back to article Lost HMRC discs pop up on eBay

Well, it had to happen, and so here you have it - those mislaid HMRC discs going for a song down at eBay: Screen grab of eBay "HMRC discs" auction Since we have no doubt the powers that be down at the world's fave tat bazaar will move rather more quickly to remove this auction than they do to act on iffy vendors, here's the …

COMMENTS

This topic is closed for new posts.
  1. Chris Collins

    Excel probably

    I imagine that the data has one of those fiendishly difficult to crack Excel passwords on it. We can all sleep easily.

  2. Anonymous Coward
    Happy

    ebay

    haha Nice one, I hope they made another ebay account to do otherwise they might find a swat team out side :)

    I love the question and answer bit

    copied here just incase ebay remove it

    Q: Would you consider part exchange for these discs? I'm afraid I can't offer much in the way of cash as my future employment status looks a bit grim at present, but my boss Gordy can offer you a peerage or even free school dinners for life. Thanks NOTE TO SECRETARY: PLEASE ENSURE MY REAL NAME DOES NOT APPEAR ON THIS EMAIL WHEN SENDING, THANKS. ALISTAIR

    A: As everyone's employment prospects are as dismal as yours, you argument carries little weight. However, the peerage is tempting. Please feel free to phone me to discuss this.

  3. Ash

    I approve.

    That is all.

  4. Anonymous Coward
    Go

    Who ever did this...

    is an absolute legend - much better than both the "twin Towers (some assembly required)" and "Stannah Stairlift (one careful lady owner)" auctions we've seen over the last few years.

    LMFAO!

  5. Anonymous Coward
    Flame

    Excel - nah

    Maximum data you can fit in one worksheet is 65536x65536 (I doubt HMRC know how to use multiple worksheets).

    My guess is this was an Access database ....

  6. Phantom Wibbler
    Happy

    Brilliant

    Made us all laugh in the office. Sheer genius.

  7. John Styles

    Excel

    Nah, Excel up to 2008 was 65536 * 256. Excel 2008 allows 1048576 rows, which seems a bit pathetic to me. I doubt the govt has moved to 2008 yet.

  8. Hedley Phillips

    Superb

    Absolutely fantastic.

  9. Pete Silver badge

    post and packing

    .... disks will be sent by TNT courier. Please allow several weeks before reporting them lost

  10. Risky
    Joke

    cheque?

    I felt obliged to ask him if he could post to LAGOS, NIGERIA and could one pay by cheque.......

  11. Martin Gregorie
    Boffin

    @Chris Collins

    Regardless of the data format (and Excel or CSV both sound likely) I think its likely to be a passworded and unencrypted ZIP archive - possibly spanning both disks. Spanning, because chopping such a large file in half is probably beyond the muppet that made it.

    Why zipped? If both disks are full (650 MB each) thats an average of only 52 bytes per entry.

    As a comparison, my name, address, NHS no and DOB in CSV format is just over 80 bytes. Add bank details (Bank name, sort code, account number) and it hits 120 bytes. So, to get 25 M sets of typical personal details onto two CDs requires compression.

  12. Anonymous Coward
    Joke

    the password is...

    probably one of the following:

    password

    getmoretax

    iluvsafetycameras

    gordonisgod

    whogivesacrapifthesegetlost

  13. Jon Pain
    Thumb Down

    @ Anonymous Coward (Excel - nah)

    Actually, Excel can only hold 65536 x 256 (Well 2003 anyway)

  14. amanfromMars Silver badge
    Mars

    Big Picture Players Bletchley Boffin ControlLed, Darling .... ?

    Hmmmm. Ye Wily Olde Fox Uniting Artists for AIKnightly Sky?

    A Bare Bear Question for Rupert to Seed in Deed, indeed. AI Virtual PlaySubStation Offered Again. Run In with One Very Careful Owner ....... Fastidious in ITs Care.

  15. TeeCee Gold badge
    Coat

    TNT

    Are they called TNT because of the extensive damage to your career caused when their service blows up in your face?

