Themes & Channels
Britain hit by worst identity theft ever
By Jerome Saiz, Fri, November 23rd, 2007
Jump right to our comments
Two hard disks containing the private data of about half the British population were lost during a postal transfer.
In what accounts for one of the worst identity theft in Britain today, private data from 25 million adults and children disappeared when two hard disks were lost by the postal office during a regular transfer.
The package was not tracked, and while access to both disks was password protected according to UK officials (but they did not explain how), the data itself was not encrypted.
The data lost was a collection of names, addresses, dates of birth, national insurance numbers and for some citizens also banking details. It concerned families enrolled in the State-run child benefit program and getting monthly payments.
Police has been mobilized to track the missing package, while authorities reassured the population claiming there is no evidence yet of any wrong doing with this data. Nevertheless, the chairman of the government body in charge of the child benefit program resigned over this issue.
According to a Gartner estimate this theft could cost banks a total of £244 million.
Our comments :
Considering the only real solution to protect data in such a case would be encryption, the claim from authorities that the disks were "password protected" might as well be interpreted as a total lack of protection. Hard disks password protection solutions are indeed offered on the market, but unless it's a hardware solution embedded in the disk controller and doing full on-the-fly encryption of the data, it's a faint protection at best.
Print this news
Into IAM ?
The IAM 2008 Series
SecurityNewsletter interviews major Identity & Access Management players to give you the lead on what IAM will be in 2008.