If you are a recipient of child benefit in the UK, the chances are your records and bank details were included in one of the two CDs that Her Majesty's Revenue and Customs (HMRC) has lost. HMRC has said we have nothing to fear, despite the fact it doesn't know where these unencrypted CDs are or who has been accessing them. All …
Does anybody care?
"...If, however, you receive post suggesting you have opened an account or applied for a card with a company you have had no contact with, possible evidence that your ID has been copied, you should contact the police"
I received such post from MBNA credit cards about a year ago, shortly after I had moved out of the house I was renting at the time. The post in question was a rejection of a credit card application in my name and at the aforementioned address. I phoned MBNA to inform them of this and ....they didn't care. They weren't the least bit interested. All they said was "well, the application was turned down anyway, so no need to worry". Oh, that's ok then.
One other point - I thought the missing HMRC disks were "password protected" suggesting that they were/are encrypted?
Rather than pay further for their cockups
According to saynoto0870.com you can reach them on 0191 2251144 rather than generate further revenue via their 0845 number.
password protection != encryption
What the subject line says, really...
Don't they mean..
..that when they get the names & addresses back, they will be able write to everyone to apologise?
The disks were, it is said, password protected. They may also have been encrypted but not necessarily as these are not the same things - e.g. they may contain plain text documents in a password protected zip file.
Did they check this?
Please tell me that "The Register" checked that the address one of their helpful readers sent in. Is the address for HMRC, or do we all just assume everything we ever hear is true?
Password protected != encrypted.
There are lots of ways round password protected files of various types. Encryption keys are harder to hack than passwords.
missing the point?
This all seems like damage limitation speak to me....... Also, There seems to be a lot of fuss on the news about 'recovering the lost disks' Is that even relevent now? A 3 year old can make copies of disks these days. The iso is probebly already on ISOhunt waiting to be torrented.
Darling, I've lost the kids
..and the integrity of the known facts model for the Government Gateway for a whole generation
grabs overgarment whilst checking for any errant discs in the pocket...
Password protected != encrypted.
odds on it was in Excel with a password on the file
Was it sent by the Post Office ? or Internal Mail (TNT)
Either way next time something goes missing en route can I call in the police to find it ?
HMRC using £ for postage
At £1 per letter for processing, etc....
Thats £25Million of our money used to apologise for the loss of 25Million of our records, can we just get rid of the Government and replace it with something that works...
Please to be sending a £1's to Prince Molaghona P.O.Box 3002 Brixton BH1 1HA , foir the beloved return of your HRMC information or also to be including your address and bank accounts for me to be checking with security vestiges of Nigeria.
Dearest Beloved in Christ
G . Brown
Protect yourself and your family
This is why we should say no to ID cards.
I suggest everyone join www.allfiled.com and a credit agency like experian to keep track of anything that might happening in your name.
allfiled lets you store all your important admin safely online so only you can access it and so you have all your info to hand if you see anything suspicious. It does reminders and autoquote insurance but i use it as a data backup for all my family's paperwork. I suggest you do too.
0845s dont generate revenue they are charged as a local call
So you would actually be spending more money to call the geographic number unless you were in that particular callling area
Wasn't the National Computing Centre (NCC) supposed to set standards in IT ?
So what's it been doing for the last few years ?
I would have thought a body like that should have been setting best-practice standards for public sector systems, in particular HMRC.
"allfiled lets you store all your important admin safely online ..."
'lets you store all your important admin safely online'
Are you having a laugh? Pay £35 a year for yet another copy of, and another potential route to all your personal data. Mmmm yes please.
The old adage hold true, if you want something doing properly - do it yourself.
@ el reg
Can we stop blatant advertising in the message boards please?
Oxymoron != contradiction
"The title says it all"
404 - pedant icon not found
Password-protection does not obscure the actual data in the file - all it does is wrap it in a structure that the program in question will not open unless it is fed the proper password. Since the binary code that makes up the file is always accessible, and the "wrapper" used by a mainstream program like Excel or Access is constructed according to known parameters, it's not difficult to identify the code that makes up the wrapper, and substitute in code for a valid wrapper that is not password-protected.
It's a bit more complicated in practise, but password-protection in itself essentially offers no protection at all.
infact 0845 numbers are subsidised by company owning the destination number.
So all the people that called the number you gave (from SayNoto0870) will actually be paying up to National rates depending on their location...
Nice one :o)
The bit I liked was....
.....that the stats office didn't want all the data but the Revenue said it was too expensive to strip out the bits they didn't want.
That'll be all those expensive consultants having to pick the unwanted data off the CD with toothpicks again I guess.
Should have mentioned, in all fairness to MS, that the password protection scheme used in Office 97 and later does impose encryption, however the default setting only has a 40-bit key.