  16. Greem

    Bids...

    ...over £4,500,100.00 required :)

  17. Phill Holland

    post and hacking

    has anybody tried typing "password" to gain access to the database.

  18. This post has been deleted by its author

  19. Patrick Mulvany
    Unhappy

    @Martin Gregorie

    Assuming this is a relational database backup you may not need compression. Address may just be represented by Postcode+house number lookup to standard external table. Sort code implies bank and branch which can bee another lookup.

    There are other things that make me think this might just be spanned across the discs using a simple backup utility (which is probably included on the first disc ;)

  20. Kane
    Paris Hilton

    @ John Styles

    Your right, we have not upgraded to Excel 2008 yet. Still on 2003. In fact, we were still using 97 up until about 7 months ago....

    Shocking! What do I pay my taxes for!

    Where is the Paris Hilton angle?

  21. Anonymous Coward
    Go

    Silly money?

    After only four hours the current bid is running at £9,999,999.99 which sounds high but is actually quite reasonable.

    Of the 25m records we are told that 10m are for adults (parents) and that represents 7.25m families. Assuming there is one bank account per family then that's approx £1.38 for each one. Even if the accounts were used for nothing but receiving the £12.81 per week paid in by the government, that still gives the potential for over 800% profit from just one fraudulent transaction per account.

  22. David Scott
    Happy

    Auction has ended...

    "The seller ended this listing early because the item was lost or broken."

    Pure class.

  23. Nano nano

    How to defeat Windows db crackers ...

    ... store the MySQL database files in a .tar.bz2 file

  24. Anonymous Coward
    Happy

    Bidding has ended...

    As the item has been lost or broken.

    Shame that, I was ready to offer an exchange for a random database of my own I inadvertently acquired while I was walking past TK Maxx the other morning with my laptop powered up.

  25. Daniel
    Paris Hilton

    Real password

    How was the real password communicated to the intended recipient, i.e. NAO? Was it written on a post-it note and stuck to the CD case, by any chance?

  26. John Imrie

    The end of the Auction

    It appears that the person who set up the Auction has terminated it.

    The reasion given was that the itimes have been lost or are broaken.

    Oh well, there goes Alister Darlings chance of getting them back :-)

  27. Anonymous Coward
    Anonymous Coward

    Shame the seller has ended the auction

    Pity the bidding had got silly and the seller had to end it early. The Sue Ryder Care could have done with a contribution from a generous benefactor.

  28. Darrell Ingram
    Thumb Down

    D'Oh!

    I was the winning bidder, I'm not happy!

  29. Doug
    IT Angle

    Version 2 coming soon!

    Note that this was just version 1.0 release. Once the Centralised Health Database and ID Card system is online, there will be further releases of this data.

  30. Andy Baker
    Boffin

    Hmmm a nice little earner

    I'm thinking I could generate a database of names and addresses all with my bank details. I could then claim I found the disks and claim a reward obviously. They'll immediately load the data back into their system and pay me 7.25 million * £12.81 per week until they notice... could work for years! 'tis a flawless plan!

    El Reg - can we have a Pinky and The Brain icon please? :)

  31. Anonymous Coward
    Anonymous Coward

    To find the password

    You will need one video of the latest budget speech with commentary. Watch it until they tell you what brand the chancellor is drinking on this one occasion that he is allowed booze in the house.

    That'll be the password for all finance documents.

  32. Spbmssen
    Black Helicopters

    @amanfromMars

    Look, this isn't the first time I've read an 'amanfromMars' post and wondered how long it was going to take me to crack it.

    Are they relevant? Are they a coded message to our covert boys around the world? Are they just way too clever for me? Are they just bollocks?

    Can anybody help me out here?

  33. Dave

    An obvious joke

    An obvious joke by that ebay user, but amusing nonetheless - i wonder what the finder of the listing was searching for at the time to come across it...

