back to article How HMRC gave away the UK's national identity

Early last month Her Majesty's Customs and Revenue apologised after a laptop containing data on 400 customers was stolen. At the time the Revenue was praised by the security industry for coming clean and its "refreshing level of ethical responsibility". Earlier this month that it had lost pension records for 15,000 people …


This topic is closed for new posts.
  1. Anonymous Coward
    Black Helicopters

    One has to wonder... secure the National Identity Register will be given the cavalier attitudes shown by the government lackeys in this case.

    It's easy enough to change a bank acoount, quite another to replace your fingers and eyeballs. Still think it's all a good idea? We won't ba able to stuff the genie back in the lamp when it all goes predictably titsup.

  2. John Stag


    I can think of a dozen ways to describe my relationship with the revenue service, but "customer" would never have occurred to me.

  3. Kier

    Incredible data ineptitude

    And the government wonders why some of us have such strong objections to their lunatic ID card scheme...

  4. hans

    Refund of any losses

    BBC4 just interviewd HMRC and HMRC will re-imburse any taxpayer who suffers a loss.

    Who do HMRC get their money from again?

  5. Anonymous Coward
    Thumb Down

    A Question of Risk ?

    A few years ago, it wouldn't have been a problem....i.e sending a CD with personal data via a recognised courier as the data was put on the CD by the ICT dept, compressed and encrypted with for example a 10+ character password or AES or better e.g via Zip.

    If the CD got lost/stolen...the odds against a malicious criminal ripping the data off was minimal and even if they could it was encrypted so that it was unlikely to be cracked in my lifetime.

    The problem now is that the ICT dept has been moved away from this kind of task as it causes delay, non-ICT staff confusion (Bang the Rocks Together Guys) and frankly the exspurts in the data wanted the control of the delivery. we have non-ICT burning / Emailing / and printing our confidential data without any knowledge or training in how to secure it or wish to as security ain't there job!

    Worse they want copies of it everywhere so it doesn't slow them down. Bring Back Dumb terminals and take away their paper and pencils. No copying now.

    What do you expect if you give the keys to your house over to the party animals.

  6. Nick

    Don't Panic?

    OK, I wont.

    Being young, male, single and without child, the government gives me fork all benefits, so its unlikely my data is on there.

  7. Anonymous Coward
    Anonymous Coward

    me again

    What are the NAO doing with details of every child / family in the country?

    Have they got permission from 'the authorities' to even posses this data? Never mind whether they're allowed do things with it, send it on to third parties in third world countries etc etc.

    Losing it is bad enough, but that's only part of the problem; what bothers me is the NAO. Or were they just doing a bit of pretexting to see if some clerk in geordie world would fall for it?

    The tinfoil hat, please.

  8. Anonymous Coward
    Anonymous Coward

    Sack everyone.

    "The banking industry would like to reassure its customers that sort code and bank account, national insurance number, date of birth, name and address details are not enough in themselves for an ID fraudster to access your bank account – as additional security information and passwords are always required."

    Yes, but it's a pretty damn good start, isn't it?

    This lot can't be trusted to run a bath, never mind a country.

  9. Mark Ricahrdson

    No risk of identity theft???

    I find it interesting that there were stories recently stating that including information such as DOB on your Facebook profile could be opening you up to identity theft, but apparently when the Government loose this information, plus bank account details, NI numbers etc, that it is not enough information for identity theft to take place!

    Apparently people will pay 30-200 USD for the details of a bank account, considerably more than for credit card details. If that is true, then someone somewhere is sitting on a potential 217,500,000 USD at the bottom end of the scale based on 7.25 million accounts. One way ticket to South America anyone?

  10. Anonymous Coward

    More detail required

    What format was the data in?

    How was it encrypted? If not, why not?

  11. Anonymous Coward
    Anonymous Coward

    The arse-covering begins...

    Arrogant bastards. They say "...even if the CDs did end up in the wrong hands they did not contain enough information on their own to conduct fraud..."

    If the data was encrypted they would be falling over themselves to make it clear, so evidently it isn't.

    Then "...sort code and bank account, national insurance number, date of birth, name and address details are not enough in themselves for an ID fraudster to access your bank account – as additional security information and passwords are always required"

    That's pure diversion - there's a lot you can do with that info besides trying to access a bank account. And in some cases I bet that info COULD be used to access a bank account, with a spot of social engineering to circumvent or obtain any missing information.

    * Shakes head angrily and wearily at yet another government IT fuck-up *

  12. Anonymous Coward
    Paris Hilton


    "Imagine an A4 sized envelope, with a set of gridlines printed on one side, three columns by 30 or so rows, making 90 boxes."

    These are quite common, surely? I have worked for a few national institutions in my time, and the standard internal mail envelope has generally been as described above. Sometimes they are sealed with a piece of string that wraps around a lug, sometimes there is some sticky, sometimes they have EMPIRE MADE - 1947 written on them. I have worked in places where the envelope has a set of little holes, perhaps to show that it is empty. After a few uses the grid breaks down into an assortment of crossings-out, amendments, and addresses that span more than one column.

    The alternative is often to use old envelopes, which have been ripped open and then re-sealed. These are not secure either, because it is trivia matter to re-rip and re-seal them.


  13. RW

    But we had policies and procdedures in place!!!

    Data loss fiascoes always come with the yap "the established policies weren't followed" or "oh gee, the policies were followed but they didn't work."

    Everybody with an IQ over, say, 65, knows perfectly well that written policies aren't good for much of anything except bum wipe. If your IT systems don't actively enforce those policies, they aren't even good for that fundamental purpose. (Yes, the pun is intentional. Mea culpa, mea maxima culpa.)

