This piece first appeared in the money section of the Saga website on 21 November 2007
The text here may not be identical to the published text

25 million peolpe warned of ID theft

The Chancellor of the Exchequer Alastair Darling called it a "huge, massive, unforgivable mistake". And he apologised to the House of Commons for the loss of confidential data on 25 million people – more than half of them children.

He explained that a copy of the entire Child Benefit database had been put onto two CD-roms by a "junior official" at HMRC, popped into a Jiffy bag and sent through the internal mail to the National Audit Office. It never arrived. When the official at HMRC called the NAO to see if it had turned up they were told it had not. So the official made another copy and sent that by registered post.

The data covers every parent and child in the country. Specifically the two CDs contained "the entire data in relation to the payment of child benefit" and included the details of more than seven million parents, 13 million children and up to up to four million other related people. The CDs contained details of their names, addresses, National Insurance numbers, dates of birth, child benefit numbers and, in the case of the parents, a bank or building society account into which the benefit is paid. The disc was not encrypted – which would have made the data useless to any thief. Instead it was simply "password protected" – security which any competent data thief could bypass in a few minutes.

It is hard to imagine a worse breach of privacy or a bigger opportunity for the criminals who trade our personal data, steal our identities and sometimes our money. Although the Government insists there is no evidence that the CDs have fallen into the hands of crooks there is no evidence they haven’t either. Every parent in the country should check their bank accounts and their credit records for unusual activity.

This loss was not the isolated mistake of a junior official failing to follow procedure. In October HMRC admitted that a laptop had been stolen from a member of staff containing details of 2000 ISA investors. Less than three weeks ago it admitted the records of 15,000 taxpayers had been put on a CD and sent by courier from Newcastle to Standard Life headquarters in Edinburgh, It never arrived either. The Standard Life disc was one of twenty sent that day. If lessons had been learned then this latest data loss might have been avoided. What is the point of storing our personal data on protected computers in high security rooms if it is routinely copied onto CDs and sent around the country by courier?

Next year the Revenue will impose earlier deadlines on the ten million people who get a self-assessment form if they do not fill it in online. Small firms will soon have to start sending their quarterly VAT returns online. We are all encouraged to trust Government computers and the security of the systems that protect our data. Now it seems we might as well post it on Facebook and let everyone read it without the trouble of stealing it first.

 


Go back to Saga Web

Go back to Saga Magazine

Go back to archive front page

Go back to Paul Lewis front page  


All material on these pages is © Paul Lewis 2007