  34. Law
    Paris Hilton

    @ amanfrommar

    ?! WTF??

    El Reg is going to have to install that bullsh*t filter at some point again... amanfrommars' blabberings are getting worse.

  35. Anonymous Coward
    Mars

    @ Spbmssen

    Basically, he fancies himself as the Gonzo journalist of El Reg - unfortunately he sucks at it. The problem with stream-of-consciousness writing is that, when don't actually have anything to say, IT usually Comes OUt as AI streaM of pISs.

  36. Chris Pasiuk
    Black Helicopters

    Broken? RIGHT!

    Broken by the boot of an SAS commando after storming the residents of this hilariously funny chap. With 3 broken ribs, a rifle butt imprint on his cheek, and zip-tied wrists I'm sure he's repeating the mantra... "The government has no sence of humor...The government has no sence of humor...The government has no sence of humor..." while hearing the commando say, "silly muppet, tricks are for terrorist."

    This is a spook magnet beyond question.

  37. Les Matthew

    @Nano nano

    Hate to burst your bubble (yes I lie) Winrar can open tar.bz2 files. ;)

  38. Anonymous Coward
    Paris Hilton

    The black helicopters have arrived

    It's been pulled :-(

  39. DirkGently
    Thumb Down

    Copy Cat

    And some unfunny saddo's copied the idea - search for HMRC.

  40. Anonymous Coward
    Joke

    We Take it Personally

    A then employee told me at the time that in the late 90's TNT had the contract for delivering Pfizer's then new wonder drug - the little blue pills who's name starts with V. A large shipment went missing. The loss was of course hushed up and kept out of the press.

    Their corporate slogan at the time was 'We take it personally'... I never could work out if the take in the slogan meant steal or consume...

    Looks as if the same guys in the company fancy their chances with the account details...

  41. sue

    @ Spbmssen

    I think he's either a bot, or one of the reg hacks (bless 'em) on a dare to fit in as many obscure references as they come up with over a few bevvies on a Friday.

  42. Anonymous Coward
    Coat

    @ We Take it Personally..

    I hope there were stiff sentences all round for those hardened criminals.

  43. Jon Nicholas

    25 million records on 2CDs - really?

    According to the government the details are of 25 million families and includes name, address, social security number etc. This must be several hundred bytes per record, say 500.

    That makes 12.5 Gig of data. If it is in Access or Excel there is the usual Microsoft overhead of at least double so we are talking 25G. How does that get onto 2 CDs? Maybe the government has done something very clever to compress it but I doubt it. Most of the entries are probably just blank...

  44. David Haworth
    Coat

    I'd advise not to bother bidding ...

    I'd advise against bidding - the discs are obviously im(it)ations.

  45. paulc
    Unhappy

    annoyed

    that I didn't print it to pdf when I had the chance... the page doesn't work at all now...

  46. Anonymous Coward
    Anonymous Coward

    @DirkGently

    I just did a search for HMRC and - honest - this was the first "Sponsored Link":

    Child Benefit Data

    Worried your data is in the wrong hands? Check your credit report

    www.experian.co.uk/creditreport

  47. Anthony

    Backup copies?

    Ebay seller should have made backup copies of the CDs before they got lost/damanged.

    Hmmm... what about the CDs with HMRC data on them sent in internal mail that _did_ arrive? Someone in the know could have copied them en route and then put them back into the mail system... so similar data could have leaked a long time ago...

  48. Joe
    Joke

    Password protected, Darling? Oh thank the Lord for that!

    These disks would likely have been encoded twice with ROT13 for maximum security, so there's little chance that anyone could read them anyway...

  49. Andy Taylor
    Unhappy

    Item Removed :(

    eBay have pulled the auction.

  50. Michael

    @ AC

    >Maximum data you can fit in one worksheet is 65536x65536 (I doubt HMRC know how to use multiple worksheets).

    >My guess is this was an Access database ....

    Wow, you're wrong twice.