    Management mandarins have a touching faith in the efficacy of written policies and consistently forget that the sinful masses always take the easy way out. If a policy stands in the way of convenience, too bad for the policy!

    They're just like the Bolsheviks in NuLabour who, in their drive to create the New British Wo/Man (a la the Russian Bolsheviks' New Soviet Man), have passed innumerable laws against behavior and thought contrary to their ideals. Oddly enough, the crime rate goes up, the crimes become more horrific, the police squander their energies imposing draconian penalties on trivial offenses, and the government demands another round of laws against whatever is today's flavor of antisocial behavior.

    Turning back to IT, prevention of data loss debacles requires that IT systems actively prevent confidential information from being held locally on PC's or being transcribed to CDs. I suspect the only effective way to achieve these goals is to go back to mainframes with dumb terminals.This kind of regimen also implies "no taking work home on your laptop." The proof of that assertion is left as an exercise for the reader.

    The only cure may be to impose absolute liability on not only organizations, but also on their managers and directors, for any dataloss by their organization. Financial liability, at that, say to the tune of £10,000 per individual whose privacy has been compromised. It has to be vastly more expensive to allow data loss than to prevent it from happening in the first place; otherwise the beancounters will neuter any serious attempts to protect data confidentiality.

    There's also the minor detail that the possibility of personal banktuptcy focusses the mind marvelously on the issues at hand.One might want to further heighten management angst about data loss by declaring anyone responsible (sensu latu) for such loss is forbidden to ever again work in a position of responsibility or authority.

  14. Gene Cash Silver badge

    that's a common mail system

    That's exactly the same system we used to use at work before we had email and a large secure file share.

    Now I stuff the data up on the file share, give them privs to see it, and email the URL. So no data and no passwords go across the email.

    Call up Uncle Larry, I'm sure he'll be glad to sell HMRC a copy of Oracle Files Online.

  15. Anonymous Coward


    British management: finest in the world

  16. John Hudson

    Why Worry?

    I think everyone is missing the good news here. Given the track record of computing projects in the sector, chances are the discs weren't burnt properly and when they are found they will probably have no data on them at all.

  17. Anonymous Coward
    Anonymous Coward

    TNT Courier

    Is the company who are concerned with these data losses, as was reported in Parliament this evening. Seems that TNT are not exactly competent and why on earth HMRC continued to use them, apart from usual incompetence, is beyond me.

  18. Anonymous Coward
    Black Helicopters

    Not enough for fraud...

    But certainly enough for identity theft.

    I also liked Darling's comment (from the BBC at that "the key thing was that information was protected by biometric information, while at the moment information was "much more vulnerable" than it should be." And that's why we'll be safe when ID cards are introduced. Except that's bollocks, isn't it? Unless the government are going to take a finger from me and keep it on ice for when they need to access the data.

  19. Anonymous Coward
    IT Angle


    Reading the BBC story the HMRC claims the data was lost en-route to the NAO for auditing. Surely under the DPA the data should be "depersonalised" before being sent for auditing by a third party?

    What on earth would the NAO want with a copy of that database?

    What about OUR rights to OUR data held on their systems?

    When we get audited at ******** we would never let a copy of our data containing sensitive details of every bloody bank card in the country into an auditors hands - they'd crucify us themselves if we did!

  20. Anonymous Coward
    Anonymous Coward

    CDs lost in Internal Mail

    Look guys, this can happen to anybody.

    Just be grateful HMRC saved us taxpayers 65p by not entrusting the discs to PostMan Pat.

  21. Anonymous Coward

    Breach of Security

    I work for HMRC (no not in the Child Benefit Office) and I will let you know why the data was sent in CD format - the simple reason is that the vast majority of staff DO NOT have an external email address so they can email info to people outside of HMRC.

    This ignores the fact that the person who sent (more than once !) the info hadnt read the briefings about Data Security ( I am an old fart who has) and I know what I can/cant send.

    I am not sorry to see the boss go, but at least he has more integrity than any of our elected leaders.

  22. Ian

    They'll cover the cost

    I see they've given us an 0845 number to call if we're worried. Given that this costs me 55p a minute from my mobile, I suspect they'll soon make back the costs of dealing with the problem.

  23. Anonymous Coward
    Anonymous Coward

    incompetents incompetance

    1. I am exceptionally concerned that somebody stupid enough to do this has access to this information.

    2. These were sent to the NAO ("we aim to bring about real improvements in the delivery of public services.") in the same manner - and they presumably thought this was OK ? Ok - strictly not their brief - but FFS.

    3. The NAO has this information. Why ? Is it freely available to anyone with a email address ?

    The resignation is a start. But I think everyone from the poster to the head of IT should be sacked. The complete chain of command. It might focus a few minds in future.

    Couldn't care less about darling. Unless someone can persuade me we won't get someone equally as evasive and incompetant in his place. Even a general election wouldn't manage that !

    (Laugh at the above comment - all I can say is thank f'k you don't have email addresses ... you really don't get this security thing at all do you)

  24. Anonymous Coward

    @Anonymous "who works for HMRC"

    Well that just proves the point everyone else is making

    "staff DO NOT have an external email address so that they can email into to people outside of HMRC".

    FFS - this data should NOT have been emailed either!

    When will people learn that if you need, if you *really* need, to send data like this it should be, shock horror, ENCRYPTED (and no, ROT13 or chucking it in a password protected excel document is NOT encryption)

    Sack the frickin lot of 'em.

  25. Simon Lyon

    The APACS "reassurance" is bogus

    A friend of mine (over retirement age) was stuck up a mountain in Spain recently, with weather causing power cuts and an intermittent phone connection.

    He'd never set up phone or internet banking with his bank but it was desperately urgent that he arrange the transfer of some funds to someone else via BACS.

