Loss of United Kingdom child benefit data (2007)
The loss of United Kingdom child benefit data was a
The loss
The discs were sent by junior staff at
Two password-protected discs containing a full copy of HMRC's entire data in relation to the payment of child benefit was sent to the NAO by HMRC's internal post system operated by the courier TNT. The package was not recorded or registered. It appears the data has failed to reach the address in the NAO.[1]
The lost data was thought to concern approximately 25 million people in the UK (nearly half of the country's population). The personal data on the missing discs was reported to include names and addresses of parents and children and dates of birth of the children, together with the National Insurance numbers and bank or building society details of their parents.[3]
The "password protection" in question is that provided by WinZip version 8.[4] This is a weak, proprietary scheme (unnamed encryption and hash algorithms) with well-known attacks.[5] Anyone competent in computing would be able to break this protection by downloading readily-available tools. WinZip version 9 introduced AES encryption, which would have been secure and only breakable by a brute-force attack.
In a list of frequently asked questions,[6] on the BBC News website a breakdown of the loss was reported as being:
- 7.25 million claimants
- 15.5 million children, including some who no longer qualify but whose family is claiming for a younger child
- 2.25 million 'alternative payees' such as partners or carers
- 3,000 'appointees' who claim the benefit under court instructions
- 12,500 agents who claim the benefit on behalf of a third party
Whilst government ministers claimed that a junior official was to blame, the Conservatives said that the fault lay in part with senior management. This was based on a claim that the National Audit Office had requested that bank details be removed from the data before it was sent, but that HMRC had denied this request, because it would be "too costly and complicated".[7] Emails released on 22 November confirmed that senior HMRC officials had been made aware of the decision on cost grounds not to strip out sensitive information.[8] The cost of removing sensitive information has been given as £5,000.[9] Although the cost was found to be substantially less (£650) in an academic study.[10]
According to an IT
It was later revealed, on 17 December 2007, that the data protection manual for HMRC was in itself under restriction to only senior members of staff, not junior civil servants who had just a summary of what the manual says on security.[12]
Other data scandals
This was followed by several other data scandals. On 17 December it was revealed by
Response
Darling stated that there was no indication that the details had fallen into criminal hands, but he urged those affected to monitor their bank accounts.[1] He said "If someone is the innocent victim of fraud as a result of this incident, people can be assured they have protection under the Banking Code so they will not suffer any financial loss as a result." HMRC then set up a Child Benefit Helpline for those concerned about the data loss.[3]
The incident was a breach of the UK's Data Protection Act and resulted in the resignation of HMRC chairman Paul Gray; Darling commented that the discs were probably destroyed when "the hunt was on, probably within days" and that there was an "opaque" management structure at HMRC and it was difficult to see who was responsible for what.[14] Gray was subsequently found to be working at Cabinet Office.[15][16] The Metropolitan Police and the Independent Police Complaints Commission both investigated the security breach, and uniformed police officers investigated HMRC offices. The loss led to much criticism by the Acting Leader of the Liberal Democrats Vince Cable and Shadow Chancellor George Osborne. Osborne said:
Let us be clear about the scale of this catastrophic mistake— the names, the addresses and the dates of birth of every child in the country are sitting on two computer discs that are apparently lost in the post, and the bank account details and National Insurance numbers of ten million parents, guardians and carers have gone missing.[3]
In addition he said that it was the "final blow for the ambitions of this government to create a
The general reaction of the public was one of anger and worry. Banks, individuals, businesses and government departments became more vigilant over data fraud and identity theft and the government pledged to be more careful with data. The public and media was particularly angry over the fact that the data was not registered or recorded, and that it was not securely encrypted.
Nick Assinder, a political correspondent at the BBC, expressed the opinion that he believed Darling to be "on borrowed time".[17] George Osborne, who questioned whether Darling was "up to the job", suggested that it would be a matter of days before a decision was made regarding Darling's future.[18] However Darling remained Chancellor until Labour's defeat in 2010.
TNT stated that, as the delivery was not recorded, it would not be possible to even ascertain if it had actually been sent, let alone where it went.[19]
Jeremy Clarkson direct debit fraud
On 7 January 2008,
See also
References
- ^ a b c "Darling admits 25 million records lost". BBC. 2007-11-20. Archived from the original on 2017-09-05. Retrieved 2007-11-20.
- ^ "Pressure on Darling over records". BBC. 2007-11-20. Archived from the original on 2021-10-17. Retrieved 2007-11-22.
- ^ a b c d e "UK's families put on fraud alert". BBC. 2007-11-20. Archived from the original on 2017-09-05. Retrieved 2007-11-20.
- ^ Neumann, Peter G. (30 December 2007). "HMRC Lost Discs & Encryption". The RISKS Digest. 24 (93). Archived from the original on 3 January 2008. Retrieved 2 January 2008.
- ^ "Password Recovery/Cracking FAQ". Archived from the original on 2008-02-10. Retrieved 2008-02-05.
- ^ "Data disaster: Your queries answered". BBC. 2007-11-21. Archived from the original on 2009-01-31. Retrieved 2007-11-21.
- ^ "Fresh questions over data crisis". BBC. 2007-11-23. Archived from the original on 2021-10-17. Retrieved 2007-11-22.
- ^ Email from HMRC to NAO Archived 2007-11-27 at the Wayback Machine, 13 March 2007. NAO website. Retrieved on 23 November 2007.
- ^ £5,000 would have made HMRC discs safe[dead link], 23 November 2007. telegraph.co.uk. Retrieved on 25 November 2007.
- ^ Removal of sensitive child benefit data would have cost £650, 19 December 2007. www.port.ac.uk. Retrieved on 20 December 2007.
- ^ "Missing child benefit CDs: what went wrong, and why it would have carried on regardless". ComputerWeekly.com. Archived from the original on 2007-12-24. Retrieved 2007-12-17.
- ^ "HMRC manual on data protection was protected data". The Register. Archived from the original on 2007-12-19. Retrieved 2007-12-17.
- ^ "Firms admit to two more cases of personal data loss". 2007-12-11. Archived from the original on 2007-12-14. Retrieved 2008-02-05.
- ISBN 978-0857892799.
- ^ "Channel 4 - News - Paul Gray back at work". Archived from the original on 2008-11-18. Retrieved 2008-09-23.
- ^ Summers, Deborah (2007-11-20). "Personal details of every child in UK lost by Revenue & Customs". The Guardian. London. Archived from the original on 2007-11-21. Retrieved 2007-11-20.
- ^ "Assessing the political damage, Darling and Brown". BBC. 2007-11-20. Archived from the original on 2007-11-22. Retrieved 2007-11-20.
- ^ Ministers under fire over records Archived 2009-03-28 at the Wayback Machine BBC News retrieved November 21, 2007
- ^ CDs 'May Never Have Left The Building' Archived 2008-07-09 at the Wayback MachineSky News - retrieved November 22, 2007
- ^ Clarkson stung after bank prank Archived 2010-07-29 at the Wayback Machine, BBC News
External links
- Alistair Darling's statement to Parliament
- HMRC letter of apology
- Brown apologizes for records loss, with timeline of events