...are not subsidised, are revenue-generating, and cost more to call than national geographic numbers from all mobiles and most landlines.
[re the main story - talk about 'fuss about nothing'. if one person loses so much as a fiver from this, aside from the unfortunate HMRC monkeys who'll be fired, i'll happily eat 25,000,000 hats...]
March of data recovery personnel
I liked the news footage of the blue boiler-suited "data recovery" operatives marching purposefully into the HMRC headquarters...
What the hell were these guys going to be doing, exactly? Looking behind wardrobes and lifting up cushions on chairs? Shuffling the fridge out?
"Nope, no digital media here, Boss"
(Hope they gave the floor a quick mop whilst they had the fridge out)
You couldn't make it up, could you...
Re: Protect yourself and your family
"I suggest everyone join www.allfiled.com and a credit agency like experian to keep track of anything that might happening in your name."
Nobody *joins* Experian - the company keeps a record on you that it sells to other companies and for a small fee they will allow you the priviledge of seeing what lies they've been telling about you for the past ten years.
Cutting The Cost...& gimme the Overtime money !
......"A spokeswoman for HMRC told the Reg: "It's business as usual here. There is no need for people to phone us or their bank. The phoneline (0845 302 1444) has not seen a huge volume of traffic but people are welcome to call if they're worried."
Odd then, spoke to someone on the helpline recently... the cost cutting appears to have played a part in the disks going missing (non registered courier post)... but they are now paying staff overtime to stay on the helpline until 11pm...
0845, 0870 numbers
Back in the days, local calls used to be cheaper than national calls (there was even a regional rate for calls up to 56km away). This hasn't been the case (for most people) since the world and his cat became telecommunications resellers, all of whom claim to offer cheaper calls than everyone else. Suddenly we were promised "national calls at local rates"; and then when that wasn't enough to tempt us, tethered lines eventually started offering inclusive minutes like old-skool mobiles. But the inclusive minutes come with restrictions: they cannot be used for mobiles, nor "non-geographic" numbers (i.e. 0845, 0870).
When they were first introduced, 0845 numbers (used to be 0345) were charged at the same rate as local calls and 0870 numbers (used to be 0990) were charged at the same rate as national calls. But now, on most price plans, local and national calls are charged at the same rate -- and that rate is lower than 0845 calls, let alone 0870 calls.
There is still a price plan with very low line rental and no inclusive calls at all, aimed at people who only ever use the phone occasionally ("two calls a year: christmas and my eldest son's birthday"), and which does distinguish between local and national calls. This is how companies can get away with talking about "local rate" calls. It's still dodgy, though, because most people are on other price plans.
Another thing that has changed for the worse is that businesses nowadays tend to answer as soon as you call, then tell you you're in a queue -- if I'm going to spend the best part of an hour waiting to speak to a human being, I'd rather not be paying for the privilege.
This is a gift!
This is a gift to those who believe in the noble and entirely innocent matter of keeping your private details literally private.
A gift and yes, also a sacrifice, and a very unpleasant one for those that have not chosen to be 'given' to this sacrifice but have become part of it. This isn't 'possible terrorists' or 'possible criminals' it's just a 'legal'/'legitimate' sample of the population.
There will yet and inevitably be some much more monstrous outrage committed against common privacy in the not so far future, and this business with the missing discs will be the case where people will look back and say "well it happened there, and nobody did anything. No one took it seriously, they were all trying to play it down.".
Well of course something should be done now, and of course it wont happen because they want to be seen to be right, right now. In fact it's just a new problem which the politicians should have the wisdom to take less than personally, which they don't.
... and digital civil liberties will default to zero.
But I'd like to remind all dear readers of this darling disrespectful Reg.ime that civil liberties have always defaulted to zero, just as soon as defined.
And all the civil liberties we have, we have because people have realised the rottenness of the default, and acted to get it changed.
The point is to recognise when a definition has taken place. Were you asked about that, or was it just a consequence, a side-effect?
Technological development may be somehow inevitable, but social - political development is a matter of action and choice.
If you can't choose to be ready to act on this now, prepare your information and understanding now from this case to use in the next, more serious privacy battle...
As an IT guy I've seen one of their so-called 'secure' systems.
All users Domain Admins (because it wouldn't work otherwise) and the Administrative Shares still active on the server. So, if you're a user of said system, you have unrestriced access to everything, even the server's operating system.
Led to believe this system is installed in numerous places round the country, too.
- YARR! Pirates walk the plank: DMCA magnets sink in Google results
- Pics Whisper tracks its users. So we tracked down its LA office. This is what happened next
- OnePlus One cut-price Android phone on sale to all... for 1 HOUR
- UNIX greybeards threaten Debian fork over systemd plan
- Ex-US Navy fighter pilot MIT prof: Drones beat humans - I should know