    I was able, on his behalf (posing as him in an entirely innocent exercise), able to transfer over 500 quid with only the following information:



    Sort Code/Account Number

    Date of Birth

    Branch account was opened at (correctly guessed it was the one closest to his address)

    Last transaction (as it happened I'd myself just sent him some money - wouldn't be hard for a scammer to pay a tiny amount in to the account and then quote it as the last transaction to get much more out).

    I only did this because we were both pretty sure that my saying that I was doing it on behalf of someone else wouldn't get anywhere. And I wanted to see what would happen, as an academic exercise.

    But I was amazed and fairly shocked that it actually worked!

  26. Simon Lyon

    Could've been worse - no, sorry, it WILL be worse ...

    Skip forward 5 years. The NAO asks for a dump of the National Identity Register ...

    Anyone here think that procedures at HMRC, the Passport Office or any other government dept will have changed in any useful fashion by then? Anyone?

    [sound of crickets chirruping]

  27. Anonymous Coward

    @ Breach of Security - anonymous cowardly employee of the people

    "I work for HMRC (no not in the Child Benefit Office) and I will let you know why the data was sent in CD format - the simple reason is that the vast majority of staff DO NOT have an external email address so they can email info to people outside of HMRC."

    Are you seriously suggesting emailing the records of millions of people ?

    This cuntry is phooked - it is time to overthrow these useless bath stewards or give up and leave.

  28. Anonymous Coward

    Consistent Policy

    The NAO should audit HMRC and look for all evidence of data being burnt to CDs or emailed in unencrypted format - ie. all breaches of policy.

    If there is indeed a policy against this, every person who was involved should be fired (assuming it was gross misconduct/negligence). This would also include everyone who received such information and did not report it.

    The man at the top acted with honour (note not the Chancellor). It's the people below him who have put everyone at risk.

    There should be a policy regarding protection of the public's personal data that is as severe as the policy that compels people to hand over their encryption keys. If you don't encrypt the public's personal data (to a certain standard) and keep the keys safe you're liable to go to jail for 2 years - i.e. make it a criminal offense. Only if this is in place can the government be trusted to put in nationwide systems with health and ID information.

    If encrypted, CDs / DVDs are safe (perhaps safer than putting the data unencrypted on a password protected server for FTP download).

  29. Anonymous Coward
    Anonymous Coward

    Not so junior member of staff

    I used to work at HMRC - although not at the Child Benefit Office. The 'it was a junior member of staff' argument is bogus. Junior and middle-ranking staff there don't have floppy drive or CD read access for security reasons. Most lack external email. They definitely don't have CD burning capabilities and certainly lack access to a complete copy of a key system database. Simply to have the ability to copy the database onto disc as has been described would require a level of privilege more in keeping with somebody in a fairly senior position.

  30. Anonymous Coward
    Black Helicopters

    No clue, no evidence and no security

    I smell an election winner here.

    Vote for us or we will hand out your personal details to Nigerian scammers.

    As for claims that there is "no evidence the information is in the wrong hands" .........................WTF ? they have no evidence that the information is where it should be either.

  31. John PM Chappell

    Me too...

    ... I have often impersonated my father, as, contrary to their contract as it happens, banks and others often refuse to deal with my mother unless they first speak to him, even though all accounts are 'shared' (i.e. joint and several liability and authority) and this has been established and re-iterated multiple times.

    I do this by knowing little more than my father's date of birth and his mother's maiden name, in addition to the family address.

    Oh, to the HMRC guy, in common with other posters - thank fuck you don't typically have external email access. Perhaps this kind of fiasco will highlight why decent IT staff and decent Admin staff are needed and that you cannot get them for £5.50 to £6.00 an hour.

  32. chris ohare
    Paris Hilton


    So, they balls up. OK.

    But a few times! First they lose a few details, then a few more...are they just trying to work out how many peoples details can go AWOL before we string someone up!?

    Then after losing that info, they set up an 0845 number as Ian mentioned, costing more than enough to call. How about a standard geographical number? Or could someone use it to find out where the numpties work?

    BOHICA anyone!?

    Paris icon: 'cos I'm starting to think even she could run a tighter ship than this lot.

  33. Chris G

    Open source

    Great isn't it? HM gov wants more and more information on us in order to control everyone and then they want to make it open source by sending it unencrypted, on cds via a company who is notoriously good at losing almost anything they carry from a wardrobe for MFI to an envelope for the gov.

  34. Alan Ferris

    Just remind me...

    If it's a £5000 fine for a doctor who loses a single patient's records on a laptop stolen from a car, how much is the fine for the boss ( who is responsible, that's why he's the boss) at HMRC ?

    Who knows their 24,000,000 times table?

  35. teacake

    The only surprise...

    The only surprise is that we haven't yet had a comment from "heystoopid" attributing this cock-up to the Peter Principle...

  36. Dom


    What an amazing situation. Why was such detailed information going to the National Audit Office? Unencrypted?

    Trouble is, this is the fault of some idiot civil servant. As was said once in Yes Minister, "Governments may come and go, but the Civil Service is forever". The faceless morons who claim more and more money off the taxpayer (their REAL employer) are the ones who should be sacked. In fact I believe that EVERYONE in the department where the CD's were sent from should be sacked. That should galvanize the mind of other uncivil servants.

    Yes, the information could be used to obtain monies from people's accounts, to say otherwise is just plain lying (the true job of an MP).

    And this is the Government that wants us to give them even MORE personal information. Where will that end up, I wonder? Up the revolution!

  37. Anonymous Coward

    Has anyone heard of ...

    the Data Protection Act 1998?

    The Information Commissioners Office deal with this and indicates that action can be taken if personal information is used, held or disclosed unfairly, for a reason that is not the one it was collected for, or without proper security. The first and third parts of that seem remarkedly familiar ...

