By Tom Espiner, 18 December 2007 08:58
NEWS
The Driving Standards Agency has admitted losing more than three million learner drivers' details.
In a speech to Parliament yesterday, transport minister Ruth Kelly said the details had been lost by a third-party contractor, Pearson Driving Assessments Ltd, in May of this year.
silicon.com's A to Z of Biometrics
Click on the links below to find out everything you'll need to know about biometric security.
A is for Accuracy
B is for Behavioural biometric
C is for Cash machine
D is for Database
E is for Ear
F is for Facial recognition
G is for Gummi bears
H is for Hand geometry
I is for Iris
J is for Juan Vucetich
K is for Keystroke dynamics
L is for Liveness testing
M is for Mobile phones
N is for Network security
O is for Oxford
P is for Palm
Q is for Queues
R is for Registration
S is for Signature verification
T is for Twins
U is for Universality
V is for Voice verification
W is for Walk
X is for X-ray
Y is for Young
Z is for Zurich Airport
Kelly said: "Pearson Driving Assessments Ltd, a private contractor to the Driving Standards Agency, informed the agency that a hard disk had gone missing from its secure facility in Iowa City, Iowa. The hard-disk drive contained the records of just over three million candidates for the driving theory test."
The lost details included names, postal addresses, email addresses and telephone numbers of people who participated in the test between September 2004 and April this year.
She said: "The lost hard disk did not contain bank account and credit card details, driving licence or national insurance numbers." Kelly added that the disk had been formatted specifically for Pearson systems "and, as such, is not readily usable or accessible by third parties".
Kelly said the Information Commissioner's Office had been informed of the loss and, while being concerned at the scale of the breach, had deemed it unnecessary to contact individuals involved as there appeared to be "no substantial risk" connected to the loss of their data.
Pearson now uses electronic transfer in place of hard disks, said Kelly.
The speech was made by Kelly in response to the loss of over 7,600 motorists' details by the Northern Ireland Driver and Vehicle Agency earlier this month, and follows the loss by Her Majesty's Revenue & Customs of 25 million details of people claiming and receiving child benefit. Kelly divulged the learner-driver data loss during the speech "in the interests of greater transparency".
Tom Espiner writes for ZDNet.co.uk
Comments
There are 10 comments. Join the discussion
1. Roger Huffadine
Nothing changes - People are still the biggest security risk in any sort of operation.
2. Mike Grenville
No one seems to have asked what this data doing in Iowa, USA. I thought that EU Data Protection laws meant that data could not be exported to the USA without permission because of their different data protection standards.
Now we see the reason why!
3. Richard Davies
How can you lose something from inside a 'secure facility'!?! Surely this must mean that it was actually a 'not so secure facility'.
Nothing more to say really other than...what a surprise!
Another apology and off they go again...losing some more of our data!
4. Tim Roberts
Don't blame the government.
Though I'd love to kick them while they are down, it's not their fault this time, but of sloppy, lazy IT people, and managers with no imagination, or concept of risk.
Even my (tiny) company's management reports are encrypted before emailing. And data needs far more care - since misuse can have an effect out of all proportion to its internal value.
5. Karen Challinor
so it's in a special format woo!
no one has mentioned the word "encrypted" so I am led to believe that it's isn't
it is probably just a different layout on disk, most likely a sixteen bit word with swapped bytes format like in the hard drive of my PVR which can be decoded with a fivers worth of hardware
or maybe it's specially formatted to be hot swappable in a novell server
half an hour with any unix machine and the data will be in human readable form on any media you desire
highly secure, I'm sure you'll agree
can we have some IT literate ministers who actually know what they are talking about to tell us these things next time or are the few that exist hiding under their beds because they know how bad things are \/
so having disposed of the "not readily accessible" portion we are left with lists of names and addresses of people we know are learning to drive, insurance scammers at the ready who wants a list of their names and addresses ?
that distant rumbling noise is a stampede
and as Mr Grenville says what was the data doing in the US anyway there are supposed to be laws against it's export ... oh silly me I was forgetting laws only apply to you and me they don't apply to the government
6. anonymous
Following all these headlines the one i want to see is:
"MP's personal data goes missing", this data included salary's, bank details addresses, expenses etc.
Regretably this will never appear as they are a bit more carefull with their own info.
7. Matt Fisher
When the HMRC crisis was revealed, we predicted it would be the tip of the iceberg in terms of data breaches. This latest episode confirms that this is indeed the case. The fact that we are suddenly seeing more and more incidents of data loss highlights a fundamental problem within both businesses and Government institutions - they are not taking the issue of data security seriously enough.
While it is undoubtedly crucial that organisations have procedures and technologies in place to prevent a breach or protect the data should one happen, underlying behaviours and attitudes also need to change. Consumers place huge amounts of faith in organisations to keep their information safe. These organisations must, in turn, demonstrate they take this responsibility seriously and are doing their utmost to keep personal data secure. Is it therefore time for the Government to pass a full disclosure bill whereby all data breaches have to be made public and the appropriate disciplinary proceedings taken?
8. Bob Watt
Twenty-five years ago, industry began to adopt EDI, which - if properly implemented - allowed this sort of data to be moved about with minimal risk of loss or falling into the wrong hands.
So what happened ?.
9. Bart Patrick, SAS UK
The recent spate of data breaches illustrates just how vigilant both companies and consumers need to be when dealing with personal data. Twenty or so years ago losing a hard disk drive containing citizen information would not have been possible without a truck. But today, with the portability of vast quantities of data coupled with the sophistication and evolution of fraudsters, we all need to be on our guard both from a business and personal perspective.
We cannot underestimate the intelligence of these fraudsters, who will continue to develop their methods to break down any security barriers that are put in place.
Businesses need to introduce a culture that values information, nutures, uses and shares it appropriately and vigilantly. As individuals, we need to understand that we now live in a society where fraud is all around us and that our personal details are valuable pieces of information to criminals. We have not had to think of our data in this way and must become accustomed to doing so. We all need to be suspicious as far as our personal details are concerned and adopt basic security measures to protect ourselves.
10. GALLEY SLAVE#41
You couldn't make it up could you!
HOW MUCH MORE HAVE THE NUMTIES LOST THAT WE DON'T KNOW ABOUT YET?