To print: Click here or Select File and then Print from your browser's menu

This story was printed from silicon.com, located at http://www.silicon.com/

Story URL: http://www.silicon.com/financialservices/0,3800010322,39169318,00.htm

HMRC data breach prompts password and PIN changes
But not everyone has made moves...

By Tim Ferguson

Published: Thursday 29 November 2007

A week after HM Revenue & Customs (HMRC) admitted it has misplaced the personal records of an estimated 25 million people, it seems not everyone is concerned about the potential implications.

It emerged last week that HMRC has lost two password-protected CDs containing records of people receiving child benefit payments - as well as those of their children - with information such as names, addresses and bank details.

Security from A to Z

Click on the links below to find out more...

A is for Antivirus
B is for Botnets
C is for CMA
D is for DDoS
E is for Extradition
F is for Federated identity
G is for Google
H is for Hackers
I is for IM
J is for Jaschan (Sven)
K is for Kids
L is for Love Bug
M is for Microsoft
N is for Neologisms
O is for Orange
P is for Passwords
Q is for Questions
R is for Rootkits
S is for Spyware
T is for Two-factor authentication
U is for USB sticks/devices
V is for Virus variants
W is for Wi-fi
X is for OS X
Y is for You
Z is for Zero-day

And despite the increased fears around identity fraud, around 30 per cent of adults who receive child benefit payments have yet to take any action, according to a YouGov survey of 435 adults.

But the UK payments association, Apacs, is encouraged as 62 per cent of those surveyed have checked their bank statements for any unusual transactions.

Some have gone even further, with 10 per cent of those surveyed changing their bank account password and six per cent changing their PIN.

Sandra Quinn, Apacs director of communications, said the survey indicates banks' customers haven't panicked and the majority are following the advice issued.

She added that customers need do no more than be extra vigilant - and carry out simple security checks they should be doing anyway - as there is no evidence the information has fallen into the wrong hands.

The banking industry has said the account details contained in the HMRC records would not be enough for fraudsters to access bank accounts, as additional security information is always required.

But customers using their child's name or date of birth as a password - information which is contained in the lost records - are advised to think strongly about changing them.