Security experts have criticized HM Revenue and Customs (HMRC) for creating fraud risks on several fronts when it lost 25 million child benefit records.
The government blunder, which chancellor Alistair Darling revealed Tuesday to MPs and the country, involved the loss of two computer discs sent via an internal courier which contained millions of bank account details. HMRC chairman Paul Gray has resigned over the debacle.
Jonathan Armstrong, partner at international law firm Eversheds, warned: "The breach is likely to give birth to a number of phishing scams. Even if the data on the CDs does not get into the hands of fraudsters it is likely that even now a large email campaign is being planned to prey on the British public.
"We have been involved with a number of major multinational breaches and have spoken with clients after the event to help others learn from their experience," said Armstrong.
"In many cases the consequences of the data breach are worse than first anticipated."
Fred Piper, a professor at Royal Holloway University of London, said it was extraordinary that the data loss occurred.
"It shouldn't happen. It beggars belief as to who authorized this, and whether they had authority to send the data or just did it," he said.
"It's a straightforward, irresponsible cock-up. If you must transfer data, there should be a clear reporting structure that recognizes and protects valuable data. If it is valuable, then only senior staff should authorize it and that data needs adequate protection."
Chancellor Darling said Tuesday that the discs were password protected but the data is not thought to have been encrypted.
Piper said: "Had it been encrypted, that's the first thing they would have said. HMRC said the discs were password protected, but had they been protected properly they would have been stated this."
The government has commissioned an independent review of HMRC's data-handling procedures from PricewaterhouseCoopers, with the full results due to be published in spring 2008.
Bob Ayers, associate fellow at Chatham House's International Security Programme, said any inquiry needed to get to the bottom of how this happened.
"But you have to ask: what kind of data protection regime is there in place in which highly sensitive information is stuffed in an envelope and given to guy on a motorbike to courier across London? What kind of protection regime treats such vitally important information in such cavalier fashion?"
Ayers urged the government to review all its processes, technology and compliance. "The solutions to correcting this problem will likely be technical, procedural, legislative and administrative," he added.
"We are getting a lot of head-patting from the government reassuring us that they are in charge and are trying to figure out what happened. We are being told not to panic and not to change our bank accounts," he said. "I would want to know how this happened. I'm not talking about the mechanics, but how did we get to the position that such critically sensitive information is being treated like a package of fish and chips and moved around London?
"Until we understand the answer, there can be no assurance that this is not going to happen again and again and again."
Jamie Cowper, at security firm PGP Corporation, said the UK's understanding of the threats around data breaches had "certainly come a long way" in light of Gray's resignation.
"But you have to ask whether this is really going to help solve the operational risk issues that the organization clearly faces.
"These discs should never have been transported in the first place -- information of this type should only be transmitted using the strongest security protocols available such as encrypted batch transfer -- but more to the point, these details should not have been stored in this medium."
"Discs are easy to lose, but difficult to protect. This type of information should only be stored on formats where the data can be encrypted transparently, so that it remains protected wherever it resides, and whether at rest or in motion."
How to prevent data loss
Jonathan Armstrong, partner at international law firm Eversheds, advises firms to:
- look at where and how they hold data and who else has access to it
- pick their response team for when they have a breach
- implement thorough training systems to improve awareness about the consequences of a breach
- make sure they have a system for concerned customers or employees to get in touch
- look into the costs of buying credit checks in advance
- look at third party contracts and the security systems of those contractors
Read up on the latest ideas and technologies from companies that sell hardware, software and services. Zones provide focussed content from CIO and leading technology partners.- White PaperView this webcast and discover the drivers for changing network design practices, why many organisations are changing their approach to network architecture and how enterprises should be moving forward with open architecture multi-vendor network solutions. Register now and learn how your business can maximize the business value of the enterprise network.
- White PaperJoin Lee Benjamin, a Microsoft Exchange MVP and Ryan Shipkowski, network administrator for Matthews, to discuss the process and ROI of implementing an email archiving solution, with emphasis on a case study from Matthews International.
- White PaperJoin industry expert Martin Tuip to discover best practice strategy for the archival and removal of .PST files using email archiving. Learn how to ensure long-term email records are there when needed, and reduce the risk to your business and clients.
Discover how SOA can create smarter outcomes for your business.
Attend and learn:
- How SOA is helping leading companies to become more agile
- Where you should be applying SOA processes in your company
- The top SOA implementation mistakes to avoid
Click here for more information.
