I imagine that the data has one of those fiendishly difficult to crack Excel passwords on it. We can all sleep easily.
Well, it had to happen, and so here you have it - those mislaid HMRC discs going for a song down at eBay: Screen grab of eBay "HMRC discs" auction Since we have no doubt the powers that be down at the world's fave tat bazaar will move rather more quickly to remove this auction than they do to act on iffy vendors, here's the …
haha Nice one, I hope they made another ebay account to do otherwise they might find a swat team out side :)
I love the question and answer bit
copied here just incase ebay remove it
Q: Would you consider part exchange for these discs? I'm afraid I can't offer much in the way of cash as my future employment status looks a bit grim at present, but my boss Gordy can offer you a peerage or even free school dinners for life. Thanks NOTE TO SECRETARY: PLEASE ENSURE MY REAL NAME DOES NOT APPEAR ON THIS EMAIL WHEN SENDING, THANKS. ALISTAIR
A: As everyone's employment prospects are as dismal as yours, you argument carries little weight. However, the peerage is tempting. Please feel free to phone me to discuss this.
Regardless of the data format (and Excel or CSV both sound likely) I think its likely to be a passworded and unencrypted ZIP archive - possibly spanning both disks. Spanning, because chopping such a large file in half is probably beyond the muppet that made it.
Why zipped? If both disks are full (650 MB each) thats an average of only 52 bytes per entry.
As a comparison, my name, address, NHS no and DOB in CSV format is just over 80 bytes. Add bank details (Bank name, sort code, account number) and it hits 120 bytes. So, to get 25 M sets of typical personal details onto two CDs requires compression.
This post has been deleted by its author
Assuming this is a relational database backup you may not need compression. Address may just be represented by Postcode+house number lookup to standard external table. Sort code implies bank and branch which can bee another lookup.
There are other things that make me think this might just be spanned across the discs using a simple backup utility (which is probably included on the first disc ;)
After only four hours the current bid is running at £9,999,999.99 which sounds high but is actually quite reasonable.
Of the 25m records we are told that 10m are for adults (parents) and that represents 7.25m families. Assuming there is one bank account per family then that's approx £1.38 for each one. Even if the accounts were used for nothing but receiving the £12.81 per week paid in by the government, that still gives the potential for over 800% profit from just one fraudulent transaction per account.
I'm thinking I could generate a database of names and addresses all with my bank details. I could then claim I found the disks and claim a reward obviously. They'll immediately load the data back into their system and pay me 7.25 million * £12.81 per week until they notice... could work for years! 'tis a flawless plan!
El Reg - can we have a Pinky and The Brain icon please? :)
Look, this isn't the first time I've read an 'amanfromMars' post and wondered how long it was going to take me to crack it.
Are they relevant? Are they a coded message to our covert boys around the world? Are they just way too clever for me? Are they just bollocks?
Can anybody help me out here?
Broken by the boot of an SAS commando after storming the residents of this hilariously funny chap. With 3 broken ribs, a rifle butt imprint on his cheek, and zip-tied wrists I'm sure he's repeating the mantra... "The government has no sence of humor...The government has no sence of humor...The government has no sence of humor..." while hearing the commando say, "silly muppet, tricks are for terrorist."
This is a spook magnet beyond question.
A then employee told me at the time that in the late 90's TNT had the contract for delivering Pfizer's then new wonder drug - the little blue pills who's name starts with V. A large shipment went missing. The loss was of course hushed up and kept out of the press.
Their corporate slogan at the time was 'We take it personally'... I never could work out if the take in the slogan meant steal or consume...
Looks as if the same guys in the company fancy their chances with the account details...
According to the government the details are of 25 million families and includes name, address, social security number etc. This must be several hundred bytes per record, say 500.
That makes 12.5 Gig of data. If it is in Access or Excel there is the usual Microsoft overhead of at least double so we are talking 25G. How does that get onto 2 CDs? Maybe the government has done something very clever to compress it but I doubt it. Most of the entries are probably just blank...
Ebay seller should have made backup copies of the CDs before they got lost/damanged.
Hmmm... what about the CDs with HMRC data on them sent in internal mail that _did_ arrive? Someone in the know could have copied them en route and then put them back into the mail system... so similar data could have leaked a long time ago...
