UK government loses data on as many as 25 million people
Calling it a data breach is an understatement. The UK government has lost child benefit data on as many as 25 million people in its country, making it the largest loss of personal information ever reported.
The information was included on two discs and was only password protected and not encrypted, meaning it could be fairly easy to get at. The data includes names, dates of birth, bank account, and address details. The discs went missing from Her Majesty's Revenue and Customs (HMRC) office.
HMRC Board member Dave Hartnett wrote an apology to all affected on the agency's Web site. "I would like to offer my personal apologies for any worry or concern this data loss may cause you. And I can assure you that all efforts are being made to ensure that such a loss can never happen again," he said.
All banks where information had been compromised had been alerted to the breach and put "safeguards" in place to protect those affected, Hartnett continued. He also vowed that consumers who were victims of fraud as a result of this data loss would not be held accountable.
About 7.5 million families in total are at risk, which could amount to as much as 40 percent of the entire population of the UK. It was not immediately clear if the data may include the same person multiple times, so the exact percentage of the population affected is not currently known.
HMRC was first alerted to the loss November 10, and after the discs were not found a police report was filed four days later. As of press time, the discs had still not been found although police had no reason to suspect they had fallen into the hands of someone with nefarious intent.
Nonetheless, the data loss has politicians up in arms. At a question and answer session of the House of Commons Wednesday -- typically cantankerous so as it is -- Parliamentarians heavily criticized Gordon Brown, the UK prime minister, especially from the other side of the aisle.
Conservative leader David Cameron said that the government had failed to protect the public. "What people want from their prime minister on a day like this is to show some broad shoulders, be the big man and accept some responsibility," he was quoted by the BBC as telling Brown.
To his defense, Brown said he had ordered a review and gave his Information Commissioner the authority to order spot checks in the future to ensure such a loss does not happen again.
But it's not the first time the HMRC has had a problem with misplacing sensitive data. In September, a third-party carrier lost a password-protected disc with information on 15,000 Standard Life insurance customers.