Had the NAO..
got the data, what would they be doing with it? Sending it off to Synectics Solutions?
Alistair Darling told the House of Commons this afternoon that a police investigation has been launched into how Her Majesty's Revenue and Customs has lost child benefit records relating to 25 million people. Records for 25 million people, relating to child benefit payments for 7.25 million families, were sent using the HMRC's …
Lets be completely complacent about this
From the Guardian reportage
Details of 25 million individuals and 7.2 million families are on the discs, including national insurance details, dates of birth and bank details.
He says that the information on its own does not provide enough information to access bank accounts as it does not contain passwords and so on.
Mmm - notice he didn't publish his own NI Number, DoB and Bank Account number to show how secure it is to leave these lying around
"Records for 25 million people, relating to child benefit payments for 7.25 million children, ..."
That's 3.44 parents per child. How does that work? I know from filling out the benefit forms for my son that it only goes to one person.
At least the discs were password protected. It doesn't mention how strongly encrypted though.
So let's get this straight, I've just watched the Chancellor stand up in Parliament and state that it's all OK, they don't think a bad man [sic] has my details.
I've just heard how some cretin in HMRC stick a couple of CD's in the post (That's the post, not a courier) and e only found out they didn't showup when he called someone at NAO.
Does he think - there might be a risk here - no, he sticks another couple of CD's in the post, but this time sticks his hand in the pocket and gets registered post.
But, hey ID cards can still go ahead because apparently they will prove who you are via biometrics. Bugger the fact that if someone gets your details, sticks their own bio ID on the card and boom bash bish - when plod pull him over for speeding he's now you.
Think of it working like chip and pin - your card validates your pin, not any calling back to the bank.
All in all, I wouldn't trust this lot to run a raffle, they would end up paying £2 million in some weird contract to CrapGemini and end up with three people all winning 2nd prize
And we can already predict next years headlines.
ID fraud is becoming an epidemic in the UK and the government are going to launch a massive public education campaign to stop the public leaving their details where fraudsters can get to them as it is ofc the public leaving these details and not the government losing them that causes this rise. And ofc being this government they are going to introduce an id fraud tax so that you pay tax if you get defrauded or commit fraud.
If you haven't registered your support yet, now is the time. Strike whilst the iron is hot and all that.
Wherever this current load of lost details ends up, it will be as nothing compared with the inevitable breaches of security which will befall the national identity register.
Their own courier service lost it. Scary enough. Somehow they don't have any internal tracking system (thinks: chap with a clipboard ticking parcels off), and the best, most secure system to use when theirs failed was registered post?!?
Why they can't transfer electronically is beyond belief. The news stories said that they were confident that the original discs sent had not fallen into the wrong hands. Since they don't know whose hands now hold them, how do they know?
As has been said above: and these are the people who want to run a national ID card system. Given this, we'll either all be in prison or totally, totally safe, except from those selling dodgy stocks and goldmines and Latvian girlfriends.
So is this really a problem for every organisation or just the complete incompetent tosspots at HMRC? How is it that this Government can throw OUR money at the Civil Service year after year in ever larger amounts, yet the people employed seem to get less competent as their numbers go up? The bureaucracy of this country needs a sodding enema, with the hosepipe inserted via Downing St.
I'm told the discs were lost by a well-known parcel delivery company, such as the one that lost my Amazon order.
If you missed your chance to pinch them, don't despair: every month the DWP collects minute details about every benefit claimant in the country, from hundreds of local authorities on discs sent by parcel company. They even have a procedure for sending them again if the first one gets lost.
The DWP have just started to talk about password-protecting the discs.
has nobody heard of scp?
still - other questions need to be asked:
1) who has unrestricted access to prepare a report like that
2) who burned the cds?
3) who put them in the post?
4) who else has access like that?
5) how many of them have been properly security vetted...
Maybe Gordon might what to have another look at that E-Petition against a national ID scheme. I seem to remember his predecessor trying to allay fears about security, with the words, 'rigidly controlled'.
Who's gonna be the first MP in Parliament to stand up, point at the big commie and shout 'HA! Told ya!'?
I'm not too worried about the physical layer - electronic or physical, it's all just a bunch'o'bits at the end of the day. They can go astray on the interweb as easily as in the post.
I am much more worried about the bland assurance of "password protected". What does this mean?
Is the data just on a CD with an autorun.inf that asks for a password? Or is it a pass phrase for a 1024-bit RSA-encrypted compressed database snapshot?
And even if it is the latter, is the password a nice, secure 64-character random string or the word "p455w0rd"?
We should be told.
"As has been said above: and these are the people who want to run a national ID card system. Given this, we'll either all be in prison or totally, totally safe, except from those selling dodgy stocks and goldmines and Latvian girlfriends."
Seems like those could build a secure system with many safeguards/traps.
... ni numbers are belong to us. :)
I'm sure the reg reported on this last week? Or was that another loss?
I bet its in someones inbox, they're probably on holiday and all will be found in a few days.
My questions are
a) is the government wan not good enough to send two cd's worth of data across it?
b) how can a junior clerk be able to dump such a large number of records out of the system?
c) will the National ID scheme embrace similar comprehensive security?
If they have fallen into the hands of some wrong'uns, they'll be able to find addresses of all the celebrities with kids! :) I bet Britney's good that she doesn't live here!
Why does the knowledge that the discs were "password protected" fill me with dread rather than make me feel a little better?
