Feeds

DWP still sending out passwords and discs together

Government data not secure? Shurely some mistake?

The essential guide to IT transformation

The Department for Work and Pensions is still sending out discs containing confidential data together with passwords.

This most basic of security failings is no better than Her Majesty's Revenue and Customs sending out the entire UK child benefit database on unecrypted discs.

The moronic action was uncovered by the blog Dizzy Thinks, which received an internal email warning staff at DWP to pull their socks up.

It seems staff were sending discs of sensitive information and then sending the password separately. Well done chaps, that is almost a secure procedure. Not as good as not sending out discs at all, but a fantastic improvement on recent government incompetence.

Clearly, this almost effective security measure could not last for long.

Staff receiving the data and needing to forward it on - itself a security failing - were neatly bundling password and package and sending them out together.

Genius.

The email, with more patience than we could muster, said:

I have been advised of instances where password protected data has been sent out with the password being sent separately as detailed in Security Notice 02/07. However, once the data and the separate password are received, staff are then forwarding the data and password on together, this defeats the purpose of the security measure entirely. Could I ask you to remind staff of the heightened security surrounding data transfer and ensure that data and passwords are sent separately.

A DWP spokeswoman sent us the following statement:

We take the security of individuals' data extremely seriously. We have carried out a major review of procedures around the transfer of data to ensure the security of customer information. We expect all managers to monitor the application of our security controls and ensure that the correct action is taken in all cases.

She could not tell us whether any individual was disciplined for the failure, because an investigation into the leak lapse is underway. ®

5 things you didn’t know about cloud backup

More from The Register

next story
Munich considers dumping Linux for ... GULP ... Windows!
Give a penguinista a hug, the Outlook's not good for open source's poster child
UK fuzz want PINCODES on ALL mobile phones
Met Police calls for mandatory passwords on all new mobes
e-Borders fiasco: Brits stung for £224m after US IT giant sues UK govt
Defeat to Raytheon branded 'catastrophic result'
EU justice chief blasts Google on 'right to be forgotten'
Don't pretend it's a freedom of speech issue – interim commish
Detroit losing MILLIONS because it buys CHEAP BATTERIES – report
Man at hardware store was right: name brands DO last longer
Snowden on NSA's MonsterMind TERROR: It may trigger cyberwar
Plus: Syria's internet going down? That was a US cock-up
UK government accused of hiding TRUTH about Universal Credit fiasco
'Reset rating keeps secrets on one-dole-to-rule-them-all plan', say MPs
Caught red-handed: UK cops, PCSOs, specials behaving badly… on social media
No Mr Fuzz, don't ask a crime victim to be your pal on Facebook
Yes, but what are your plans if a DRAGON attacks?
Local UK gov outs most ridiculous FoI requests...
prev story

Whitepapers

5 things you didn’t know about cloud backup
IT departments are embracing cloud backup, but there’s a lot you need to know before choosing a service provider. Learn all the critical things you need to know.
Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Build a business case: developing custom apps
Learn how to maximize the value of custom applications by accelerating and simplifying their development.
Rethinking backup and recovery in the modern data center
Combining intelligence, operational analytics, and automation to enable efficient, data-driven IT organizations using the HP ABR approach.
Next gen security for virtualised datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.