- 2007 UK child benefit data scandal
The 2007 UK child benefit data scandal was a
data breach incident in October 2007, when two computer discs owned byHer Majesty's Revenue and Customs containing data relating tochild benefit went missing. The incident was announced by theChancellor of the Exchequer ,Alistair Darling , on20 November ,2007 . The two discs contained the personal details of all families in theUnited Kingdom claimingchild benefit ,cite web|title=Darling admits 25 million records lost|url=http://news.bbc.co.uk/1/hi/uk_politics/7103566.stm|work=BBC|accessdate=2007-11-20] of which takeup in the UK is near 100%.cite web|title=Pressure on Darling over records|url=http://news.bbc.co.uk/1/hi/uk_politics/7104840.stm|work=BBC|accessdate=2007-11-22]The loss
The discs were sent by junior staff at HM Revenue and Customs (HMRC) based at Waterview Park in Washington,
Tyne and Wear , to the National Audit Office (NAO), as unrecorded internal mail viaTNT N.V. onOctober 18 . OnOctober 24 the NAO complained to the HMRC that they had not received the data. OnNovember 8 , senior officials in HMRC were informed of the loss, withChancellor of the Exchequer ,Alistair Darling being informed onNovember 10 . OnNovember 20 , Darling announced:The lost data was thought to concern approximately 25 million people in the UK (nearly half of the country's population). The personal data on the missing discs was reported to include names, addresses and dates of birth of children, together with the
National Insurance numbers and bank details of their parents.cite web|title=UK's families put on fraud alert|url=http://news.bbc.co.uk/1/hi/uk_politics/7103566.stm|work=BBC|accessdate=2007-11-20]The "password protection" in question is that provided by
WinZip version 8 (eight).cite web|title=HMRC Lost Discs & Encryption|url=http://catless.ncl.ac.uk/Risks/24.93.html#subj14] This is a weak, proprietary scheme (unnamed encryption and hash algorithms) with well known attacks [cite web
accessdate=2008-02-05
url=http://www.password-crackers.com/en/articles/12/
title=Password Recovery/Cracking FAQ] . Anyone competent in computing will be able to break this protection by downloading the published tools which break this protection. Ironically, WinZip version 9 (nine) introducedAES encryption (with unnamed hash algorithms), which would have been secure and only breakable by correctly knowing thepassphrase in known practice.In a list of frequently asked questions,cite web|title=Data disaster: Your queries answered|url=http://news.bbc.co.uk/1/hi/business/7105592.stm|work=BBC|accessdate=2007-11-21 ] on the BBC news web site a breakdown of the loss was reported as being:
* 7.25 million claimants
* 15.5 million children, including some who no longer qualify but whose family is claiming for a younger child
* 2.25 million 'alternative payees' such as partners or carers
* 3,000 'appointees' who claim the benefit under court instructions
* 12,500 agents who claim the benefit on behalf of a third partyWhilst government ministers claimed that a junior official was to blame, the Conservatives said that the fault lay in part with senior management. This was based on a claim that the National Audit Office had requested that bank details be removed from the data before it was sent, but that the HMRC had denied this request, because it would be "too costly and complicated".cite web|title=Fresh questions over data crisis |url=http://news.bbc.co.uk/1/hi/uk_politics/7106987.stm|work=BBC|accessdate=2007-11-22] Emails released on
22 November confirmed that senior HMRC officials had been made aware of the decision on cost grounds not to strip out sensitive information. [ [http://www.nao.org.uk/publications/nao_reports/07-08/child_benefit_data.pdf Email from HMRC to NAO] ,13 March 2007 . NAO website. Retrieved on23 November 2007 .] The cost of removing sensitive information has been given as £5,000. [ [http://www.telegraph.co.uk/news/main.jhtml;jsessionid=BHD1MPEHRMT3VQFIQMGSFFOAVCBQWIV0?xml=/news/2007/11/23/ncustoms223.xml £5,000 would have made HMRC discs safe] ,23 November 2007 . telegraph.co.uk. Retrieved on25 November 2007 .] Although the cost was found to be substantially less (£650) in an academic study. [ [http://www.port.ac.uk/aboutus/newsandevents/frontpagenews/title,73969,en.html Removal of sensitive child benefit data would have cost £650] ,19 December 2007 . www.port.ac.uk. Retrieved on20 December 2007 .]According to a IT
trade journal Computer Weekly , it said that back in March 2007, the NAO had asked for completed information of the child benefit database to be send by post on CDs, instead of a sample of the database. The first time this was done, things went smoothly, and the package was registered post. However this time, it was unregistered through the courier. [cite web|url= http://www.computerweekly.com/Articles/2007/11/21/228217/missing-child-benefit-cds-what-went-wrong-and-why-it-would-have-carried-on.htm |title=Missing child benefit CDs: what went wrong, and why it would have carried on regardless|work=ComputerWeekly.com|accessdate=2007-12-17 ]It was later revealed on the