Maybe it's because if the discs had the appropriate levels of strong encryption the government would have said so.
I bet it's just an eXcel spreadsheet with a password.
"So they burn the stuff to CD / DVD etc"
It would be amusing to mock up a 1.4gb zipfile called "child support (10-11-07)" and share it via eMule. And make a separate text file that reads "the password is "childsupport1"". Perhaps even mock up a database with quasi-randomly-generated names and national insurance numbers etc. Now that would be an exploit.
It's about what kind of absolutely incompetent business process design (never mind the technology) allows a "junior official" to get at all that really quite sensitive data without *someone* wondering why, and stopping it (or at least asking questions).
One also has to wonder what the question from the NAO was; it's hard to imagine what kind of question had this as the appropriate answer. Always assuming that there was an NAO question, obviously.
Incompetent, outsourced, PC-centric business-critical IT is bad enough, but combine it with cluelessly bad business process design such as we appear to have here and disaster has always been the inevitable result, the only surprise is that it's taken this long for a disaster to reach the public eye.
Still, looking on the bright side, if the public and our representatives have any sense, there'll be no more money wasted on ID cards, though doubtless some of the vested interests in the ID card business will view this as a marketing opportunity.
Keep 'em peeled.
And can tell you that are IT systems are sh*t.
I am not surprised that this has happened because its not the first incident of this kind : http://news.bbc.co.uk/1/hi/uk/7103911.stm
Remember these are the same people who brought you that wonderful success called Tax Credits !.
And like the rest of you I fear the introduction of the ID card.
I would like to serve my country by setting up a system to prevent this sort of thing recurring. It is very complex which is why I will ask a whopping £1million for the work.
Actually this kind of imcompetence is rife and not just in Government. Banks and other large organisations are like this too. They're just too big and unwieldy and plain inefficient to get things right on more than an occasional basis. A top-tier bank, when sending money to my account in another top-tier bank, lost this money. Turns out they put it in second class post. The threat of legal action chivvied them along nicely though. :)
So how about setting up a website where people can check if their names are on the list - just type in their full name and address, date of birth, NI number and bank account details and it will tell them whether their details have been stolen. For extra security they can also put in their bank account PIN, they wouldn't want just anybody knowing their details are stolen.
re: lost by a well-known parcel delivery company, according to the BBC, they were sent and lost by HMCR's internal postal service which is operated by TNT.
"Contrary to all HMRC standing proceedures two password protected discs containing a full copy of HMRC's entire data in relation to the payment of child benefit was sent to the National Audit Office by HMRC's internal postal system operated by the courier TNT.
Based on it's massive selling potential for number of copies likely to be sold, where do I sign up for my royalties/earnings? As one of the 25million having ownership and distribution rights, this could be lucrative, but then again any income will probably be stolen from my account, I wonder if FACT will act on our behalf to enforce distribution now its out in the open, if the distro ends up on peer to peer networks.
(ID Cards pretty much dead and buried me thinks, or should I say ID Cards well are truely 'poll taxed' into obscurity)
7.25 millions of families, 25 million people: that's about 3.4 folks per family, so probably 1.5-ish kids/family, not 3.4 kids per family.
2.1 > 1.5 so it looks like the Brits are on the verge of extinction, but it's ok because they can't count anyway.
Where's the Darwin icon anyway?
Surely Data security is his responsibility as much as Gray's and he has been in his job much longer than the resigning Chairman?
What role did HMRC's IT partner's Capgemini and Fujitsu have in this fiasco ?
Is n't it their responsibility to build systems that are intrinsically secure not just to rely on some civil servant in an office following the correct procedure ?
Lots of unanswered questions.
We can be certain that the cases reaching the attention of the media probably represent only a small proportion of all the potential breaches.
"Does anyone know if HMG and its employees are subject to the Data Protection Act "
Government offices are usually covered under part 4 - exemptions, or at least that's the going assumption.
If you can read it without falling asleep:
There's a mea culpa for you.
And I thought government execs here in the States had brass.
1. Does HMRC fail it's IT audit for this year?
2. Who decided it was a good idea to have a private contractor run a government postal system anyway?
As for the "senior official" whose job it is, after all, to supervise those "junior officials", I'd suggest taking a page from IT management's playbook:
Have him escorted from the building with the suggestion that he contact HR later in the week for an exit interview.
Only real consequences for those in charge are going to change the behavior of this particular beast.
"MISSING DATA INCLUDES...
National insurance number
Name, address and birth date
Names, sex and age of children
Bank/savings account details"
BUT Thankfully this is not enough to steal money from us!!!
W T F!!
How come we here daily how Facebook will expose our personal info and we should avoid it at all costs. But releasing the above into the public domain is perfectly OK?
I think it is about time for a clear out - no Conservatives, Labour or Lib Dems - we need a new way of government. Old incompetent fools just doesn't cut it anymore.
that should finish off the possibilty of ID cards anytime soon.
To echo many other commentators why did the NAO need this data ? Just what were they planning to do with it , who had access at HRMC etc ? This is not just incompetance , this is so far beyond that words just fail me.
The chancellor blamed mistakes by junior officials at HMRC.
Why aren't there safeguards enforcing high-level review and authorization for this type of access?
Of course junior officials must have access to *individual* records but what on earth are they doing with unmonitored access to the *entire* database?
