Original URL: http://www.theregister.co.uk/2007/12/11/driver_data_discs_disaster/

UK.gov loses driver ID data

More unencrypted CDs go walkies

By John Leyden

Posted in Security, 11th December 2007 16:49 GMT

Unencrypted computer discs containing the names and addresses of 6,000 Northern Ireland motorists has gone missing in the post.

The material, which was sent from Northern Ireland Driver and Vehicle Agency to the UK's main Driver and Vehicle Licensing Agency in Swansea, is reckoned to gave gone astray in a sorting centre in Coventry. The agency has written to drivers involved apologising for the slip-up.

The data was sent in requests from vehicle manufacturers, who needed to send drivers information about potential faults with various vehicle models. Information held on the two missing CDs included the registration number, chassis number, make and colour of 7,685 vehicles as well as the names and addresses of more than 6,000 registered owners. No financial data was included on the discs, the BBC reports.

News of the data loss at the DVLA comes shortly after the far larger Child Benefit data leak at HM Revenue & Customs that's left the government hunting for discs containing data of 25m people. The latest incident provides evidence that using CDs to distribute unencrypted data about citizens was, if not standard government practice, then a common insecure method used across multiple government agencies.

The wider problem of the exposure of confidential data is far from confined to government departments, nor indeed to lost CDs. In the latest such incident, Leeds Building Society warned its workforce of 1,000 that it had mislaid copies of their personal details during the process of moving its HR department during a building refurbishment project, the Press Association reports.

There's no evidence of fraud involving the data losses at either the DVLA or Leeds Building Society. In all probability the lost information is probably stuck behind a filing cabinet or sorting machine rather than in the hands of cybercrooks.

Other data loss incidents - of which there have been many in recent months on both sides of the Atlantic - have involved stolen laptops and suspected hacking attacks. ®