    Have a look at page 5 at the following link :

    Any solicitors out there want to run a class action against HM Government?

  38. Anonymous Coward
    Thumb Down


    With regard to dealing with who's responsible - let's be honest, nothing will happen. Being in a public service union seems to make you immune to having to be responsible for your actions.

    No one will get sacked for this and therefore it will carry on. Until people know that breaking rules/regulations/policies is going to have dire consequences who cares? Especially if your employer is too scared to fire you for incompentence.

  39. Anonymous Coward

    Erm.... not enough information ???

    The last time I checked it didn't take a vast amount of information to apply for most type of borrowing online. After working in the banking industry it doesn't take much:

    First name, family name, address (best if over 3 years). time at address, DOB, bank details (to prove you can defraud yourself with a direct debit), erm.... well that's about it really. So how come we're being told that hey - it's not a problem that we have potentially provided ALL your personal information to anyone....? Not only that, what about someone who's going to make a scam out of this misfortune?

    Frankly, it's not going to be long before some 'junior civil servant' somewhere in the country will download the whole lot of us and post the list on a website somewhere. Then where we be? Not to mention if they get our biometric data so they can really prove that they are us.

    As I have said before, if you want my pic to get false ID, I am sure you will find me on one of up to 4million + CCTV cameras in this country, but then I could perhaps be detained for 28 days on the pretence that I actually farted.......

  40. Gary Heard


    Don't I remember, about a year ago, that the armed forces have a problem with USB keys? So, think this though, that Database was less than 2 CD's, so certainly less than 1.5Gb. You can get a memory stick, windows XP is so user friendly, for under a tenner that would hold ALL of that database. So, let me think, if the price is $200 per account 25,000,000 people (in this debacle), so from this it would be worth FIVE (American) Billion dollars. (Sorry, 4,999,999,990 -- forgot the cost of the stick)

    How do we know that the whole countries data isn't already in the wild?

    Final point. from the fact it was put on a CD, they obviously don't have the connectivity to send it down a pipe -- probably in use by all the spin merchants in Westminster -- getting the final draft for ID cards written -- to convince us we need them

  41. BitTwister


    > apologised after a laptop containing data on 400 customers was stolen. At the time the Revenue was praised by the security industry for coming clean and its "refreshing level of ethical responsibility".

    Er, aside from the minor ethical problem of allowing anyone to take personal data out of the building in the first place. I've worked in considerably smaller places where absolutely no IT-related equipment/media is allowed in OR out with an employee, for what I've always thought were bleedin' obvious reasons...

  42. Anonymous Coward
    Anonymous Coward

    @TNT Courier

    "...why on earth HMRC continued to use them, apart from usual incompetence, is beyond me..."

    Because they were the lowest tender.

    And because probably they have better lawyers than HMRC who would sue the arse off anyone who had the temerity to cancel a contract just because of gross inefficiency.

    Now, if the 'junior official' had only put the envelope inside another envelope and sealed both, we wouldn't have had all this fuss, as that is the standard Gov operating procedure for sending Restricted information internally. See for more details.

  43. lglethal Silver badge
    Thumb Down

    I think people are missing the point here...

    BOTH the HMRC and the NAO need to be strung up! I mean obviously the person from the NAO knew this data was coming across via CD! Surely THEY should have picked up on that being a REALLY BAD IDEA!

    NAO: "Hi i need a copy of your entire database, could you send that to me?"

    HMRC: "Aww sorry mate no email. Oh wait i can burn it on to a CD or 2 and send it to you via internal mail.

    NAO: "Brilliant."

    HMRC: "Umm why do you need the database?"

    NAO: "Oh sorry the boss is calling gotta go." *click*

    On a personal note, ive already had 2 copies of my personal details lost by the HMRC because of there refusal to send official HMRC documents via registered post overseas. So the loss of 25 million accounts comes as no surprise to me!

  44. Anonymous Coward
    Anonymous Coward

    0845 number

    The geographical alternative to the helpline number they're giving out is 0191 2251144.

  45. Anonymous Coward

    Breach of Security

    I work for HMRC (no not in the Child Benefit Office) and I will let you know why the data was sent in CD format - the simple reason is that the vast majority of staff DO NOT have an external email address so they can email info to people outside of HMRC.

    This ignores the fact that the person who sent (more than once !) the info hadnt read the briefings about Data Security ( I am an old fart who has) and I know what I can/cant send.

    I am not sorry to see the boss go, but at least he has more integrity than any of our elected leaders.

  46. Anonymous Coward


    The NAO only wanted the National Insurance numbers, not all the other details.

    The stupidy shown in the media is astounding, why did this scapegoat have access to the entire database in one instance in an unencrypted form and then burn it to a CD or DVD. Why didn't he offer to sell it for a few hundred grand cash months ago.

    The medical records and DNA data would be very good for insurance companies and banks to have a sly glance at through a third party company. When are they being leaked ? would be nice to cut out all the high risk people from mortgages, pensions and insurance.

  47. Anonymous Coward

    Not surprised in the least

    If I had a pound for every senior manager who knows nothing about IT, I wouldn't have to work again. They keep their default passwords, demand that security controls are circumvented when it doesn't suit what they want to do, or it's inconvenient, and generally act like children. There is where the blame lies for this.

    Please don't just slag off "civil servants" - there's a world of difference between the senior Sir Humphreys and the poor donkey workers at the bottom just trying to keep their heads above water and the service to the public decent while their jobs disappear all around them. Meanwhile £££s are spent on consultants to tell us what we already know......

    We caught a senior manager the other week taking 4 minutes to figure out why he couldn't make the guillotine work....he had it upside down!