Does this mean any junior official could just walk off with the entire database in their pocket?
This data was (reportedly) downloaded by a "junior official", if this is true, and I really hope it isn't, this means that some random temp has uncontrolled access to everything. This means that if you want to find out where your, say, estranged wife lives, you know, the one that has a restraining order out on you, after that time you tried to kill her, you get a temp job at the Revenue and Bob's your uncle. Frightening, truly frightening.
I have and do work for large financial companies, at all of which, if someone tried to run such a query would (and do) send security round to your desk with a black bag and a P45. They also monitor for people 'just browsing' and actively sack call centre ops for trying to browse 'celeb' accounts etc. In fact, we aren't even allowed to move tapes between data centres without two people to escort the tape.
How can we trust a government that announces this fiasco and then says they've informed the banks. Shouldn't they be informing the credit reference agencies as well because fraudsters use these details to open bogus accounts and sign-up to mobile phone contracts. At the end of the day it's the consumer that has to sort out the mess when id-theft occurs.
I wonder how I'd get on prosecuting HMG if I suffered id-fraud? I hope the Information Commissioner throws the book at HMRC.
http://www.cabinetoffice.gov.uk/csia - for a hypocritical laugh.
You just KNOW that the data was in an excel spreadsheet which was password protected with a difficult word like NAO or HMRC. And for what reason did the NAO need the data and who authorised tham to have it. Only one head has rolled, more are needed both from the NAO and the HMRC.
It's probably happened. Just that we haven't heard about it.
Now let's see. Ah, yes, Davey Winder's article in this month's PC Pro shows that full identity details exchange hands for $10 - $150 a time but bank account info is even more lucrative. 25 million records makes this a very nice retirement fund for someone, even after applying discounts. You'd have better chances getting a good return with this data than winning the lottery.
No, they've got the "what about ID cards" angle covered already ... to paraphrase the minister on PM then "ID card details will be held on a modern secure database which will be totally safe whereas child benefit is an old system that was designed befoer anyone thought of security and quite frankly its surprising that its take this long for us to lose the data" - ok, so I made the last bit up but they're pushing the "we know how to do it properly now so its all ok, don't worry" line
There are many obvious questions, most of which have been covered above.
What does 'password protected' mean?
How was the password passed to the NAO?
Who authorised the transfer?
Who has the ability to do this sort of query?
What format was the data in?
I think the thing that beggars my belief is that random people have this sort of access to the system.
Even working in a not particularly exciting area - the most lucrative thing you'll get out of our system is the size of the advance on "Victoria Beckham"'s last book - we've got more sense than to send important data by carrier pigeon. Someone - and that means We, The People - need to start beating these people over the head with the Clue Stick until they've had enough, then keep on so doing until /we've/ had enough. And then tell them where to stick their ID cards.
I really am quite worked up about this...
1 - Well into six figures. No, I don't know why either.
2 - Yeah, write, er, right
... it doesn't take much imagination to think of ways of redirecting child-benefit payments - someone only has to write them a letter, and the money's theirs. Same for my tax credits. It's going to take YEARS to sort this catastrophe out. Smells like an insider job to me :-(
This is disgusting. Surely for data this important they'd send it hand courier - door to door, encrypt the data, hell, why even send a copy, let the NAO work from the HMRC offices?!?!
I've not found out why, but what did the NAO want with the entire 25m records worth of database? Surely they could do their 'auditing' with a sample?
If a bank (or any large organisation) was to fail this spectacularly, the Information Commissioner would take them to court, the bank would implode and everyone involved would lose their jobs and future employability - what about the idiots involved in this?
Everyone knows the Government will introduce ID cards regardless of what the public think - they won't be secure and this fiasco justly proves that.
Up until recently, these details wouldn't have included my bank account, thus mitigating some of the risks.
However, the last few years saw the unseemly bullying by Benefits & Pensions to stop people receiving cash direct from the Post Office, and having money paid directly into bank accounts. Beneficial (to HMG, not the public) effect of this was that fewer people used the Post Offices, resulting in more of them being seen as uneconomic and ripe for closure.
Living in the country, where banks are like hens' teeth, the Post Office was a life line for some ready cash, some of which even got spent on the kids. Well that's gone for a ball of chalk, so thank you Gordon, Darling.
One might be charitable and say that this is the action of the Law of Unforeseen Consequences, except that these consequences were foreseen and indeed vociferously pointed out at the time, but to little avail.
Eggs, baskets. You know the rest.
It'll only be a matter of a few years before the information about which we're all so shocked (but are we really?) has gone missing will be routinely sold to Supermarkets with interests in direct marketing to families with young children. No doubt profiling the information and skewing their interest towards those called Tarquin, Jocasta and Tobie, rather than Jaxon, Tiimaaii and Jo'Hanna. For only a few years ago who would have thought that vehicle registered keeper information would routinely be traded with private car park owners for mutual profit?
You don't know what you've got 'til it's gone.
I worked (as an IT contractor) at a large military headquarters just outside Watford about ten years ago (no place names, just think Yes Prime Minister..... season 1 episode 1...) where internal mail took seven WORKING days to travel the epic journey from one office to another. Mail frequently went missing.
However classified docs (iirc) were not sent via the internal mail!
Really. There is no way the government could get out of this one - 25million people. In a country of 60 million, 25 million is a hell of a lot.
Bollox to Brown's Labour, this better be the end of this government. I bet he wished he called an election now...
