Lost child benefit CDs: Have they looked down the back of the sofa?

Filed Under: Data loss, Privacy, SophosLabs

It's appalling. The loss of millions of people's personal information by the HMRC shakes the trust that people need to have with government organizations to its foundations. Worryingly, new research conducted by Sophos has found that 58% of those polled believe the Government's data loss was "inevitable". Yes, we know that to to err is human, but to really screw things up it seems you need a Government department.

This isn't just incompetence on a grand scale, for the individuals affected by the ID theft it could be potentially financially crippling. If criminals get their claws on your personal information they could take out bank accounts, loans, and credit cards in your name, ruin your credit rating, and generally look to inflict as much financial damage as they can, in as short a time as possible.

It seems it's a case of "Carry on HMRC", with this just being the latest incident of data on British citizens potentially falling into the wrong hands. In September, a laptop containing personal information on thousands of investors was stolen from the car boot of an HMRC official. Last month, in a separate incident, a courier being used by HMRC lost a CD containing details of 15,000 Standard Life customers.

There have been bigger breaches of data confidentiality in the past of course, but they have involved private firms rather than a national government. The sight of Chancellor of the Exchequer Alistair Darling standing up in the Commons to explain their data disaster will have brought home the risks of identity theft to people up and down Great Britain.

The sad fact of the matter is that no-one knows where the missing CDs are. They could be in the hands of organized criminal gangs, an opportunistic thief who doesn't understand their worth, or down the back of Alistair Darling's ministerial sofa.

If you're worried you may be the victim of identity theft you need to look for the symptoms. If you've stopped receiving bills or other mail an identity thief may have given a different address in place of your own. Started receiving credit cards you didn't apply for? Do your bank statements include withdrawals, payments and money transfers that you can't explain? Receiving calls from debt collectors and companies about items you did not purchase? These are all the signs that a criminal may have successfully stolen your identity.

What's obvious is that it's high time the UK Government put in place proper data-breach notification laws. At the moment British organizations are not compelled to inform customers who may have suffered from a data breach. If they like they can keep schtum, keeping their fingers crossed that no-one finds out the data was lost, and hoping that criminals don't exploit the mislaid information.

Without rapid notification of data breaches there will always be rumors that governments are deliberately trying to keep news of an incident out of the papers while they continue a frantic hunt for their lost data under the ministerial settee.

You might like

About the author

Graham Cluley runs his own award-winning computer security blog, and is a veteran of the anti-virus industry having worked for a number of security companies since the early 1990s. Now an independent security analyst, he regularly makes media appearances and gives computer security presentations. Send Graham an email, subscribe to his updates on Facebook, follow him on Twitter and App.net, and circle him on Google Plus for regular updates.