    The Peter Principle is most definitely alive and well.

  48. Stew Wilson


    > Apparently people will pay 30-200 USD for the details of a bank account,

    > considerably more than for credit card details. If that is true, then someone

    > somewhere is sitting on a potential 217,500,000 USD at the bottom end of the

    > scale based on 7.25 million accounts. One way ticket to South America

    > anyone?

    One-way to Clackton-on-Sea more like.

    I can grumble. I live in Blighty but get paid in the worthless Yanqui peso. Try using a real currency next time you want people to care.

  49. threaded

    @ Nick: Don't Panic?

    It may be true that you are not in receipt of child benefits, but I would hazard that your mother was.

    This isn't just the current data, it's all the data they have!

  50. Anonymous Coward
    Anonymous Coward


    For those who don't want 0845 numbers (from www.saynoto0870)

    HM Revenue & Customs (Inland Revenue) 0845 3021444 0191 2251144 Child Benefit accounts

    HM Revenue & Customs (Inland Revenue) 0845 3003900 0191 4033000

    If people want account and sort codes, why not read Private Eye's "Eye Need" column, where hard-up folk post such info in the hope someone will put cash in?

  51. Sam Green

    They're right...

    "The banking industry would like to reassure its customers that sort code and bank account, national insurance number, date of birth, name and address details are not enough in themselves for an ID fraudster to access your bank account"

    It's true. You have to actively pick up the phone and then SAY those bits of information to the person at the other end with your MOUTH.

    Then and only then can the fraud be committed.

  52. Adriaan van Wyk

    Free credit record checks

    Let's face it - all of the affected individuals are going to have to start checking their credit files on a monthly basis from now on. To suggest that the details that were stolen are not enough to commit fraud is simply laughable.

    May I suggest that HMRC arrange for all of the affected individuals to receive free monthly credit reports from Equifax and Experian for the next couple of years?

  53. Nano nano

    The culprit must go as well ... come back, Comp Sci graduates!

    Back in the 80's, Clive Ponting and Sarah Tisdall were sent for trial for leaking government information.

    As someone has already observed, the idea that someone with sufficient authority to have access to that entire dataset is also incompetent enough to think that it was OK to transfer the data in that fashion beggars belief - they need keel-hauling, as does the chain of command that permitted it.

    Perhaps Andy Hopper at Cambridge should now start making more noise about the fact that even a brand new Computer Science graduate would not have made that elementary mistake !!

  54. Anonymous Coward

    what about the safety of children?

    So these discs have the names, ages, and address of (hundreds of thousands?) of children?

    What if pedophiles get this information?


  55. Anonymous Coward


    Questions that should be asked in the house....

    Why was a "Junior" person within HMRC able to dump the contents of the database in the first place?

    Were the IT Dept involved? If the data fitted one one CD, it'd be a piece of cake, spanning multiple CD's makes it trickier as anyone who has tried such things will know, so the DB was either extracted in two portions or was copied using some form of backup/span. Either way it took a bit more savvy than a simple "File Save".

    According to Radio 4 this morning, the NAO questioned the amount of data they had received previously and asked for less identifiable info, but they were sent the same level of detail. So, this dump would appear to be the standard that gets provided whenever a employee asks for anything. Where else has this data been sent?

    What happened to the previous CDs? We are told they were sent from Newcastle to London, arrived, were used and then returned. Were they ever copied? do the originals or any copies still exist (maybe on someone's desk, gathering dust before being transferred to a draw once they forget what is on them).

    According to a spokeswoman on the radio last night, this problem arose because the "systems are old" and the ID card system would be "new state of the art and inherently more secure". Hmm, we need to ask what drugs She is on.

  56. GT

    419 Scamsters

    Isn't the lost data exactly what 419 scamsters use to drain your bank account?

  57. Anonymous Coward
    Anonymous Coward

    This is where the vaunted Market comes in...

    The Chancellor of the Exchequer told the House of Commons that there was "no evidence" that the CD had fallen into the hands of criminals. Let's think that over for a little while, shall we?

    1. Everyone in the world no knows that a CD containing 25 million taxpayer records has gone missing.

    2. Arguably, there exist criminals who could think of profitable ways to use that information.

    3. This is where the wonderful Free Market comes in - the one that Nu Laber ministers have been haranguing us about for 10 years.

    4. The putative master criminals make it known that they are willing to pay £X for the CD. Alternatively, if they know who has it, they offer to let that person go on living.

    5. Bingo! The CD has wound up in "the wrong hands". See how easy it was? Thanks to the marvels of capitalism, it was just as inevitable as water running downhill.

  58. Jason Rivers

    quite funny...

    "customers can have peace of mind that they enjoy protection under the Banking Code" - yes this is very very enjoyable that the banking code have put things in place, I'm not sure it's an enjoyable experience dealing with it, especially as you now have to go through the bank, the police are not interested in ID Theft, or others fraudulently taking money from your account, probably because they have too many people smoking cigarettes while driving to pull over.

  59. druck Silver badge

    Physical size of data

    "Even 25 years ago, who could have possibly thought this is a safe way to send private information about 25 million people?"

    25 years ago, all you would have got in an envelope is a few sheets of paper. The physical storage medium able to contain 25 million records would be the size of a suitcase, and a few years before that the size of a room. Now you can put millions of records on a laptop, CD, DVD, or memory stick the size of your thumb, and lose it in an instant.

    Systems should be designed so there is no way copying of vast amounts of data on to portable media. If it needs to be physically transported instead of transferred over secure encrypted comms links, there should only be one place it can be done, and whatever medium is used on should be contained in a lock box changed the arm of a security guard for every second of the journey.