...and ID cards have got to be toast. Hopefully the public will stand up against the enforcement of this scheme to record all of our personal details.
As a "overpaid" and "over-pensioned" civil servant myself, I can't say that this case comes as any great surprise.
Anyway, as I'm a "junior official" too, here's my best guess at the "facts":
First off, all established Civil Servants are bound by the Official Secrets Act 1989.
By the sound of it, the "junior official" in this case is most likely an Admin Assistant or an Admin Officer earning no more than £18,716 max (London Weighting not applicable in this case). Hardly a fortune (http://www.hmrc.gov.uk/jobs/salaries.htm)
Same Junior official would have been told to send CDs to NAO by his manager - following orders. It happens a lot when you have a grade hierarchy in any organisation but why everyone is whining about this poor sod, I don't know - If NAO needs access to the complete Child Benefit database to undertake an audit then someone at HMRC needs to have access to the complete database - why shouldn't it be a "junior official" with special access, provided to him by his manager and authorised at a higher level? Hardly a "taxing" job (sorry bout the pun) and certainly not one it's necessary to have a high grade to undertake. I strongly suspect this unfortunate bugger was only doing what he/she had been doing for years. It's not him/her that lost the CDs - that is TNTs fault alone.
All the Civil Service depts I've worked in outsource their courier - and like any other business, this generally goes to the cheapest bid - common practise. In this case TNT. I suspect the Security Service, MOD, GCHQ etc... do not use a private contactor but I could be wrong.
I have a strong suspicion this information couldn't be sent electronically as it's common for civil service depts to put a 4MB limit on email attachments (they use the GTN so it's a secure VPN (run by Cable & Wireless if you must know)) and they won't have any other means of electronically sending such a large volume of data or they would have used it - my department has no network access to NAO systems, I doubt any department does.
I'd bet cash money that the database lost was a .mdb file
Anyway - contrary to what I've said here, I'm not defending the civil service. Officers are sacked every week for computer misuse and data protection breaches. I'm a signed up member of NO2ID because there's no way in Hell I'd trust this government, and the civil service I work for to keep an ID card database secure. If you've got an ounce of sense, you wouldn't trust them either.
Staying anonymous for fear of helicopters.
> that should finish off the possibilty of ID cards anytime soon.
Huh - you, me and a good few million others would like to think so, but with this brain-dead crowd it's more likely to result in another spray of the "honest mistake" BS, along with "it's important we learn from these mistakes" - before being brushed under the carpet with all the other IT-related, monumental screw-ups.
Much is revealed of the shockingly cavalier attitude to privacy in that these "computer disks" (is saying "CDs" or "DVDs" *so* difficult for the media?) had been missing in transit for three sodding weeks before anyone thought to ask about them.
Still, it's nice to know that they were password protected - er, so that's Ok then. <sigh>
I'm surprised to see comments on an IT-related site asking why the NAO wanted all the records rather than just a sample. Sampling is prone to error, while by using modern auditing tools you can quickly audit the entire set of data.
Ironically, one reason they may want the entire database would be to check it for errors and fraud.
Well we finally have it now. Irrefutable, unarguable proof that our Government's IT is in the hands of incompetent, unprofessional, careless fucktards.
Do all your folks in "the Business" wonder where all those hopeless CV's you throw straight in the bin end up? Correctamundo... they end up being recruited by low quality, low cost outsourcers to fulfil Government contracts for pisspoor (but rich) clients like HMRC.
Andy Burnham, who is one of those unmemorable drink-of-water MP's the New Labour trot out to deflect bad news from the Cabinet in times of emergency, was on C4 news tonight babbling on and on about improving the process and reviewing safeguards etc etc... like he even has a frigging clue what he's talking about. The fact that some turd at the IR was even able to copy this data onto a DVD at all, without detection (let alone post it via TNT) should be a sacking issue for anyone in the chain of command who was aware of this security hole. It's such a clown-howler it almost beggers belief that it was possible, but we should not be surprised that some idiot exploited it in a moment of pure laziness.
Equally disgraceful is that the National Audit Office (who the discs were posted to) were completely aware of the data being posted in this way and were ok about it? What special breed of cretins do we have working in Government FFS?
The good news of course is that whether the Government likes it or not, all those plans for National ID registers and NHS spine databases will probably be impossible to implement for at least 10-15 years as the public finally wake up both to the amount of data held about them, the pathetic security implemented in Government and the second-raters who are employed to manage it.
Thew bad news, of course is that 23 million people will now have to spend the next few years wondering if thier personal data will ever be handed over to every fraudster, Nigerian 419 scammer and paedophile ring in the world.
Well done HMRC... you monkeys...
25 Million records so clearly not an Excel file.
lets assume that our Junior official used all his SQL savvy to come up with
"Select * from Child_Ben"
and dumped it to a csv file .
Lets further assume that the office hardware is keeping some sort of parity with the office software. So what does a junior official using a an NT4 pc with a 4X external cd burner use to "password protect" his (or her) data ?
Ladies and Gentlemen..I give you.....Winzip
Surely this uproar means that everyone who is mercernary is now on the hunt for two odd discs lying around somewhere??
As an aside, since my Amazon deliveries are now taking 2 weeks and keep getting lost thanks to a certain company called TNT, I have written to tell Amazon that my custom will be going elsewhere.