17 December 2007 , that the data protection manual for HMRC was in itself under restriction to only senior members of staff, not junior civil servants who had just a summary of what the manual says on security. [ cite web|url=http://www.theregister.co.uk/2007/12/17/hmrc_manual/ |title=HMRC manual on data protection was protected data |work=The Register |accessdate=2007-12-17]This was followed by several other data scandals. On the 17th of December, it was revealed by
Ruth Kelly that the details of three million L-drivers were lost in theUSA . However, name, address, phone number, the fee paid, the test centre, payment code ande-mail where the only details lost, so not much of a panic was caused due to little risk offraud . On the23 December , it was revealed that nine NHS trusts had also lost the data of hundreds of thousands of patients, some of it archive information, some of it medical records, contact details and soft financial data. A few other trusts also lost data, but found it fairly quickly. Several other UK firms have also admitted security failings. [cite web
accessdate=2008-02-05
url=http://www.computing.co.uk/computing/news/2205478/firms-admit-two-cases-personal
title=Firms admit to two more cases of personal data loss
date=2007-12-11]Response
Darling stated that there was no indication that the details had fallen into criminal hands, but he urged those affected to monitor their bank accounts. He said "If someone is the innocent victim of fraud as a result of this incident, people can be assured they have protection under the Banking Code so they will not suffer any financial loss as a result." HMRC then set up a Child Benefit Helpline for those concerned about the data loss.
The incident was a breach of the UK's
Data Protection Act and resulted in the "resignation" of HMRC chairman Paul Gray. This resignation emerged not to be the expected slap on the fingers as he was subsequently found to be [http://www.channel4.com/news/articles/politics/domestic_politics/paul+gray+back+at+work/1136847 working at Cabinet Office] , effectively a promotion. cite web | url=http://politics.guardian.co.uk/economics/story/0,,2214109,00.html | title=Personal details of every child in UK lost by Revenue & Customs | work=The Guardian | accessdate=2007-11-20 ] TheMetropolitan Police and theIndependent Police Complaints Commission are both investigating the security breach, and uniformed police officers have been investigating HMRC offices. The loss led to much criticism by the Acting Leader of theLiberal Democrats Vince Cable and Shadow ChancellorGeorge Osborne . Osborne said:In addition he said that it was the "final blow for the ambitions of this government to create a national ID database". Cable also criticised the use of disks in the modern age of electronic data transfer. Spokespersons for
Gordon Brown , however, said that the Prime Minister fully supported Darling, and said that Darling had not expressed any intention to resign.The general reaction of the public was one of anger and worry. Banks, individuals, businesses and government departments are now much more vigilant over data fraud and identity theft and the government has pledged to be more careful with data. The public and media are particularly angry over the fact that the data was not registered or recorded, and that it was not encrypted.
Nick Assinder, a political correspondent at the
BBC , expressed the opinion that he believed Darling to be "on borrowed time".cite web|url=http://news.bbc.co.uk/1/hi/uk_politics/7104152.stm|title=Assessing the political damage, Darling and Brown|work=BBC|accessdate=2007-11-20] George Osborne, who questioned whether Darling was "up to the job", suggested that it would be a matter of days before a decision was made regarding Darling's future. [http://news.bbc.co.uk/1/hi/uk_politics/7104945.stm "Ministers under fire over records"]BBC News retrievedNovember 21 2007 ]TNT stated that, as the delivery was not recorded, it would not be possible to even ascertain if it had actually been sent, let alone where it went. [ [http://news.sky.com/skynews/article/0,,30100-1293706,00.html CDs 'May Never Have Left The Building']
Sky News - retrievedNovember 22 2007 ]References
External links
* [http://www.parliament.the-stationery-office.co.uk/pa/cm200708/cmhansrd/cm071120/debtext/71120-0004.htm Alistair Darling's statement to Parliament]
* [http://www.hmrc.gov.uk/childbenefit/customer-update.htm HMRC letter of apology]
* [http://news.bbc.co.uk/2/hi/uk_news/politics/7104945.stm Brown apologizes for records loss] , with timeline of events
Wikimedia Foundation. 2010.