Alistair Darling told the House of Commons this afternoon that a police investigation has been launched into how Her Majesty's Revenue and Customs has lost child benefit records relating to 25 million people. Records for 25 million people, relating to child benefit payments for 7.25 million families, were sent using the HMRC's …
>>"Records for 25 million people, relating to child benefit payments for 7.25 million children, ..."
>>That's 3.44 parents per child. How does that work?
maybe theres a load of fraudulent clams going on
>>Think of it working like chip and pin - your card validates your pin, not any calling back to the bank.
The pin Isnt stored on the card and does call the back to make sure the pin entered is correct
they say its its ok because it was password protected, why the hell wasnt it encrypted!!!!!!
am sure they will find a way around the password
@ My best guest & Vulpes Vulpes
Thanks to that Anonymous Vulture for injecting a little common sense background information.
It pretty much matches my experience from 20 years in various government, quasi-govt & formerly-govt-but-now-privatised organisations. Even within the last couple of years what he says about mail limits is true. The only other way around it would be trying to organise an ftp transfer, and there are too many layers, people & policies required to liase with to get 1.5 gig or so transferred. It would also normally be vetoed at several levels for being 'insecure'. The systems and organizations are just not set up to deal with ad hoc data transfers of that nature. The old internal mail aka 'private bag' system as run via the post office was probably just as secure.
Also, from a Head Office point of view a 'junior official' usually equates to 'policy advisor' level - those people working in the front line offices or IT aren't 'officials' until they're above middle management level.
And thanks to Vulpes for giving it an entirely appropriate Vulture spin.
I don't expect to see *any* prosecutions under the DPA. That would imply that the government and its agencies (and anyone those agencies chose to subcontract to and anyone who once worked as a cleaner for those subcontractors and have I missed anyone...) are bound by the same laws that apply to the rest of us. How likely is that?
Had the banks been responsible for leaking names, addresses and account numbers for millions of their customers, I dare say the Old Bill would have been knocking a week or so ago.
I wish I'd been a fly on the wall in that meeting when HMRC broke the news to the banks. Mmmm, nice!
Loving the 'resign' comments!
Proceedures were in place for the correct compilation and despatch of the data. They were not followed. Why should the blame run higher than those who screwed up? If you were an office manager and one of your staff screwed up big time you would sack them and carry on. Darling will do no different.
ID Card idea
Why dont we just have all new borns tatooed with a pre-designated N.I number, bank account info, DOB. This could be placed somewhere descreet, like on the forehead. There may be less chance of someone finding the information than if we leave it to the current powers that be to look after them.
This is why we need ID cards!
Unfortunately, I foresee the government spinning this "When we introduce the ID card this wont matter because only you will have your biometrics!" Roll on the fuckwits!
This is standard practise
Snail mailing CDs/DVDs is standard practise in local authorities. The way it goes is:
1) Database backups are incredibly compressible, so use one from last night
2) Zip it down, and optionally password protect it
3) Whack it in a jiffy bag, write "With care - optical disks" on the back
4) Send it first class
5) Job's a good 'un
This is used for most data transfers of any size - If the bad guys want to intercept these, all they have to do is work out how to access the snail mail of the companies who wrote commonly used (by LAs) financial packages and grab anything with a disk in it. If they can't crack a pkzip password then they don't deserve to steal other people's hard-earned.
But wait - It gets worse.
There is a requirement for 24*365 access to some sensitive social services information that lists, for instance, adults who are a known danger to children and similar (schedule 1, section 48-kind of stuff for the knossers out there) - the kind of thing that the News of the World would pay dearly for - that can become unavailable due to planned network outages and similar.
What to do? If it becomes unavailable it potentially puts vulnerable children at risk, which is bad enough, but worse yet it would be a breach of SLA which would cost whichever outsourcer is involved yer actual money, which is totally unacceptable.