You know, I really don't think it would be a good idea if a government bod decided to prove just what a secure password they picked and what a random set of character they'd chosen for this disk. Still I wouldn't put it pass this lot. Roll on the National ID Database, lol.
"And even if it is the latter, is the password a nice, secure 64-character random string or the word "p455w0rd"? We should be told."
Why are people banging on about recovering the CDs? It takes a couple of minutes to suck all the data off them so just because you've got your precious CDs back doesn't mean I haven't got all your data.
And just how many of these CDs have been intercepted prior to this and have either not been reported as missing or were put happily back on their way by the thief with no one any the wiser?
Finally, everyone in the media and government is patronising us with messages about how unlikely it is that our bank accounts will be plundered. Sod that, it's more than enough personal information to run up no end of bad debts - the sort of stuff that takes years to notice and sort out and really shafts your credit rating.
Tell me this is an episode from Spooks.
Enraged by jealousy Adam sets off to discover the father of Ros's secret love child. He sets about gaining access in his normal way by going undercover at the HMRC posing as a junior tea stirer in the department of Strategic High Intensity Training. No sooner has he swiped his way into the secure zone, with his usual expired Blockbuster Video membership card, he spots a visiting van driver in TNT uniform, a man with a long beareded face who looks strangely familiar. Not having any weapon with him ( The HMRC now publicly escew the carrying of scythes by it's staff except for those investigating illegal tea bag cartels) Adam picks up the nearest thing to hand being a small case containing two cd roms and pursues the van driver who he thinks he has recognised as no one other than Osama Bin Laden who it later is revealed has given up his former life and is now peacefully pursuing a new career as a contract driver for HMRC and occasional football pundit on Channel 4.
to be continued...
BBC's Newsnight led with a report on this story and the programme's science reporter, Susan Watts, specifically asked HMRC whether or not the data on the CDs was encrypted.
After a bit of wriggling, HMRC confirmed it was NOT encrypted. That in itself beggars belief.
But the real scandal is that a vast army of poorly-trained low-level civil servants working in a culture of low security have extensive access and permissions - as opposed to read-only access for very specific and limited purposes - to vast and highly-detailed aggregated electronic databases.
As others have pointed out, this episode (and the many that preceded it) means any responsible citizen should actively avoid giving any government department any more than the barest minimum personal information.
Yet this Orwellian government still intends to press ahead with its national ID database and attendant ID cards.
Aux armes, citoyens!
I noticed that on the news last night all the people whose data was on the disks were referred to as 'customers', whatever happened to the word 'citizens'.
That does it, we are all customers of UK plc with Executive Director Brown at the helm.
I'm (hopefully) a free man, get me out of here!!!!
Our records are free to be (mis)handled by any junior civil servant. But who is responsible for this life changing threat? Non other than our Gordy, that's who.
What about all the detailed emails and exchanges of information of Downing Street, is this protected in a similar way? Oh no sir! It is in the securest of all Whithall buildings, it is duplicated, vaulted, double encrypted & accessible by secure circuit only.
Double standards? You might think so. I could not possibly comment.
Anyone else just heard Alistair Darling on the news this morning claiming that there's no need to change your bank account because the banks are able to monitor all affected bank accounts. The BBC presenter asked whether the banks could actually monitor all 7.5 million bank accounts and dear Mr Darling says yes they can! Excuse me for not believing you.
<rrrring> <rrrring> <rrrring> <rrrring> <rrrring>
"Hello, IT support, what's the problem now?"
"Is that Mr. Simon Tr..."
"Woah! NO NAMES, this is an unsecured line! Who's calling?"
"This is Ringotts, the jewellers in the high street, we're just checking up on a few er, unusual orders..."
"OK then, this is he, now what orders are we talking about?"
"The ones for 50 each of every item in the expensive wtaches section....amongst others."
"Yeah, those are legit, can you give the goods to that pimply chap I sent round with a wheelbarrow please?"
<some time later>
"So let me get this straight, you suddenly discovered you had been left umpteen millions by some obscure dead third cousin you'd never heard of before? You jammy git."
"No need to be bitter." <smirk> "Speaking of which, I tell you what, I'll buy the first round down the pub at lunchtime, soon as you've finished stacking those boxes of Rolexes"
"Hmmm, how VERY generous. You must have spent the best part of several million just on Amazon this morning. I never realised how many different credit cards you had." <suspicious glare>
"OK, I'll buy ALL the drinkies, just this once."
<in the pub, after a couple of pints>
"When I got in this morning, how long had you been at your desk?"
"Oh, I was here all night."
"All night! You never do overtime unless there's some VERY good reason....so do spill the beans."
"Listen, oh pimply one, when you need to break the password protection on two discs full of extremely useful data, it sometimes takes a little longer than one working day....."
That show off that this country is really an 3rd world country… In the first place departments who need to access each others data should have secure network connection between them full stop. Data like this should never ever been on disks ready to send by post… I’m happy that not my data is on the hands of those monkeys.
And the lies from the government that those disks are being secured by not easy to guess passwords he he he let me laugh. That UK encryption system from the World War II was being hacked in seconds…
"Why are people banging on about recovering the CDs? It takes a couple of minutes to suck all the data off them so just because you've got your precious CDs back doesn't mean I haven't got all your data."
Because if they find them tucked behind the wheel arch of TNT truck with afortnight of dust on top or behind the water-cooler in the postroom, then they probably haven't been copied (by anyone other than a TNT employee or a government official).
