Gartner: UK banks could be forced to close accounts after HMRC data loss scandal

UK banks could be forced to close the accounts of all child benefit claimants affected by an HMRC 'operational failure' that resulted in the loss of 25 million records stored on discs, a Gartner analyst has warned.

Share

UK banks could be forced to close the accounts of all child benefit claimants affected by an HMRC “operational failure” that resulted in the loss of 25 million records stored on discs, a Gartner analyst has warned.

And if the banks were forced to take such a step because the data fell into criminal hands it could cost as much as £300m to the UK banking system.

Avivah Litan, a Gartner distinguished analyst, said the data loss is especially serious because it includes bank account details, and the security and fraud detection systems for bank accounts are much less advanced than those for credit cards.

“The data lost – bank account numbers, names and addresses – represents a goldmine for the thieves and is much more valuable to them than credit card numbers or taxpayer ID numbers,” said Litan.

“Even the possibility of such a move will throw the UK banks into emergency response mode, and they will need to closely monitor all fund transfers out of potentially affected accounts.”

Litan said the issue was especially problematic as the UK is shortly due to implement its Faster Payments initiative, which will usher in nearly immediate funds transfer.

Litan said the banks would be on high alert looking for suspicious activity related to the accounts and “at the first sign of any activity would shut down accounts.”

But Litan said the likelihood that the data has fallen into criminal hands was extremely low.

“History shows that a citizen with sensitive account data contained on lost media has a less than 1% chance of falling victim to identity theft,” she said.

Philip Wicks, a consultant for business and technology consultancy Morse, said: “Organisations should put in place technology controls that prevent sensitive and confidential data being copied to disks or any other devices that can be taken offsite.

“If and when there is a need for data to be taken offsite, a special request should be made and granted only when assurances are given on how the data will be secured.”

The lost data appears not have been encrypted, and security specialist McAfee said the data breach was “yet another example of the danger of putting sensitive information on an easy to lose format such as discs and the result of internal policies not being backed up by good security practice.”

Now read:

Chancellor squirms, revenue and customs chief quits over 25 million lost records

Lose an unencrypted laptop 'and face criminal action'

Capgemini to cull 20% of HMRC's Aspire IT staff

HMRC coy on Aspire profit sharing terms

HMRC extends Aspire outsourcing deal in bid to cut costs

HMRC taking 'precautionary measures' after loss of 15,000 records

Queen's Speech: Government boosts data sharing powers

Government defends tripling of HMRC's IT bill for Aspire

Revenue IT chief appointed chief operating officer

HMRC loses laptop with taxpayer data

Editor's blog

Find your next job with computerworld UK jobs