HMRC 25 million personal records scandal - no encryption
BBC1 TV Newsnight programme revealed last night, that after some evasive answers, Her Majesty's Revenue and Customs (HMRC) admitted that the two lost CDROM discs containing the entire Child Benefit database personal details of 25 million people, which were lost in the internal mail were only "password protected" and were, as we suspected yesterday, not encrypted
Alistair Darling's feeble efforts at reassurance in the House of Commons are now online in Hansard 20 Nov 2007 : Column 1101:
[...] In March, it appears that a junior official in HMRC provided the National Audit Office with a full copy of HMRC’s data in relation to the payment of child benefit. In doing so, the strict rules governing HMRC standing procedures were clearly not followed. Those procedures relate to the security of and access to data as well as their transit to ensure that they are properly protected. That information should not have been handed over by HMRC in the way that it was. However, I understand that in this case the NAO subsequently returned all the information that it received in March to HMRC after auditing it.
It now appears that, following a further request from the NAO in October for information from the child benefit database, again at a junior level and again contrary to all HMRC standing procedures, two password-protected discs containing a full copy of HMRC’s entire data in relation to the payment of child benefit were sent to the NAO, by HMRC’s internal post system operated by the courier TNT. The package was not recorded or registered.
It appears that the data have failed to reach the addressee in the NAO. I also have to tell the House that, on finding that the package had not arrived at the NAO, a further copy of those data was sent, this time by registered post, which did arrive at the NAO. However, again HMRC should never have let that happen.
The missing information contains details of all child benefit recipients: records for 25 million individuals and 7.25 million families. Those records include the recipient and their children’s names, addresses and dates of birth, child benefit numbers, national insurance numbers and, where relevant, bank or building society account details. I regard this as an extremely serious failure by HMRC in its responsibilities to the public.
So, the entire HMRC Child Benefit personal data record data for 25 million people was sent, unencrypted, at least three times in a year to the National Audit Office.
- Yes, Prime Minister Christmas Special - Party Games, BBC: 17 December 1984:
Jim Hacker: "Yes, well this is serious."
Chief Whip: "Very serious."
Sir Humphrey: "Very serious."
Jim Hacker: "What could happen if either of them became PM?"
Sir Humphrey: "Something very serious indeed."
Chief Whip: "Very serious."
Jim Hacker: "I see...."
Chief Whip: "Serious repercussions."
Sir Humphrey: "Serious repercussions."
Chief Whip: "Of the utmost seriousness."
Jim Hacker: "Yes, that is serious."
Sir Humphrey: "In fact, I would go so far as to say, that it could hardly be more serious."
Jim Hacker: "Well, I think we all agree then: this is serious."
We do not think that the Government or the media are actually treating this appalling data privacy and security breach seriously enough, by wittering on only about the risks of financial fraud.
Abu Bakr Mansha is currently serving 6 years in prison for the possession of a copy of the Sun newspaper, on which he had scribbled the out of date, former address of a serving British Army soldier and Iraq war hero, under the Terrorism Act 2000 Section 58 Collection of information
How valuable would a copy of these two CDROMs with the details of 7.25 million families be to serious organised criminals, enemy terrorists or foreign intelligence agencies ?
Today, there appears to be a police raid on the Child Benefit Office in Washington, Tyne and Wear, where the data breaches originated from.
Why ? There has already been an internal search for the missing CDROMs by "trained Customs officers" who are "used to searching for hidden items".
Why were the Metropolitan Police called in by the Chancellor, who, somehow does not appear to trust the local Northumbria Police ?
The Conservative Shadow Treasury spokesman George Osborne made the obvious remark in response to the statement in the Commons yesterday:
Does he agree that today must mark the final blow to the Government’s ambition to create a national ID card? They simply cannot be trusted with people’s personal information.
Alistair Darling responded with this insult to the intelligence of the public:
The last point that the hon. Gentleman makes is in relation to identity cards. The key thing about identity cards is, of course, that they will mean that information
20 Nov 2007 : Column 1107
is protected by personal biometric information. The problem at present is that, because we do not have that protection, information is much more vulnerable than it should be.
That might be true, if, say, like in Estonia., the sensitive data was only stored securely on the actual smart card itself, and not also stored centrally.
The Labour government plan is to create a massive centralised National Identity Register, which would be vulnerable to incompetent or corrupt authorised insider mistakes or deliberate attacks, exactly as with this HMRC scandal, but on potentially an even larger scale.
There have been no published plans, to require, for example, "biometric" protected login or access controls to this central database.
Even if there were, such "biometric" protected database access controls, all that would do is show who had access to the system, which is already apparently known in the HMRC scandal case. with their existing database access control system.
Why are these Labour politicians still so ignorant about the technical fundamentals of their own evil National Identity Scheme ?