It's difficult to find the words as I'm sure we all listened open mouthed as this F***tard explains that name, address, NI number and bank accounts for 25M people have been "lost" but it's OK as that's not sufficient to commit fraud !
If I, or anyone else here in the real world, did anything anywhere near that incompetent, I'd expect to be fired immediately and effectively become unemployable by any sane employer, as would everyone associated with the offending episode.
I'm now off to the Number 10 website to set up an online petition for a vote of no confidence in this government as they have just presided over the most appalling, incompetent breach of confidence yet.
Join me ! Bring pitchforks and flaming torches.....
....These jokers really do want a national DNA database (which they have already pretty much got), ID database, and ooooh anything else they can turn into a database. It's all so exciting for them, all this magical information technology. Bless them. You know they only have your best interests at heart. They're protecting you from all the scumbags out there, no really, they are. No really. Don't laugh, they are. It's what every politician spends his every evening fretting over.
is not that the details are out there - nothing can prevent them being lost now, we just have to fix it. I'm more concerned that this will be used as a measure FOR ID cards. The general populace will not know about the majority of the fears of El Reg and her readership, they will be relying on mainstream fsckwit media talking heads to tell them (ie parrot the gov) that encryption and biometrics built into ID cards will mean that this CANNOT happen again. These people then believe the propaganda and vote FOR the cards without realising how much worse they are making things.
If a low-paid van driver at TNT does now find these discs tucked behind the wheel arch, I can promise you they're probably not going to give them to their manager, when there's that nice Russian gentleman down the pub offering a suitcase full of cash for them.
Anyway it doesn't matter about the CDs. The real horror story here is how on earth a junior official was able to access the entire database without being quadruple checked by various levels of management first.
At the post justifying why a lower grade worker could access all the data. The bottom line is that the ONLY people who should be able to access to base tables in such a critical database are the DBAs. Even then, they should set up accounts where they can't access the data and use those.
When receiving a request for a dump of all the data, the standard response from the DBA should end with 'off' and start with 'f**k'. I can't think of any legitimate access to all the data at once.
""Why are people banging on about recovering the CDs? It takes a couple of minutes to suck all the data off them so just because you've got your precious CDs back doesn't mean I haven't got all your data."
Because if they find them tucked behind the wheel arch of TNT truck with afortnight of dust on top or behind the water-cooler in the postroom, then they probably haven't been copied (by anyone other than a TNT employee or a government official)."
Actually that is exactly how I would go about covering my tracks if I came into contact with the CDs. Then wait a few months before using the data. With a bit of luck the news will cover the fact that the CDs were "safely" recovered and people will become complacent again.
...and a villain will obviously leave a post-it note on em saying they've been copied;)
Seriously, it's in the criminal's and the government's interest to make it look as though the data had never been copied- everything is hunky dory and no need to change bank account details...
And @JeffyPoo- I did a quick test cos I was bored this morning
Fired up excel and put in row with name, address, ni number, dob, telephone no, bank details
Duplicated it 250 times then saved and compressed. Came to 8959 bytes
x100,000 to get 25 million records = about 900MB
So 2xCDs seems about right unless I've got the maths totally wrong
It's not like any 14-year-old, let alone Russian or Romanian crook, can't download one of half-a-hundred simple crackers onto a USB pen and (assuming they've got a P4 and 1GB RAM) crack the password in under two minutes!
Do these political media droids really believe the shit their officials tell them or do they just think we're such complete morons that we'll believe any fantasy they care to spin?
>>"Records for 25 million people, relating to child benefit payments for 7.25 million children, ..."
>>That's 3.44 parents per child. How does that work?
maybe theres a load of fraudulent clams going on
>>Think of it working like chip and pin - your card validates your pin, not any calling back to the bank.
The pin Isnt stored on the card and does call the back to make sure the pin entered is correct
they say its its ok because it was password protected, why the hell wasnt it encrypted!!!!!!
am sure they will find a way around the password
Thanks to that Anonymous Vulture for injecting a little common sense background information.
It pretty much matches my experience from 20 years in various government, quasi-govt & formerly-govt-but-now-privatised organisations. Even within the last couple of years what he says about mail limits is true. The only other way around it would be trying to organise an ftp transfer, and there are too many layers, people & policies required to liase with to get 1.5 gig or so transferred. It would also normally be vetoed at several levels for being 'insecure'. The systems and organizations are just not set up to deal with ad hoc data transfers of that nature. The old internal mail aka 'private bag' system as run via the post office was probably just as secure.
Also, from a Head Office point of view a 'junior official' usually equates to 'policy advisor' level - those people working in the front line offices or IT aren't 'officials' until they're above middle management level.
And thanks to Vulpes for giving it an entirely appropriate Vulture spin.
I don't expect to see *any* prosecutions under the DPA. That would imply that the government and its agencies (and anyone those agencies chose to subcontract to and anyone who once worked as a cleaner for those subcontractors and have I missed anyone...) are bound by the same laws that apply to the rest of us. How likely is that?
Had the banks been responsible for leaking names, addresses and account numbers for millions of their customers, I dare say the Old Bill would have been knocking a week or so ago.
I wish I'd been a fly on the wall in that meeting when HMRC broke the news to the banks. Mmmm, nice!
