Loss of Personal Data from HMRC - 26-Nov-07
You will be aware from the Press that some CDs being sent between HM Revenue and Customs (HMRC) and the National Audit Office (NAO) are unable to be traced.
These CDs contain child benefit details of some 7.25 million families (about
25 million people), with information including names, addresses, dates of birth, bank account and National Insurance numbers.
What does it do?
The status of these discs is unknown, with the Metropolitan Police currently investigating the event: the Chancellor of the Exchequer, Alistair Darling MP, has stated that there is no suggestion that anything untoward had happened as a result of the discs' loss to date.
Of concern is that should the discs fall in to the wrong hands, the information could be useful to criminals, and aid Identity Fraud.
How do I fix it?
As a precaution, ITsafe subscribers are recommended to:
- Ensure you are following good password procedures as explained by our
partners at GetSafeOnline
(http://www.getsafeonline.org/nqcontent.cfm?a_id=1127): if any of your passwords are things like date of birth or name, these should be changed
- Do not give out any personal information or account information if
anyone contacts you unexpectedly, and in particular be vigilant for spoof emails, which could, if this additional information became available, look
more convincing if they claim to come from HMRC or banks. HMRC have some
existing guidance about this (http://www.hmrc.gov.uk/security/spoofs.htm)
- Monitor your bills, invoices, receipts and bank statement entries for
things you do not recognise, and if you find any, inform your bank
immediately: if you are the innocent victim of banking fraud you will not have to pay
ITsafe's Small and Medium Sized business customers are recommended to also review their procedures for storing and sending any personal or otherwise sensitive information in the light of these events, to ensure they would not encounter any similar potential Data Protection problems should such electronic information become mislaid or stolen.
Details of Specific Problem
Further details on the issue is available from HMRC and from APACS, the Banking organisation:
- HMRC statement (http://www.hmrc.gov.uk/childbenefit/customer-update.htm)
- APACS statement
(http://www.apacs.org.uk/BankingindustryresponsetoHMRCdatacomprise.html)
Source: ITsafe Team
Making IT safe for You
http://www.itsafe.gov.uk
The UK Government Alerting and Advisory Service for Information and Communications Technologies (ICT) Security
|
|
|
|