  60. Anonymous Coward

    @ Not so junior member of staff By Anonymous Coward

    No, it would be a middle manager who would have burned the CDs, who then would have thrown the CDs onto a junior's desk and told him/her to send them to the NAO because he can't be arsed to do it properly himself. The junior then sent them un-recorded because the junior knew no better or had no idea of the contents.

    The junior will of course have been sacked and had their career ruined whilst the middle manager will be moved sideways to await an early retirement.

  61. Trevor Watt

    TNT Bulk mail

    TNT bulk mail gets delivered by a contractor who is......

    Royal Mail.

    So one Government department saves money by sending mail through a private company who uses another Government owned company to deliver it.

    The world has gone fucking mad.

  62. Anonymous John

    Re Sheesh

    "Were the IT Dept involved?"

    Has to be. Nobody else has access to the entire database, or a CD writer. Records can be accessed one at a time, and only if the reference number/National Insurance number is known.

    The BBC referred to an IT worker this morning.

    It's a bit rich the Tories trying to exploit this. Does anyone believe it wouldn't have happened if they'd been in charge?

  63. Frank Bough

    It's Sacking Time

    "I work for HMRC (no not in the Child Benefit Office) and I will let you know why the data was sent in CD format - the simple reason is that the vast majority of staff DO NOT have an external email address so they can email info to people outside of HMRC."

    Un fucking believable. You WOULD have EMAILED a 25 million record database containing highly sensitive, personal data?

    Thank your lucky stars that the Register allows YOU the privilege of remaining an Anonymous Coward - that more than your 'customers' get.

  64. Ash

    @Tom Welsh

    "... as inevitable as water running downhill."

    Some chap called Archamides solved that issue 300 years before Jesus.

    Sennacherib 400 years before him.

  65. Lee Worthington

    Goes much wider!

    I believe that the data was requested by the National Audit Office as part of the National Fraud Initiative which gathers together data from all sorts of sources and cross references to look for fraud i.e. employees claiming unemployment benefit etc.

    There has been a big fuss in Local Government circles (still being tracked and reported by Public Sector Forums) because the NAO inisisted that every Local Authority in the land sent them employee data; all the usual personal info, as well as bank account numbers, sort codes etc. without anyone (in my authority anyway) knowing why. We had 'we might use your data' paragraph on our payslips - but there was nothing about NAO fraud investigations!

    There was also no information about how nothing about how the data was sent, was it encrypted, password protected etc. It appears to have been left to each authority to make up its own mind - if memory serves it was also sent to a third party not a government office.

    There have even been concerns about the legality of the amount and detail of data being requested by the NAO. I don't know how far the NAO can reach, but it maybe that they can request data from any employer - even yours!

  66. Anonymous Coward

    I actually feel more secure now!

    The chances that:

    a) These disks fall into the hands of bad guys


    b) My details are one the first to be taken advantage off

    must be smaller than winning the lottery. So for a minimal risk of being a victim of identity theft from this route we get hopefully better protection from identity theft from all routes if the 'keeping a closer eye on peoples accounts' is to be believed.

    As soon as it is found that someone has become a victim because of this there will have to be a massive change over of bank details etc.

  67. 4a$$Monkey

    Whould that fit on a CD?

    Surly a database containing 25,000,000 records of Name; Bank account details; DOB; NI; Address etc would be quite a few Gigs in size. How did that fit on a CD? Or am I missing something?

  68. Sir Runcible Spoon

    good news and bad news

    The bad news is that even if the CD's are recovered there's no way of knowing if someone has copied them in order to sell the data in 6 months time when all the fuss has died down and everyone has stopped checking their accounts as regularly.

    The good news is that the general public (ie the morons) are now very aware that the government cannot be trusted with their data. Mothers especially will probably be going ballistic right now - so there's eff all chance of a Nationanal ID database now - not by any government who wants to remain in power at any rate.

  69. M

    Hopefully... two blanks because those measly office worker are too stuuupid to write CD-R and see if the fuss cover up the Northern Rock Fiasco.

    What oh you have load those Excel without password, sure good time to mention bad news eh!

  70. Mr Chris

    @"what about the safety of children?"

    "So these discs have the names, ages, and address of (hundreds of thousands?) of children?

    What if pedophiles[sic] get this information?


    Paedophiles could find out where a large number of children live by walking down any given street in the country and seeing which houses the kids go into and out of. Or they could go to one of those places where lots of kids are stored in one building. What are they called? Schools, that's it.

    They don't need a list of names and addreses to find children, you cretin.

    Bank details, on the other hand, don't play in the streets where just anyone can see them.

  71. Simon Oxlade

    "... the data lost is not enough to access bank accounts...

    No, but it is more than enough to open one. Credit Card, pretty easy once the bank account is established (just deal with that troublesome "Oh I've changed addresses, you must have my old one" step first). Overdraft, pretty much defacto nowadays. Short Term Loan, easy with a solid set of bank account details.

    So 25 million details, which ones to pick? Simple, you have the addresses. Think about where you live, now work out which streets the nice middle class people live on and search for those, then pick and choose.

    Apply techniques in Paragraph one, and then multiply several thousand times.

    I reckon about six weeks of work and you'd be able to set up enough accounts/cards/loans to make a decent amount of wonger. Leave rented house (rented using the database details, naturally - it's easy enough to fake an electric bill and the rest are just numbers) and head for Caribbean to live off your earnings.

    No risk? - B*ll*cks. Glad I'm not on the list.

    To continue the rant - why is the database accessible by a machine that has a CD/DVD burner attached? Why is the NAO asking for this data in the first place when the data is not supposed to leave the building? Why is the member of staff concerned so blase about the data that he feels it's ok to do this? Why has this happened several times and nothing has been done? Why are there not secure network links between all these government offices? Why are these clowns still in power? Why are they using TNT to deliver secure internal mail?