Proceedures were in place for the correct compilation and despatch of the data. They were not followed. Why should the blame run higher than those who screwed up? If you were an office manager and one of your staff screwed up big time you would sack them and carry on. Darling will do no different.
Why dont we just have all new borns tatooed with a pre-designated N.I number, bank account info, DOB. This could be placed somewhere descreet, like on the forehead. There may be less chance of someone finding the information than if we leave it to the current powers that be to look after them.
Snail mailing CDs/DVDs is standard practise in local authorities. The way it goes is:
1) Database backups are incredibly compressible, so use one from last night
2) Zip it down, and optionally password protect it
3) Whack it in a jiffy bag, write "With care - optical disks" on the back
4) Send it first class
5) Job's a good 'un
This is used for most data transfers of any size - If the bad guys want to intercept these, all they have to do is work out how to access the snail mail of the companies who wrote commonly used (by LAs) financial packages and grab anything with a disk in it. If they can't crack a pkzip password then they don't deserve to steal other people's hard-earned.
But wait - It gets worse.
There is a requirement for 24*365 access to some sensitive social services information that lists, for instance, adults who are a known danger to children and similar (schedule 1, section 48-kind of stuff for the knossers out there) - the kind of thing that the News of the World would pay dearly for - that can become unavailable due to planned network outages and similar.
What to do? If it becomes unavailable it potentially puts vulnerable children at risk, which is bad enough, but worse yet it would be a breach of SLA which would cost whichever outsourcer is involved yer actual money, which is totally unacceptable.
The answer is, incredibly, to set up a local copy at the office that maintains access to this information. At worst this involves putting a copy of the entire social services database, together with the necessary front ends, on a laptop... Unencrypted! In my experience they do secure the laptop - With that criminals nemesis, the Kensington laptop cable lock. Ha!
However, it doesn't stop there. Local Authorities are perennially strapped for cash, so they are always tempted by the lowest bid, come contract renewal time. What they don't tell their ratepayers is that the way the outsourcer achieves this low cost is to send as much of the contract as possible overseas, principally to India, but East Europe is making a late run here as well.
This is serious. Local Authorities hold as much or more information on their residents as was on the disks that the revenue just mislaid, except for the very few sane ratepayers who conduct ALL financial transactions with their LA in cash. They keep ALL payment information, including verification codes, on their (unencrypted) databases, many of which are maintained from overseas locations famous for their selling of "private" financial data.
The problem with this is that the ratepayer has no option but to deal with their LA. You might decide to bank with, say, Barclays, and accept the risk that their Indian operations represent. You may like the low prices charged by, say, 3 Mobile, and again accept the risk. The point is that you have a choice and can take your business elsewhere if you object to offshoring for any reason. Try that with your local council and see where it gets you. You are required to either pay in cash, or take whatever risk the council has decided that you will accept.
The Inland Revenues loss is big, flashy, and newsworthy. However, don't forget that it was mislaid inside the IRs (outsourced, naturally) "private" postal service, thus is unlikely to have ended up in the hands of fraudsters. Think instead about how many people's personal and financial details are either put at risk by "least cost" thinking, or by being made available to technicians in far away lands of which we know little, except that some of them are so bent that when they die they have to be screwed into the ground.
Posted as AC for obvious reasons.
I was affected by the pension disc being lost by Standard Life and HMRC a few weeks ago. Raise hell with your MP! Do NOT let this government get away with laxness.
It's dead-easy to. I have in the past, and I have just now again.
The person responsible, and their superior(s) should be liable to criminal prosecution for this kind of security breach, if this is not the case already!! Otherwise, these incompetent idiots and the equally incompetent idiots who hire them would never get their act together and do their job properly!
Dan: Are you Mystic Meg in disguise?
Quote from today's Telegraph: "Alistair Darling said that the biometric identifiers that would be entered on to the ID database would make such blunders less likely."
Darling should go for that gem of mind-numbing stupidity if nothing else.
Also in the paper is a quote from Frank Abagnale, that well-known cheque fraudster turned FBI consultant who bears a striking similarity to Leonardo di Caprio. Apparently he's been consulting for the Government on ID cards and said he though they were a bad idea because: "You cannot trust any agency with people's personal data."
So, one of the world's leading experts on banking fraud and data security says this and the Government puts its fingers in its ears. However, the usual suspects in the consultancy world (who have repeatedly proved that they couldn't organise a piss up in a sodding brewery when it comes to Government IT) say it'll all be OK, so it's full steam ahead and snouts in the trough all around.
Next election I think I'll be voting Official Monster Raving Loony, it's the only safe choice for the genuinely sane voter.
The government will have decided that this data can be sold, so this "loss" will be being publicised as a smoke screen -- either that or as an excuse to push through a DNA database or biometric ID cards. I find it hard to believe that this would have come to public attention unless someone wanted it to -- all involved would surely keep it quiet?
The government and it's agencies see us as what we are -- animals to be farmed for our money, their toys controlled by marketroids and uniformed heavies.
this is criminal - whoever is responsible for data security has completely fucked up. No doubt this is going to involve several layers of the chain of command - get thier asses to court and lock the fuckers up!
Someone out there has MINE and half the populations confidential details - i may as well be typing my BANK ACCOUNT and PERSONAL detail right here for everyone to see. It is beyond comprehension!