    First of all, in Excel 2003 and earlier, you had 65536 rows x 256 columns, not the 65536 x 65536 you mentioned.

    Secondly, in Excel 2007, you can have 1048576 rows x 16384 columns.

    If you're going to try to be clever, at least be correct.

    To be fair, no version of Excel has space in one sheet for 25 million rows. Access, however, would choke on that much data as well. It's far more likely that the file in question would be a SQL server .mdf or backup file.

  51. Ron Eve

    Last bid

    You can see here!

    http://www.youtube.com/v/G92CW-OrdFA

  52. André

    @Jon Nicholas

    25 million records could comfortably fit on 2 CDs.

    500 bytes is rather abundant for this type of record. An average of 120 - 160 bytes per record is more likely. That would make 3-4 GB of data, if we assume CSV or similar format.

    Furthermore, the only part of this data that does not have lots of redundance are the bank account number and social security number, which are supposed to be unique. The remainder of the data has lots of redundance (How many different first and last names are in common use? How many different street and town names?) and will compress quite well. I've seen compression ratios of as much as 6:1 for this type of data. Also, as mentioned earlier in this thread, if it's a relational database, postcode and town could be referenced to a separate table and take up only 4 bytes (INT). Thus, fitting all in 1400 MB is quite possible.

  53. Anonymous Coward
    Flame

    Listen you lot leave amanfromMars

    alone he's only playing he talks sense when he has something to say otherwise he's sort of commentary, on the useless commentary it's oblique but what he's saying is blah blah blah. Just ignore him like you would anyone else who is bored to tears by your thoughts.

  54. Karl
    Thumb Down

    Maybe this will make people think.......................

    and realise this NuLabour government are *THE* most profligate, incompetent, retarded bunch of whingeing trotsky's I have ever seen, and I saw the last Labour government!!!

    As far as 'password protection' goes, was probably one of the following;

    letmein

    password

    1234

    abcd

    gordonisamoron

    Incompetence that simply takes the breath away, let's hope this marks the end of 10 years of thieving and mismangement

  55. Mark Readings
    Unhappy

    Was the select statement to exspensive

    do you think they did a select * from mortgages_details

    instead of

    select field1, field2, field3 from mortgages_details where birthyear < 1985

    I know that outsources always charge more for doing something out of the ordinary, bastards....

  56. Anonymous Coward
    Joke

    Administration Hell

    I bet the password is 'ComputerSaysNo'

  57. Graham Gold
    Happy

    Here's another one... (I didn't do it, just found it by searching ebay for "25 million")

    http://cgi.ebay.co.uk/25-MILLION-CD-DATABASE-URGENTLY-REQUIRED-BANK-NAMES-ETC_W0QQitemZ320185994095QQihZ011QQcategoryZ182QQssPageNameZWDVWQQrdZ1QQcmdZViewItem

  58. Anonymous Coward
    Flame

    @ Maybe this will make people think.......................

    "and realise this NuLabour government are *THE* most profligate, incompetent, retarded bunch of whingeing trotsky's I have ever seen, and I saw the last Labour government!!!" Not impressed then Karl? And exactly how does the Government of the day dictate the incompetency levels of a civil service department; on that basis, if it had been a Conservative Government in power the headlines would have been about the amount the CD's had been sold for.

  59. Anonymous Coward
    Anonymous Coward

    HMG now distracting the public

    Seems HMG is now (1720 GMT, 22 Nov) cranking the flu/pandemic scare story thru their mouthpiece the BBC - even scarier than HMRC losing data - in a transparent effort to distract the public.

  60. Anonymous Coward
    Anonymous Coward

    IZ IN UR ACCOUNT...

    ...STEALIN ALL UR MONEYZ!

  61. El (not Reg)

    TNT? Light touchpaper & retire.

    "those mislaid HMRC discs going for a song"

    Swapsies for a cabinet full of ripped mp3s.