The answer is, incredibly, to set up a local copy at the office that maintains access to this information. At worst this involves putting a copy of the entire social services database, together with the necessary front ends, on a laptop... Unencrypted! In my experience they do secure the laptop - With that criminals nemesis, the Kensington laptop cable lock. Ha!
However, it doesn't stop there. Local Authorities are perennially strapped for cash, so they are always tempted by the lowest bid, come contract renewal time. What they don't tell their ratepayers is that the way the outsourcer achieves this low cost is to send as much of the contract as possible overseas, principally to India, but East Europe is making a late run here as well.
This is serious. Local Authorities hold as much or more information on their residents as was on the disks that the revenue just mislaid, except for the very few sane ratepayers who conduct ALL financial transactions with their LA in cash. They keep ALL payment information, including verification codes, on their (unencrypted) databases, many of which are maintained from overseas locations famous for their selling of "private" financial data.
The problem with this is that the ratepayer has no option but to deal with their LA. You might decide to bank with, say, Barclays, and accept the risk that their Indian operations represent. You may like the low prices charged by, say, 3 Mobile, and again accept the risk. The point is that you have a choice and can take your business elsewhere if you object to offshoring for any reason. Try that with your local council and see where it gets you. You are required to either pay in cash, or take whatever risk the council has decided that you will accept.
The Inland Revenues loss is big, flashy, and newsworthy. However, don't forget that it was mislaid inside the IRs (outsourced, naturally) "private" postal service, thus is unlikely to have ended up in the hands of fraudsters. Think instead about how many people's personal and financial details are either put at risk by "least cost" thinking, or by being made available to technicians in far away lands of which we know little, except that some of them are so bent that when they die they have to be screwed into the ground.
Posted as AC for obvious reasons.
One flaw with your example. You can't get 25 million records into an Excel worksheet. There is a limit of 65536 rows. Surely they wouldn't put the records onto 380+ sheets. That would be plain stoopid...
Raise hell with your MP over this, especially if you're affected
I was affected by the pension disc being lost by Standard Life and HMRC a few weeks ago. Raise hell with your MP! Do NOT let this government get away with laxness.
It's dead-easy to. I have in the past, and I have just now again.
The person responsible, and their superior(s) should be liable to criminal prosecution for this kind of security breach, if this is not the case already!! Otherwise, these incompetent idiots and the equally incompetent idiots who hire them would never get their act together and do their job properly!
discs for sale on popular auction site!
bidding expected to be fierce, especially from user A_Darling
Think of the children!
One angle I'm surprised nobody has picked up on is that uk.gov just handed over the name, address and age of EVERY CHILD IN THE UK!
WHAT IF PAEDOPHILES GET THIS INFO!!!!??
Re: Good To See The Electronic Era Has Hit HMRC
Carl Thomas: "Why weren't these details strongly encrypted?"
Maybe they were worried about getting sent to prison if they forgot the password.
Dan: Are you Mystic Meg in disguise?
Quote from today's Telegraph: "Alistair Darling said that the biometric identifiers that would be entered on to the ID database would make such blunders less likely."
Darling should go for that gem of mind-numbing stupidity if nothing else.
Also in the paper is a quote from Frank Abagnale, that well-known cheque fraudster turned FBI consultant who bears a striking similarity to Leonardo di Caprio. Apparently he's been consulting for the Government on ID cards and said he though they were a bad idea because: "You cannot trust any agency with people's personal data."
So, one of the world's leading experts on banking fraud and data security says this and the Government puts its fingers in its ears. However, the usual suspects in the consultancy world (who have repeatedly proved that they couldn't organise a piss up in a sodding brewery when it comes to Government IT) say it'll all be OK, so it's full steam ahead and snouts in the trough all around.
Next election I think I'll be voting Official Monster Raving Loony, it's the only safe choice for the genuinely sane voter.
Probably just a coverup.