  72. Anonymous Coward
    Anonymous Coward

    @Lee Worthington

    If you want to know more, talk to your Fraud department. If you dont know who they are, give you Housing Benefit team a call, they will know.

    The Fraud team should know all about it.

  73. Anonymous Coward
    Anonymous Coward

    Encrypted or unencrypted?

    From the Guardian:

    "Darling revealed that although the information on the CDs was not encrypted, but it was password-protected."

    Can someone please explain what this is supposed to mean?

  74. Nano nano

    The Govt. department for Database Errors

    Doesn't the Gov now have an entire department for this kind of database error - the DBERR ( ?

  75. Innocent Bystander


    If it's so easy to get this data out of the HMRC then one wonders how many times it has happened previously that neither the public or the mandarins know about?

    If Darling has the gall to say that Bank accounts without passwords cannot be comprised then I suggest that he publishes his own similar details and see what happens.

    When they say that ID cards will be on more modern systems with greater security I have a vision that a few years down the line the data will be lost and the politician's excuse will be that procedures weren't followed.

  76. Innocent Bystander

    How many times has it happened before

    If it's so easy to get this data out of the HMRC then one wonders how many times it has happened previously that neither the public or the mandarins know about?

    If Darling has the gall to say that Bank accounts without passwords cannot be comprised then I suggest that he publishes his own similar details and see what happens.

    When they say that ID cards will be on more modern systems with greater security I have a vision that a few years down the line the data will be lost and the politician's excuse will be that procedures weren't followed.

  77. Conway

    @Encrypted or unencrypted?

    It means that if you open the file in the software package that was used to save it, you will need a password, but if you open it in a plain text or Hex editor (for instance), you will be able to read the contents although they probably won't be formatted.

    In short it means the data is effectively unprotected.

  78. Anonymous Coward
    Anonymous Coward

    Open letter to the recipients of the CDs

    Remember that most politicians, especially the more senior ones, are on the boards of numerous large companies and therefore have huge wads of cash in their bank accounts. Empty these accounts first, you know it makes sense.

  79. Anonymous Coward

    Securicor ?

    Surely this data should have been stuffed into a Armoured Car, sent of with a Police escort and signed for in triplicate by the mothers of the heads of both departments.

    Since the government is so into biometrics, why don't they use the damn things themselves, why wasn't the data only accessible in its 25 million format by senior management only upon receipt of a dna confirmed stool sample.

    Plus if it was so important to the NAO to have this data why don't they have a secure link into the HMRC with appropriate data access filters why are they even having to ring some "Junior" numpty anyway ??

    I know the answers to all these questions are that the government couldn't run a IT project to save its collective asses and we will probably rebuild Iraq with a decent biometric system before we get one !

    Alien icon because it feels like they have landed at the moment !

  80. Anonymous Coward
    Anonymous Coward

    Blame the IT department

    Were I work anything that is copied to removable media is automatically encrypted and can only be read by equipment in the same company. This would be a start.

  81. Andy

    ... not enough to access bank accounts...

    Yeah, until some enterprising individuals send out surveys to obtain further information to help them scam us all. Ah, but wouldn't that require the addresses of everyone I hear you cry, oh wait, they already have that information too!! So, with a little effort, enough information could be obtained in order to get past any security questions the bank may have. I can hear it no.....Sorry, I can't remember my password....Ok sir, just answer these additional security questions.....mothers maiden of birth......first pet....very good sir, your new password is xxxxx, thank you and have a good day. I know how easy it is cos I've done it before (forgotten my password that is, not accessed other peoples bank accounts!!). I think it's time to go down to the bank and ask for a new account number, it's the only way to be safe and I thought I had been good shreading everything with personal information on it, why did I bother.

  82. Jeremy Wickins

    Just sent this to my MP ...

    ... via Please feel free to use it as a template:

    Dear ,

    I am extremely concerned about the loss of data from HMRC. There is something fundamentally wrong with the whole system:

    1. How was an entire data dump to removable media even possible without at least several layers of security and permission?

    2. Why was sensitive information sent in unencrypted form (this would apply regardless of the means used (see point 3 below)?

    3. Why was physical transfer of data disks necessary? It should have been possible to send this directly via a network (though see point 4 below).

    4. What does the National Audit Office want the information on 25 million people for? (I have one legitimate answer in mind, but I want to know yours).

    5. Why was a courier service with a known lousy record chosen for this service? What was wrong with supporting the Royal Mail?

    Beyond these questions on the specific incident, there are three others:

    a) Will you support a full investigation of this incident, with penalties including prosecution under the Data Protection Act ?

    b) Will you support the creation of a government-funded compensation and assistance scheme for any victim of identity fraud if it can be shown that, on the balance of probability, their data came from this database?

    c) Do you still support the creation of a national ID database in the light of the incompetence shown here?

    Yours sincerely,

  83. Neil Smith

    Imagine this leak after the Biometric ID is in place...

    So if the govt goes ahead and creates the National ID scheme, including Biometric details of each of us, they would have to be stored in a database, probably beside our names, or National Insurance numbers, or bank details, or the names of our children, or our addresses.

    Then someone asks for a copy and it goes missing.

    The Chancellor & APACs say not to worry, meanwhile I am cutting off my own fingers and gouging out my eye!

    Not only is this a disaster, but further ID card schemes, especially Biometrics will only add to the problem.

  84. noob
    IT Angle

    We now know whodunnit (kind of ...)

    ... turns out - according to the Daily Mail - our 'junior official' is a 'computer specialist'. Sorry guys but you are evidently part of the problem, not the solution (hear me BOFH?)

  85. Aazell

    Every organisation in the UK...

