You are here

Another true tale from the national security state

Section: Daily Dispatches

These are the people who "regulate" banks
and brokerage houses, make us undress at
the airport, and sell gold and silver
cheap and then try to confiscate it when
it's dear ....

* * *

Data on 25 Million Benefits Claimants Lost in Post

By Gordon Rayner and Andrew Porter
The Telegraph, London
Tuesday, November 20, 2007

http://www.telegraph.co.uk/news/main.jhtml?xml=/news/2007/11/20/ncustoms...

Every parent in the country has been put at risk of fraud and identity theft after the Government lost 25 million personal records in Britain’s worst ever data protection breach.

Two compact discs containing bank details and addresses of 9.5 million parents and the names, dates of birth and National Insurance numbers of all 15.5 million children in the country went missing after a junior employee of HM Revenue and Customs put them in the post, unrecorded and unregistered.

Alistair Darling, already under pressure over the Northern Rock crisis, revealed the "inexcusable" blunder to incredulous MPs, admitting that there was still no trace of the CDs more than a month after they went missing.

The Chancellor, who first learnt of the "catastrophic" breach eleven days ago but only disclosed the first details, insisted there was no evidence the information "has found its way into the wrong hands."

But experts warned that the data could be hoarded for years by criminal gangs before being used to commit fraud on an unparalleled scale.

It means every family in the country will have to remain vigilant for years to come, keeping a close watch on their finances for any sign of fraud.

The discs -- which were not encrypted -- also contained all the information a criminal would need to commit identity theft by applying for loans, credit cards and goods in someone else's name.

Children's charities also warned that the information would be "extremely useful" to paedophiles who could target specific children and pose as their parents.

The failure by an agency which reports directly to Mr Darling piled further pressure on the Chancellor in a week when he has already faced huge criticism of his handling of the Northern Rock crisis and on the same day that figures showed he was likely to overshoot his £38billion borrowing target for the year.

Shadow Chancellor George Osborne also suggested the fiasco marked the "final blow" for the government's controversial National Identity Card scheme because "they simply cannot be trusted with people's personal information."

As well as questions over how the CDs could ever have been allowed to get into the postal system, Mr Darling was grilled over why the public had been kept in the dark for so long.

The CDs were posted on October 18 from HMRC's offices near Newcastle, but failed to arrive at their destination, the National Audit Office in London.

Managers at HMRC were not informed until November 8, and Mr Darling was told on November 10, but the police were not called in until November 15 -- a week after managers were told and five days after Mr Darling knew about it.

HMRC said the staff member who sent the CDs assumed they had gone missing in the postal strike or in an office move by the NAO and kept quiet "hoping that it would turn up."

Paul Gray, chairman of HMRC, resigned over the affair, but Mr Darling has not offered to quit.

Searches for the CDs -- which were being handled by parcel firm TNT -- are being carried out by the Metropolitan Police and an inquiry into HMRC's breach of its own data protection rules has been launched by the Independent Police Complaints Commission.

Mr Darling has also ordered an independent review of security procedures at HMRC, which admitted just days ago to losing CDs with the records of 15,000 Standard Life customers on them.

Mr Darling, who looked shellshocked as he revealed the scale of the security breach to parliament, tried to reassure parents that measures had already been put in place to prevent the information being used for fraud, but advised all families to "check their bank statements for any unusual activity."

He said: "The missing information contains details of all Child Benefit recipients: records for 25 million individuals and 7.25 million families.

"These records include the recipient and their children’s names, addresses and dates of birth. It includes Child Benefit numbers, National Insurance numbers, and, where relevant, bank or building society details."

The missing details account for almost half the entire UK population.

Child Benefit is paid to the parents of every child in the country, regardless of their income, and can be paid up to the age of 20 if the teenagers are studying for A-levels or on an approved training scheme.

HMRC said the CDs had the details of 15.5 million children, 7.25 million claimants, and 2.25 million "alternative payees" -- spouses or carers.

It confirmed that every parent in the country with children under 16 -- even the Prime Minister himself -- was affected.

Banks and building societies are now bracing themselves for a flood of requests from customers to change passwords and pin numbers, many of which are based on family names and dates of birth.

There were gasps in the Commons as Mr Darling outlined the background to the security breach.

He said the chain of events began in March when a junior official at HMRC’s offices in Washington, Tyne and Wear, sent two CDs containing its entire Child Benefit data to the NAO at the NAO's request.

On that occasion the CDs arrived and were returned safely.

Then in October the NAO made a similar request "and again at a junior level and again contrary to all HMRC standing procedures" two password-protected CDs were sent in the post using the courier TNT.

Mr Darling added: "The package was not recorded or registered. It appears the data has failed to reach the addressee in the NAO." Incredibly, when it became obvious the CDs had not arrived, "a further copy was sent by registered post which did arrive."

To ironic laughs from opposition MPs, Mr Darling added: "It is highly likely that there have been breaches of the Data Protection Act."

Mr Osborne said the Chancellor had "compromised the safety and security of every family in the land."

He added: "Half the country will be very anxious about the safety of their family and the security of their bank accounts and the whole country will be wondering how on earth the Government allowed this to happen. What is the point of this house passing laws to protect the privacy of personal information if those laws are not even enforced in the heart of Government?"

Acting LibDem leader Vincent Cable suggested the Treasury had now replaced the Home Office as the department "not fit for purpose."

Explaining the delay in going public with the news, Mr Darling said banks had asked for as much time as possible to "put in place safeguards to protect people's accounts."

He added: "If someone is the innocent victim of fraud as a result of this incident, people can be assured that they have protection under the Banking Code so they will not suffer any financial loss as a result."

Frank Abagnale, the reformed fraudster whose life story was turned into the film "Catch Me If You Can," told the Daily Telegraph: "If I had to bet I'd say someone internal had been paid to allow that information to be stolen. They knew it was extremely sensitive."

Mr Abagnale, now a leading consultant on fraud and identity theft who has advised the British Government on its ID card plans, said: "If you have this data you are not going to use it today, not even this year, but perhaps in two to three years time the breach will show up.

"To the criminal, the longer they sit on this information the more valuable it can become. They can sell off the information a bit at a time. People can change their bank, their credit card, but they cannot change their name and date of birth, or national insurance number, and that is why this data is so valuable."

Mr Abagnale agreed that ID cards were a bad idea because: "You cannot trust any agency with people's personal data."

Michelle Elliott, of children's charity Kidscape, said: "Could it be any worse? Every parent in the country should be in uproar about this. We are in a society where people won't even allow their children's names to be printed in local papers because they are afraid that information will be used by paedophiles, and now the details of every child and parent in the country is out there, perhaps in criminal hands. It goes without saying this data would be extremely useful to paedophiles."

* * *

Join GATA here:

Vancouver Resource Investment Conference
Sunday-Monday, January 20-21,2008
Vancouver, British Columbia, Canada
http://www.cambridgeconferences.com/

* * *

Help Keep GATA Going

GATA is a civil rights and educational organization based in the United States and tax-exempt under the U.S. Internal Revenue Code. Its e-mail dispatches are free, and you can subscribe at http://www.gata.org/.

GATA is grateful for financial contributions, which are federally tax-deductible in the United States.