The government will have decided that this data can be sold, so this "loss" will be being publicised as a smoke screen -- either that or as an excuse to push through a DNA database or biometric ID cards. I find it hard to believe that this would have come to public attention unless someone wanted it to -- all involved would surely keep it quiet?
The government and it's agencies see us as what we are -- animals to be farmed for our money, their toys controlled by marketroids and uniformed heavies.
Give the same CDs, with random bogus details on, away in newspapers and magazines. Then if some fraudsters are offered a couple of CDs there's no way they'll believe they're genuine.
Boo Hiss, eBay have pulled the Child Benefit Database 2 disc auction
eBay have just pulled the 2CD Child Benefit Database auction. I didn't even have time to place a winning bid.
this isnt incompetence....
this is criminal - whoever is responsible for data security has completely fucked up. No doubt this is going to involve several layers of the chain of command - get thier asses to court and lock the fuckers up!
Someone out there has MINE and half the populations confidential details - i may as well be typing my BANK ACCOUNT and PERSONAL detail right here for everyone to see. It is beyond comprehension!
Why does nobody take data protection seriously? - Seems to me its all bloody hot air worth no more than the paper its written on. I know for a fact I could walk out of here today with 60000 company bank details - but i have the sense and decency not to. And I certainly wouldnt put on CD and stick in the freakin post-box.
Its time for action - we can no longer accept human error on mistakes of this proportion. This kind of data needs to be kept in a closed loop and access granted to those with a legitimate requirement. The environment must have no means of exporting files. This isnt bloody rocket science!!
And Brown's and Darling's apology are WORTHLESS to me!
@"think of the children"
I really hope you're taking the piss there.
"And @JeffyPoo- I did a quick test cos I was bored this morning
Fired up excel and put in row with name, address, ni number, dob, telephone no, bank details
Duplicated it 250 times then saved and compressed. Came to 8959 bytes
x100,000 to get 25 million records = about 900MB
So 2xCDs seems about right unless I've got the maths totally wrong"
Yes you have got it wrong. Duplicating the same piece of data 25 million times and then compressing it is bound to result in a small output size, if any half decent compression algorithm is used.
And for what its worth, I hope that if the 'discs' do fall into the wrong hands that all of the MPs whose details are on the discs have their details nicked and accounts emptied, credit ratings trashed, etc. Maybe then they'll get a clue and realise that the public do not want their so-called elected representatives from trying to interfere with every aspect of their lives. But, in reality, we'll be sold the line "With ID cards, your data is safe because we even encrypted it, of course this is *much* more secure than older forms of identification". In much the same was that Microsoft sells every new release of its OS basically. Money for old rope.
...we don't have any kids and claim child benefit!
I guess that's the problem with the computer world, once you're data becomes a stream of 1's and 0's ain't nothing going to protect it. The only way to win is not to play the game...
On the upside (from an investigative journalistic point of view)..
The next few days.should turn up a few stories for Lester haines with a few choice auctions for dodgy cd's turning up on ebay ;)
Wrong Hands ?
This phrase has been used extensively by Brown and Darling, would they like to define exactly whose are the wrong hands ?
AFAIK the 'wrong hands' for any personal data are those of unaccountable government departments.
What's the problem?
After all, I've nothing to hide so nothing to fear.
Neither have my children
Or my grandchildren.....
Wonder if any of our "Leaders" childrens' information is on those disks. Like Blair's kid Ian is now on the DNA database. Presumably.
Fuck Britain. I'd feel safer in Zimbabwe.
Now where did u last see these disks, sir?
HM Gov. does it again. well done guys, "face five!"
Don't worry at least we found last year's disk copies!
Assuming this procedure probably was followed last year (and the year before that), are last year's discs sitting on some auditor's shelf in his office, (with a nice post-it note showing the password) or worst still he took them home to do some data research on them, or they are backed up onto his spyware infected home pc?
How many copies of the database did this guy burn in the first place?, and the data that was burned- Was it just left on his machine (without password) just in case they were needed again under 'My documents' or on his desktop?