  62. si blackmore

    Title cd roms with your sunday supplement

    sorry, but think this is a standard ukgov snafu- higherpleb? did you send those details to-?-lowerpleb, yessboss![thinks, what details] must be 'lostinpost' add one leak to recipe=mediafrenzie.I don't think this present administration is capable of giving us a proper scandal that we can get our teeth into! (E.G. Profumo) cheers Si B

  63. Iain
    Stop

    You are not giving HMRC enough due....

    When I worked at the HMCS (last year) our state of the art (running Win98) PC was protected by the ever popular

    Username: admin

    Pwd: admin

    I suspect something similar.

  64. Jan Buys

    @AC

    "IZ IN UR ACCOUNT...

    ...STEALIN ALL UR MONEYZ!"

    ROFL!!!

  65. Anonymous Coward
    Anonymous Coward

    @Iain RE:You are not giving HMRC enough due....

    With windows 98, if you tried a to login with an account that wasnt allready made it would create that account and log you in, so

    user: admin

    pass: admin

    would work unless admin was allready setup

  66. Anonymous Coward
    Anonymous Coward

    Re: the password is...

    HMRC aren't very good at passwords. They have one of those highly effective 'ultra secure' logon password policies that involves randomly generated passwords that expire every 90 days. Of course the randomly generated passwords are completely immemorable, especially when they keep changing, so everyone writes them down. Then they are hidden in really secure and obscure places where they can never be found by anybody else, such as under the keyboard.

    When I worked there, one night I checked all the desks on my immediate section - 11 other members of staff. I found 8 passwords...

  67. Anonymous Coward
    Joke

    I know who has the data

    Who at this time of year needs the name and address of every child in the country? Question is was there another field on the database that we haven't been told about? Would that field be GOOD_Y_N

    Thats right it's a MR S Clause who has the discs

  68. Eddie Johnson
    Thumb Up

    @Joe

    Double ROT13? Very good Joe! Almost 3DES I bet.

  69. David

    Too expensive??

    I loved their statement that they couldn't anonymise the data because it would be too expensive.

    What utter rot. How hard is it to go SELECT A1, A2, A3 instead of SELECT * ??

  70. amanfromMars Silver badge
    Mars

    Ignorance is Bliss

    "Just ignore him like you would anyone else who is bored to tears by your thoughts."

    He relies upon It of you, AC, to Allow for Stealthy Future Progress. Core Access.

  71. Chris Pinto
    Boffin

    To Be Fair..

    The data should not be able to be opened by anyone else other than people with the corresponding smart card certificate (all Govt. employee's have smart cards for this reason)

  72. Anonymous Coward
    Anonymous Coward

    @ Chris Pinto

    To be fair Chris, it's Civil Servants that you're talking about, not Government employees - very big difference and a very important difference too.

    Secondly, if my experience of the Civil Service is anything to go by then the smartcards are simply to gain access to machines, so that someone has to steal your smartcard as well as your password before they can get into the system.

    Perhaps at GCHQ they have some marvellous system where documents can be encrypted so that only one other person with a given certificate (or anyone with an image of that smart card) can open the document. (Although it strikes me that the person with the smartcard would surely need to be present with their card, so that they might as well copy it to a laptop to be stolen from Tesco's car park).

    Back in the grotty grimey job cutting real world of the Civil Service there are no suxh systems. But then that's how you save money - by whoring your IT out to EDS and Co.

    P.S. - Anyone done a quick guestimate on the cost of sending letters to each of the 7.25 million affected families?

  73. Chris Martin
    Pirate

    Sorry Guys but...

    >P.S. - Anyone done a quick guestimate on the cost of sending letters to each of

    >the 7.25 million affected families?

    Im sure that people like UKMail get their post delivered by Royal Mail for about 13 pence, if we work with that value we are talking of a cost of £948,000 I probably about a million.

    These must be a joke in there somewhere about the government having lost the data and do not know where to send the letters :P

    One, question I have, if the government have broken the data protection act, will this allow the people who's identify has been breeched to claim against the government?

This topic is closed for new posts.