- +
CIO Live Podcast #79: Brent D Taylor, author of The Outsider's Edge: The Making of Self-Made Billionaires Part II 05 October, 2007 06:00:00
For his new book, The Outsider's Edge: The Making of Self-Made Billionaires, social researcher Brent D Taylor spent four years of intensive research investigating the psychological make-up and backgrounds of some of the world's richest men and women, including IT luminaries Bill Gates, Larry Ellison and Steve Jobs. Taylor discovered that, despite working in different industries and coming from different upbringings, they all have one thing in common -- they are all outsiders. - +
CIO Live Podcast #78: Brent D Taylor, author of The Outsider's Edge: The Making of Self-Made Billionaires 28 September, 2007 17:34:25
For his new book, The Outsider's Edge: The Making of Self-Made Billionaires, social researcher Brent D Taylor spent four years of intensive research investigating the psychological make-up and backgrounds of some of the world's richest men and women, including IT luminaries Bill Gates, Larry Ellison and Steve Jobs. Taylor discovered that, despite working in different industries and coming from different upbringings, they all have one thing in common -- they are all outsiders. - +
CIO Live Podcast #77: Panasonic Speeds Up Trans-Pacific File Transfers, Part III 21 September, 2007 07:00:00
Part three in our three-part special report from CIO's sister publication Network World in the US, as Paul Desmond reports from the Network World IT Roadmap Conference in Santa Clara, California. With development teams in the US and Japan, Panasonic needed a more efficient way to move very large files between the two locations. Iben Rodriguez, IT consultant for Panasonic Research and Development, explains how a storage-area network and virtual server technology helped speed up WAN performance. - +
CIO Live Podcast #76: Panasonic Speeds Up Trans-Pacific File Transfers, Part II 14 September, 2007 07:00:00
Part two in our three-part special report from CIO's sister publication Network World in the US, as Paul Desmond reports from the Network World IT Roadmap Conference in Santa Clara, California. With development teams in the US and Japan, Panasonic needed a more efficient way to move very large files between the two locations. Iben Rodriguez, IT consultant for Panasonic Research and Development, explains how a storage-area network and virtual server technology helped speed up WAN performance. - +
CIO Live Podcast #75: Panasonic Speeds Up Trans-Pacific File Transfers, Part I 07 September, 2007 07:00:05
Part one in our three-part special report from CIO's sister publication Network World in the US, as Paul Desmond reports from the Network World IT Roadmap Conference in Santa Clara, California. With development teams in the US and Japan, Panasonic needed a more efficient way to move very large files between the two locations. Iben Rodriguez, IT consultant for Panasonic Research and Development, explains how a storage-area network and virtual server technology helped speed up WAN performance.
- +
TJX Maxx hacker banged up for 30 years 09 January, 2009 11:26:00
Key figure in the infamous TJX Maxx Wi-Fi hack of 2005 has been sentenced to 30-years in prison by a Turkish court.Maksym Yastremskiy, the Ukrainian accused of being a key figure in the infamous TJX Maxx Wi-Fi hack of 2005, has been sentenced to 30-years in prison by a Turkish court. - +
Data breaches rose sharply in 2008, says study 08 January, 2009 08:27:00
More than 35 million data records were breached in 2008, according to the Identity Theft Resource Center.More than 35 million data records were breached in 2008 in the U.S., a figure that underscores continuing difficulties in securing information, according to the Identity Theft Resource Center (ITRC). - +
Rogue SSL certificate exploit puts VeriSign on the spot 07 January, 2009 11:04:00
Wishes "white hat" researchers had notified VeriSign before public demo.Following the success of researchers last week in creating a false SSL certificate based on VeriSign's RapidSSL brand, the company is scrambling to explain how it happened, how it's preventing it from reoccurring, and whether its other SSL certificate-generation services are at risk. - +
With Gaza conflict, cyberattacks come too 05 January, 2009 08:03:00
Pro-Palestinian hackers have defaced thousands of sites following attacks in Gaza.The conflict raging in Gaza between Israel and Palestine has spilled over to the Internet. - +
5 ways to secure your Blackberry 18 December, 2008 12:58:00
What do Tom Cruise and the McCain campaign have in common? They have both been bitten by the loss of a Blackberry. Mobile expert Dan Hoffman gives advice on how to keep your cherished mobile device safe, even if it's out of your handsWhat do Tom Cruise and the McCain campaign have in common? They have both been bitten by the loss of a Blackberry. Mobile expert Dan Hoffman gives advice on how to keep your cherished mobile device safe, even if it's out of your hands.
IT industry veteran advises caution on outsourcing selection in light of Satyam problems 09 January, 2009 21:45:00
Research software developer appoints Susan Dart to new Business Development Director role 08 January, 2009 09:08:00
Research software developer appoints Susan Dart to new Business Development Director role 08 January, 2009 09:08:00
Anyware Introduce Two Powerful PCI TV Tuner Cards with S5 Power Up and Windows Media Center Remote 07 January, 2009 17:30:00
Fortinet Cures Mobile Phone “Curse of Silence/CurseSMS” Attack 07 January, 2009 16:30:00
|
||
|
||
|
|
||
|
How to improve employee productivity in small and medium businesses
U.S. businesses lose 5.4 billion productive hours through employees searching for information annually. Avoid the same inefficiencies occurring in your business. Read on to discover the productivity issues facing SMBs and how the Oracle Application Express (APEX) can improve employee productivity and enhance development efficiencies.
