Search: Home Bugtraq Vulnerabilities Mailing Lists Jobs Tools Beta Programs
    Digg this story   Add to  
U.K. agency loses sensitive data on 25m people
Published: 2007-11-20

The head of HM Revenue & Customs, the United Kingdom's tax agency, resigned on Tuesday, taking responsibility for a massive data leak that potentially put the sensitive personal details of 25 million people at risk.

The resignation was announced the same day that the agency acknowledged that a disk with the personal details of 25 million people failed to arrive at its destination on October 18, after it was sent through internal government mail. The information on the disk -- the financial details of nearly 25 million adults and children that received government benefits -- was not encrypted but protected by a simple password, according to an article in the Times Online.

In resigning, Chairman Paul Gray took responsibility for the lapse in security and a number of similar incidents where sensitive information was sent through the mail.

"Ensuring that our customers and stakeholders can trust how we handle sensitive information is one of our most important responsibilities," Gray said in a statement. "Given my overall accountability for the way the Department operates I have concluded that, as a result of the recent failings, it is right for me to decide to stand down."

The news of the data breach comes more than a year after a similar incident in the United States. In May 2006, the U.S. Department of Veterans Affairs announced that a stolen laptop had put sensitive information about 26.5 million U.S. veterans and their families at risk. Authorities found the laptop about two months later and stressed their believe that the data was not compromised. The Secretary of Veterans Affairs Jim Nicholson did not resign at the time, but gave notice a year later citing plans to join the private sector.

The data lost by HM Revenue & Customs included the parents' and children’s names and dates of birth, the family's address, their National Insurance number and, in some cases, financial details regarding payments for Child Benefits, the agency stated. Britain's Independent Police Complaints Commission (IPCC) has begun to investigate the missing disks.

If you have tips or insights on this topic, please contact SecurityFocus.

Posted by: Robert Lemos
    Digg this story   Add to  
Comments Mode:


Privacy Statement
Copyright 2009, SecurityFocus