but people are welcome to call if they're worried."
She added that HMRC will be writing to everyone whose information has been lost to apologise. ®
COMMENTS
Seen it...
As an IT guy I've seen one of their so-called 'secure' systems.
All users Domain Admins (because it wouldn't work otherwise) and the Administrative Shares still active on the server. So, if you're a user of said system, you have unrestriced access to everything, even the server's operating system.
Led to believe this system is installed in numerous places round the country, too.
This is a gift!
This is a gift to those who believe in the noble and entirely innocent matter of keeping your private details literally private.
A gift and yes, also a sacrifice, and a very unpleasant one for those that have not chosen to be 'given' to this sacrifice but have become part of it. This isn't 'possible terrorists' or 'possible criminals' it's just a 'legal'/'legitimate' sample of the population.
There will yet and inevitably be some much more monstrous outrage committed against common privacy in the not so far future, and this business with the missing discs will be the case where people will look back and say "well it happened there, and nobody did anything. No one took it seriously, they were all trying to play it down.".
Well of course something should be done now, and of course it wont happen because they want to be seen to be right, right now. In fact it's just a new problem which the politicians should have the wisdom to take less than personally, which they don't.
... and digital civil liberties will default to zero.
But I'd like to remind all dear readers of this darling disrespectful Reg.ime that civil liberties have always defaulted to zero, just as soon as defined.
And all the civil liberties we have, we have because people have realised the rottenness of the default, and acted to get it changed.
The point is to recognise when a definition has taken place. Were you asked about that, or was it just a consequence, a side-effect?
Technological development may be somehow inevitable, but social - political development is a matter of action and choice.
If you can't choose to be ready to act on this now, prepare your information and understanding now from this case to use in the next, more serious privacy battle...
0845, 0870 numbers
Back in the days, local calls used to be cheaper than national calls (there was even a regional rate for calls up to 56km away). This hasn't been the case (for most people) since the world and his cat became telecommunications resellers, all of whom claim to offer cheaper calls than everyone else. Suddenly we were promised "national calls at local rates"; and then when that wasn't enough to tempt us, tethered lines eventually started offering inclusive minutes like old-skool mobiles. But the inclusive minutes come with restrictions: they cannot be used for mobiles, nor "non-geographic" numbers (i.e. 0845, 0870).
When they were first introduced, 0845 numbers (used to be 0345) were charged at the same rate as local calls and 0870 numbers (used to be 0990) were charged at the same rate as national calls. But now, on most price plans, local and national calls are charged at the same rate -- and that rate is lower than 0845 calls, let alone 0870 calls.
There is still a price plan with very low line rental and no inclusive calls at all, aimed at people who only ever use the phone occasionally ("two calls a year: christmas and my eldest son's birthday"), and which does distinguish between local and national calls. This is how companies can get away with talking about "local rate" calls. It's still dodgy, though, because most people are on other price plans.
Another thing that has changed for the worse is that businesses nowadays tend to answer as soon as you call, then tell you you're in a queue -- if I'm going to spend the best part of an hour waiting to speak to a human being, I'd rather not be paying for the privilege.
IT infrastructure monitoring strategies
Agentless Backup is Not a Myth
Top 10 SIEM implementer’s checklist
Steps to Take Before Choosing a Business Continuity Partner
Requirements Checklist for Choosing a Cloud Backup and Recovery Service Provider