>Maximum data you can fit in one worksheet is 65536x65536 (I doubt HMRC know how to use multiple worksheets).
>My guess is this was an Access database ....
Wow, you're wrong twice.
First of all, in Excel 2003 and earlier, you had 65536 rows x 256 columns, not the 65536 x 65536 you mentioned.
Secondly, in Excel 2007, you can have 1048576 rows x 16384 columns.
If you're going to try to be clever, at least be correct.
To be fair, no version of Excel has space in one sheet for 25 million rows. Access, however, would choke on that much data as well. It's far more likely that the file in question would be a SQL server .mdf or backup file.
25 million records could comfortably fit on 2 CDs.
500 bytes is rather abundant for this type of record. An average of 120 - 160 bytes per record is more likely. That would make 3-4 GB of data, if we assume CSV or similar format.
Furthermore, the only part of this data that does not have lots of redundance are the bank account number and social security number, which are supposed to be unique. The remainder of the data has lots of redundance (How many different first and last names are in common use? How many different street and town names?) and will compress quite well. I've seen compression ratios of as much as 6:1 for this type of data. Also, as mentioned earlier in this thread, if it's a relational database, postcode and town could be referenced to a separate table and take up only 4 bytes (INT). Thus, fitting all in 1400 MB is quite possible.
alone he's only playing he talks sense when he has something to say otherwise he's sort of commentary, on the useless commentary it's oblique but what he's saying is blah blah blah. Just ignore him like you would anyone else who is bored to tears by your thoughts.
and realise this NuLabour government are *THE* most profligate, incompetent, retarded bunch of whingeing trotsky's I have ever seen, and I saw the last Labour government!!!
As far as 'password protection' goes, was probably one of the following;
Incompetence that simply takes the breath away, let's hope this marks the end of 10 years of thieving and mismangement
"and realise this NuLabour government are *THE* most profligate, incompetent, retarded bunch of whingeing trotsky's I have ever seen, and I saw the last Labour government!!!" Not impressed then Karl? And exactly how does the Government of the day dictate the incompetency levels of a civil service department; on that basis, if it had been a Conservative Government in power the headlines would have been about the amount the CD's had been sold for.
sorry, but think this is a standard ukgov snafu- higherpleb? did you send those details to-?-lowerpleb, yessboss![thinks, what details] must be 'lostinpost' add one leak to recipe=mediafrenzie.I don't think this present administration is capable of giving us a proper scandal that we can get our teeth into! (E.G. Profumo) cheers Si B
HMRC aren't very good at passwords. They have one of those highly effective 'ultra secure' logon password policies that involves randomly generated passwords that expire every 90 days. Of course the randomly generated passwords are completely immemorable, especially when they keep changing, so everyone writes them down. Then they are hidden in really secure and obscure places where they can never be found by anybody else, such as under the keyboard.
When I worked there, one night I checked all the desks on my immediate section - 11 other members of staff. I found 8 passwords...
To be fair Chris, it's Civil Servants that you're talking about, not Government employees - very big difference and a very important difference too.
Secondly, if my experience of the Civil Service is anything to go by then the smartcards are simply to gain access to machines, so that someone has to steal your smartcard as well as your password before they can get into the system.
Perhaps at GCHQ they have some marvellous system where documents can be encrypted so that only one other person with a given certificate (or anyone with an image of that smart card) can open the document. (Although it strikes me that the person with the smartcard would surely need to be present with their card, so that they might as well copy it to a laptop to be stolen from Tesco's car park).
Back in the grotty grimey job cutting real world of the Civil Service there are no suxh systems. But then that's how you save money - by whoring your IT out to EDS and Co.
P.S. - Anyone done a quick guestimate on the cost of sending letters to each of the 7.25 million affected families?
>P.S. - Anyone done a quick guestimate on the cost of sending letters to each of
>the 7.25 million affected families?
Im sure that people like UKMail get their post delivered by Royal Mail for about 13 pence, if we work with that value we are talking of a cost of £948,000 I probably about a million.
These must be a joke in there somewhere about the government having lost the data and do not know where to send the letters :P
One, question I have, if the government have broken the data protection act, will this allow the people who's identify has been breeched to claim against the government?