Skip to content

Management

Technology

Toolbox

Training

Books

White Papers

Webcast

Resource Centre


ComputerworldUK CommunIT

Want to join the UK’s fastest growing dedicated IT community? Enter here to browse the UK’s top usergroups, societies and associations.

Public sector organisations management > government & law > news

November 20, 2007

HMRC data loss was theft, claims ex-con Frank Abagnale

Government data loss shows UK ID cards is a bad idea

By Siobhan Chapman

HMRC's loss of 25 million records is evidence that the government can not be trusted with biometric information, and the UK national ID scheme is untenable, according to FBI fraud expert and world renowned ex-con artist Frank Abagnale.

Advert

Chancellor of the Exchequer Alistair Darling admitted that discs containing the records of up to 25 million child benefit claimants were lost in transit to government watchdog the National Audit Office. The lost discs were password protected, but not encrypted, and included bank details.

"It was not just a mistake. I truly believe that someone paid for information to be stolen. It's what happens all the time, that someone acted in collusion with somebody else to steal this data," said Abagnale, author of Catch me if you can and a fraud expert who has worked extensively for the FBI over the past 32 years.

Governments, corporations and local authorities do a "horrible job of protecting data" said Abagnale.

"Don't send sensitive records by courier or through the mail. It's just common sense, and good business practice that someone should not have done that. The UK government needs to do a much better job of protecting the information of it citizens," he said.

"The government would not ship gold bullion via an unsecured courier or method and in today's environment, one needs to understand that sensitive personal data is worth just as much as gold bullion."

He added: "This is what scares me about the concept of UK ID card. Taking all of this information, including biometrics information, and putting into one place is dangerous. It is allowing one weak link in the chain, for instance, a criminal to approach someone to steal information," said Abagnale.

While biometrics is excellent for providing access when entering and leaving buildings, people shouldn't trust the government with their DNA, said Abagnale. "I wouldn't trust them with that information."

"[Governments and corporations] won't spend the money to make [IT systems] as secure as they could be. They will skimp on it. Those are my concerns," he added. "The technology is there. There are hundreds of off the shelf identity management software products out there that can do a good job of controlling the data and controlling who sees the data."

Commonly ID thieves will obtain records and hold them for years after the theft, before embarking on fraudulent activity, said Abagnale, who urged the UK government to provide a long-term and stringent monitoring service.

"The government needs to be more specific about what it is going to do to protect its citizens if their information is out there. They need to offer a monitoring service to monitor credit records for at least three years, because this activity might not surface for a year."

If the data was stolen, then it is likely the thief would sit on this information for a number of years before harvesting identities, said Abagnale.

"Because the records are for younger people, many may not have a credit record yet. Once they reach adulthood, they could find their identity has been sold before they've even started on life."

HMRC's data loss highlights the difference between data breach notification laws in the US and the UK, said Abagnale. The UK government waited more than 10 days to notify parliament and the public of the breach. But n the US, under current laws, the government would have had to notify everyone affected immediately.

Now read:

Lose an unencrypted laptop 'and face criminal action'

Gartner: UK banks could be forced to close accounts after HMRC data loss scandal

Capgemini to cull 20% of HMRC's Aspire IT staff

HMRC coy on Aspire profit sharing terms

HMRC extends Aspire outsourcing deal in bid to cut costs

HMRC taking 'precautionary measures' after loss of 15,000 records

Queen's Speech: Government boosts data sharing powers

Government defends tripling of HMRC's IT bill for Aspire

Revenue IT chief appointed chief operating officer

HMRC loses laptop with taxpayer data

Editor's blog

Follow highlights from ComputerworldUK on Twitter
Sign up for our Daily Newsletter
The UK IT News widget Get it for your site!

« prev article | more government & law news | next article »

Advert

close

Email this article to a friend or colleague:




PLEASE NOTE: Your name is used only to let the recipient know who sent the story, and in case of transmission error. Both your name and the recipient's name and address will not be used for any other purpose.

close
  • This article is now being printed.
close

What are your views on this subject? Use the form below to post a comment on this article up to 1000 characters.


Characters remaining:

close

Click below to add 'HMRC data loss was theft, claims ex-con Frank Abagnale - Public sector organisations - ComputerworldUK' to your blog.



If you do not have a ComputerworldUK Account and would like to use this feature, please Register.

If you are a registered, logged-in user, this will post the title and first paragraph of this story to your blog to share with your readers.

What is this?

Comments received

Jamie Jamieson said on Tuesday, 20 November 2007

UK consumers take simple proactive steps to protect themselves from ID Theives.

They can render their personal information worthless to those who'd use it to obtain credit cards, loans or open bank accounts.

visit www.freeidprotection.co.uk

Mabon Dane said on Wednesday, 21 November 2007

Another concern is that the powers that be waited a month before going public that the data was stolen.

Ian Gillett said on Monday, 03 December 2007

My company SLR Software have a solution to prevent this kind of data loss in the future - we have approached HMRC and other government members such as John Hutton, the point is this is totally avoidable; we are still waiting for a response:
www.sendbyrake.com

Advert

WHITE PAPERS

  • Legal risks: Employee use of the internet and email
    Exploring the challenges facing IT Mangers today and vital steps to ensure safe internet an email use by employees.
  • Phishing for victims
    This White Paper examines the phenomenon of phishing. It explains the potentially catastrophic threat it presents to all kinds of organisation. Exploding some widespread myths, it lights up the murky waters where phishing first emerged and where it continues to evolve. But it also highlights what your business can do to blunt the threat.
  • Challenges and opportunities of PCI
    The control framework implicit in the Payment Card Industry Data Security Standard (PCI DSS) provides an enterprise structure for improving operational, security, and audit performance.
  • Social CRM comes of age
    Who is this “social customer”? What strategies and tools does the new breed of CRM provide to do something about this?
  • Risk Management: Protect and Maximize Stakeholder Value
    What has held organisations back from a broader adoption of risk management programs?
*