By Andy McCue, 29 November 2007 10:58
NEWS
The two lost HM Revenue & Customs CDs containing the personal and financial details of 25 million people could be worth £1.5bn to criminals.
Liberal Democrat acting leader Vince Cable, speaking in the House of Commons, said a single stolen identity is worth £60 on the black market.
Security from A to Z
Click on the links below to find out more...
A is for Antivirus
B is for Botnets
C is for CMA
D is for DDoS
E is for Extradition
F is for Federated identity
G is for Google
H is for Hackers
I is for IM
J is for Jaschan (Sven)
K is for Kids
L is for Love Bug
M is for Microsoft
N is for Neologisms
O is for Orange
P is for Passwords
Q is for Questions
R is for Rootkits
S is for Spyware
T is for Two-factor authentication
U is for USB sticks/devices
V is for Virus variants
W is for Wi-fi
X is for OS X
Y is for You
Z is for Zero-day
He said: "We are therefore considering a stock of criminal value of around £1.5bn, which makes the Brinks Mat robbery the equivalent of stealing the church collection. An enormous amount remains at stake."
But Chancellor of the Exchequer Alistair Darling said: "The police inform me that they still have no evidence or intelligence that this data has fallen into the wrong hands and no evidence of fraud or criminal activity."
Cable also slammed the failure to use encryption technology to secure the data on the lost CDs and said most data being shipped around in government is not being encrypted.
He said: "Encryption is simply not happening. What are the reasons for that? My understanding, from talking to some of the specialists involved, is that IT specialists, mostly freelancers, are needed to encrypt data. The big IT companies are not interested in using them and the civil servants who oversee them do not understand the problem, so encryption is not happening."
Darling faced another grilling from MPs and was accused by shadow chancellor George Osborne of not telling the public the "whole truth" about the loss of the two CDs in Darling's original statement last week.
But Darling responded: "That statement was accurate in every respect in accordance with the information that I had then and have today. I specifically said in my statement that the House would understand that because the investigation was continuing, I was not yet in a position to give a full account of what had happened."
Comments
There are 5 comments. Join the discussion
1. Karen Challinor
so it's worth £1.5Billion to criminals ?
well if they weren't looking for the discs before they sure as hell are looking for them now
2. anonymous
Unfortunately, no-one ever got promoted for increasing costs and introducing delays, so the people that take shortcuts to get quick results are usually the ones making the strategic decisions.
Those of us who care end up working extra hours to attempt to correct the holes in rushed under-resourced systems while the management get a pat on the back no matter what kind of a shambles backs up the pretty new front end.
I'd like to see
-large fines not just for organisations but also for individuals
-no golden handshake rights in such cases
-the information commissioner be able to demand access to email archives etc. to investigate thoroughly.
-A rethink of the Passports/ID cards based on what we know about human failings.
3. anonymous
Now that HMRC have flooded the market with 25million records will the price drop as with other commodities
:-)
4. anonymous
Time for some "decoy" disks?
Although "security through obscurity" is unreliable;
Perhaps we should distribute some "decoy" disks to keep ID criminals busy?
This might even raise useful funds.
(Just don't tell *them* it was my suggestion!)
5. Graham Coles
Eh? '... IT specialists, mostly freelancers, are needed to encrypt data'
Really?
So they obviously couldn't just install a copy of pgp and encrypt the files with a couple of clicks then.
Since when in this day and age has encrypting a couple of exported files ever been so difficult you need to consult with a bunch of freelance IT specialists just to tell you which buttons to press or how to type.
I have clearly underestimated how abysmally poorly government departments are run. They don't know how to select data from their databases, can't encrypt files, ... I feel an intense urge to raise the question of what they would do if one of their incandescent glass spheres ever ceased to illuminate when requested.