Why does nobody take data protection seriously? - Seems to me its all bloody hot air worth no more than the paper its written on. I know for a fact I could walk out of here today with 60000 company bank details - but i have the sense and decency not to. And I certainly wouldnt put on CD and stick in the freakin post-box.
Its time for action - we can no longer accept human error on mistakes of this proportion. This kind of data needs to be kept in a closed loop and access granted to those with a legitimate requirement. The environment must have no means of exporting files. This isnt bloody rocket science!!
And Brown's and Darling's apology are WORTHLESS to me!
"And @JeffyPoo- I did a quick test cos I was bored this morning
Fired up excel and put in row with name, address, ni number, dob, telephone no, bank details
Duplicated it 250 times then saved and compressed. Came to 8959 bytes
x100,000 to get 25 million records = about 900MB
So 2xCDs seems about right unless I've got the maths totally wrong"
Yes you have got it wrong. Duplicating the same piece of data 25 million times and then compressing it is bound to result in a small output size, if any half decent compression algorithm is used.
And for what its worth, I hope that if the 'discs' do fall into the wrong hands that all of the MPs whose details are on the discs have their details nicked and accounts emptied, credit ratings trashed, etc. Maybe then they'll get a clue and realise that the public do not want their so-called elected representatives from trying to interfere with every aspect of their lives. But, in reality, we'll be sold the line "With ID cards, your data is safe because we even encrypted it, of course this is *much* more secure than older forms of identification". In much the same was that Microsoft sells every new release of its OS basically. Money for old rope.
After all, I've nothing to hide so nothing to fear.
Neither have my children
Or my grandchildren.....
Wonder if any of our "Leaders" childrens' information is on those disks. Like Blair's kid Ian is now on the DNA database. Presumably.
Fuck Britain. I'd feel safer in Zimbabwe.
Assuming this procedure probably was followed last year (and the year before that), are last year's discs sitting on some auditor's shelf in his office, (with a nice post-it note showing the password) or worst still he took them home to do some data research on them, or they are backed up onto his spyware infected home pc?
How many copies of the database did this guy burn in the first place?, and the data that was burned- Was it just left on his machine (without password) just in case they were needed again under 'My documents' or on his desktop?
Aren't there a few alarm bells when 25Million records are read off the HMRC's database? Obviously not.
This is not going away for a long, long time and so it shouldn't.
The thing that really gets to me is that barring a few "what did the NAO ask for?" questions, we seem to be overlooking the fact that the role of the NAO is to advise puclic sector organisations on how to conduct their affairs.
SO why on earth did an organisation with that remit ask for (or even allow a hint of a sugestion that) the data be sent in this manner? They are supposed to be the "Watchmen" and they were at the heart of allowing this to happen.
Personally, I think that the blame and attention should shift to the NAO as they are the ones who REALLY should have known better... Makes you wonder if CD data transfer is the norm
(unless of course these disks were sent as unsolicited mail!!!)
Well according to the Telegraph this morning:
"At the time, the NAO asked for the Child Benefit database and specifically stated it should be "desensitised" to remove bank account details and other unnecessary data.
In a briefing paper sent to the Chancellor by Sir John Bourn, comptroller and auditor general, Mr Darling was told that a "senior business manager" sent an email to the NAO, which was copied to an HMRC Assistant Director, saying the information would not be "desensitised" because "it would require an extra payment to the data services provider EDS". "
Well I'm looking forward to seeng some more detail on this. Come on El Reg - get us the skinny on this. Is this true ?
If it is true then it is even more shocking than I previously imagined. I'm sure there are lots of readers of this site with experience of handling very large datasets who could put together the SQL query to extract only the data the NAO wanted (according to the BBC last night just the childrens names and the relevent NI numbers of the claimants) in just a few minutes. The data extract job itself might take a bit longer, but overall this is a job that should only take a few hours, not days or weeks. After all the Child Benefit database cannot be much more complicated than your average HR db used as training examples in all my old oracle books.
There is plenty to be said still on this - the possibility that there is a massive cover up going on, the involvement of outsourcers etc ....
Finally how on earth the gov think they should be allowed to bring in ID cards?Absolutely no way!
>> I'm sure there are lots of readers of this site with experience of handling very
>> large datasets who could put together the SQL query to extract only the data
>> the NAO wanted (according to the BBC last night just the childrens names and
>> the relevent NI numbers of the claimants) in just a few minutes. The data extract
>> job itself might take a bit longer, but overall this is a job that should only take a
>> few hours, not days or weeks. After all the Child Benefit database cannot be
>> much more complicated than your average HR db used as training examples in
>> all my old oracle books.
On a regular PC the select might take a few hours, on the sort of hardware HMRC should be using for their database servers it oughtn't take more than a few minutes. I'm am somewhat surprised the bank details are even in the same table.
I agree, it is shocking that HMRC told the NAO that they would desensitize the data because of the cost of a contractor to do the job. I don't know that it is more shocking than the fact that a junior member of staff has full access to the database. Certainly a close call.
BTW to all those commenting about ID cards - whilst clearly worrying, I'm more worried about upcoming NHS database.
> saying the information would not be "desensitised" because "it would require an extra payment to the data services provider EDS".
It's true - on PMQs someone stood up and asked a question on why HMRC should have refused to provide the desensitised information on the basis that doing so would have been "too onerous". The NAO seem to be in the right area by specifically asking for desensitised data, and of course heads should roll at HMRC (but won't) for just chucking the lot at them.