    ... is bound by the EU data protection laws. These are pretty clear cut when it comes to handling of data. The data should only be made available to those users who have valid business reasons to do so. So making the entire database available to someone in a completely different department breaks not only their internal precedures but the law in about 10 different ways.

    The perpetrator of this has not even been fired according to reports.

    My company test each and every one of us on these rules once a year to ensure we are familiar with the legislation. I know many other organisations do this too. It affects our bonus payment if we do not take these refresher courses.

    If I did what this guy had done, even if it hadn't hit the media, I honestly think I'd be sacked.

    What we've got here is the antiquated British civil service still floundering where most firms were 10 years ago.

    The government enforce a the EU legislation but are completely incapable of adhering to it.

    I for one will never have an ID card.

  86. Anonymous Coward
    Thumb Down


    I object to being called a "customer" of HMRC and always have since they started using it some years back with the advent of "Hector" IIRC. The word implies choice. HMRC are an unelected, and largely unaccountable government body who I have no choice but to liaise with and use, and if they screw up I am lucky to get so much as an apology. If however I screw up, I get draconian penalties and fines. What supplier treats its customers like that?


  87. Pum

    Does Alistair Darling have kids?

    Two kids I believe! So his details should be on the disk - oh the irony of it!

    Dear Whoever has those disks,

    please search for "Darling, A" and fleece him first!

    Alistair, if you're reading this, no need to worry - it's not encrypted, but it has a password!

  88. Pum

    Data Protection Act no use ...

    ... as they almost certainly have crown immunity - laws like that don't apply to them, just the "little people".

  89. david

    Am I missing something here...

    ...isn't this what the Government Secure Internet (GSI) supposed to be for?

    (notwithstanding the DPA issues about data sharing)

    ...and for the biometric worriers - if your biometric info goes missing is it any good without your thumb or your eye.

  90. Barry Mahon

    And this is what we will not do.....

    In OUT LAW (produced by Masons...) the following -

    "A data breach notification law was recommended in a recent report by the House of Lords' Science and Technology Committee. Last month the Government responded (16-page / 90KB PDF) that it was "not so convinced as the Committee that this would immediately lead to an improvement in performance by business in regard to protecting personal information and we do not see that it would have any significant impact on other elements of personal internet safety."

    The Government said it would "continue to observe the US experience and consider whether we need to find more formal ways of ensuring that companies do – as a matter of routine – contact the Office of the Information Commissioner when problems arise."

    Aha, we can feel happy in our beds, the gov is watching what the US is doing......

  91. Anonymous Coward

    Securing a CD

    I've been wondering about this - but haven't had time to play with it.

    Couldn't one use TrueCrypt for securing a CD?

    1. Create TC image on disk, just under CD size, using required level of paranoia settings you wish.

    2. Mount the file, put files in it.

    3. Unmount the file, then copy the TC file to the CD itself.

    This assumes, of course, that one can securely provide the passcode to the person receiving it.

    I'm not saying it is a good idea for the government to do this, but I'd think this would work (haven't tried it yet)

  92. Cameron Colley

    Re: Customer?

    Quite -- Ifind it mildly amusing, and extremely innapropriate, that an organisation that extorts money from people should call it's victims "customers".

  93. Anonymous Coward
    Black Helicopters


    Havent you heard ??

    "Customers are at the heart of everything HMRC does"

    Doesnt it give you a nice warm feeling inside to hear that ??

  94. Dr Wheetos

    Illogical Reasoning

    On BBC News this evening they said that the reason why *all* of the data was sent rather than just the names and NINOs was that it was too complex to extract just that data. Lesson number 1 in SQL:

    select firstname, middlename, surname, NINO from ChildBenefits order by surname


    OK, it might be a little more complex than this as it's probably an ancient ICL or DB2 database. Perhaps it's true they are under-resourced in the IT department or perhaps EDS said it would cost £3000 to do the job. Or perhaps the next batch slot to run the query was in 2008.

  95. Anonymous Coward

    Data Protection laws

    Are useless, what I don't understand is why this isnt a breach of the Official Secrets Act which all government information, like that leading up to the Iraq War, is supposed to be governed by? Or is prosecuting those who expose embarrassing / criminal acts by our government more important than the ID fraud of 25 million Britons?

  96. Lee

    Douglas Adams knew this would happen

    " Just look at cash point machines, for instance. Queues of people standing around waiting to have their fingerprints read, their retinas scanned, bits of skin scraped from the nape of the neck and undergoing instant (or nearly instant-a good six or seven seconds in tedious reality) genetic analysis, then having to answer trick questions about members of their family they didn't even remember they had, and about their recorded preferences for tablecloth colours. And that was just to get a bit of spare cash for the weekend. If you were trying to raise a loan for a jetcar, sign a missile treaty or pay an entire restaurant bill things could get really trying.

    Hence the Ident-i-Eeze. This encoded every single piece of information about you, your body and your life into one all-purpose machine-readable card that you could then carry around in your wallet, and therefore represented technology's greatest triumph to date over both itself and plain common sense. "

  97. Anonymous Coward
    Anonymous Coward

    David - missing biometrics

    I don't think it's a problem of the crims *using* your biometrics once they're nicked, though if they can access your environment, they may well be able to fake your fingerprints. It's more a problem of the false sense of security that embedding everything in a biometrics-based system gives.

    Most checks against the biometrics will compare the local reader's findings with what's on your ID card. Once ID cards can be forged (and don't doubt it will happen) the crim will associate your ID with their biometrics on a card and everyone will take it as gospel. Which makes the whole biometrics thing useless for basic verification.

    Having biometric data in a database doesn't make the database any safer, either, despite what that nincompoop at the despatch box said.

This topic is closed for new posts.