Aren't there a few alarm bells when 25Million records are read off the HMRC's database? Obviously not.
This is not going away for a long, long time and so it shouldn't.
Actually, never mind the HMRC - What about the NAO??
The thing that really gets to me is that barring a few "what did the NAO ask for?" questions, we seem to be overlooking the fact that the role of the NAO is to advise puclic sector organisations on how to conduct their affairs.
SO why on earth did an organisation with that remit ask for (or even allow a hint of a sugestion that) the data be sent in this manner? They are supposed to be the "Watchmen" and they were at the heart of allowing this to happen.
Personally, I think that the blame and attention should shift to the NAO as they are the ones who REALLY should have known better... Makes you wonder if CD data transfer is the norm
(unless of course these disks were sent as unsolicited mail!!!)
Disks are on ebay
It's Ok... don't panic!
RE: Actually, never mind the HMRC - What about the NAO??
Well according to the Telegraph this morning:
"At the time, the NAO asked for the Child Benefit database and specifically stated it should be "desensitised" to remove bank account details and other unnecessary data.
In a briefing paper sent to the Chancellor by Sir John Bourn, comptroller and auditor general, Mr Darling was told that a "senior business manager" sent an email to the NAO, which was copied to an HMRC Assistant Director, saying the information would not be "desensitised" because "it would require an extra payment to the data services provider EDS". "
Well I'm looking forward to seeng some more detail on this. Come on El Reg - get us the skinny on this. Is this true ?
If it is true then it is even more shocking than I previously imagined. I'm sure there are lots of readers of this site with experience of handling very large datasets who could put together the SQL query to extract only the data the NAO wanted (according to the BBC last night just the childrens names and the relevent NI numbers of the claimants) in just a few minutes. The data extract job itself might take a bit longer, but overall this is a job that should only take a few hours, not days or weeks. After all the Child Benefit database cannot be much more complicated than your average HR db used as training examples in all my old oracle books.
There is plenty to be said still on this - the possibility that there is a massive cover up going on, the involvement of outsourcers etc ....
Finally how on earth the gov think they should be allowed to bring in ID cards?Absolutely no way!
RE: RE: Actually, never mind the HMRC - What about the NAO??
>> I'm sure there are lots of readers of this site with experience of handling very
>> large datasets who could put together the SQL query to extract only the data
>> the NAO wanted (according to the BBC last night just the childrens names and
>> the relevent NI numbers of the claimants) in just a few minutes. The data extract
>> job itself might take a bit longer, but overall this is a job that should only take a
>> few hours, not days or weeks. After all the Child Benefit database cannot be
>> much more complicated than your average HR db used as training examples in
>> all my old oracle books.
On a regular PC the select might take a few hours, on the sort of hardware HMRC should be using for their database servers it oughtn't take more than a few minutes. I'm am somewhat surprised the bank details are even in the same table.
I agree, it is shocking that HMRC told the NAO that they would desensitize the data because of the cost of a contractor to do the job. I don't know that it is more shocking than the fact that a junior member of staff has full access to the database. Certainly a close call.
BTW to all those commenting about ID cards - whilst clearly worrying, I'm more worried about upcoming NHS database.
Password protected Excel spreadsheet maybe?
"Mmm - notice he didn't publish his own NI Number, DoB and Bank Account number to show how secure it is to leave these lying around"
He doesn't need to, since he has two children himself and therefore is probably on the disks
@RE: Actually, never mind the HMRC - What about the NAO??
> saying the information would not be "desensitised" because "it would require an extra payment to the data services provider EDS".
It's true - on PMQs someone stood up and asked a question on why HMRC should have refused to provide the desensitised information on the basis that doing so would have been "too onerous". The NAO seem to be in the right area by specifically asking for desensitised data, and of course heads should roll at HMRC (but won't) for just chucking the lot at them.