2007 UK child benefit data scandal
Encyclopedia
The loss of United Kingdom child benefit data was a data breach incident in October 2007, when two computer discs
Data storage device
thumb|200px|right|A reel-to-reel tape recorder .The magnetic tape is a data storage medium. The recorder is data storage equipment using a portable medium to store the data....

 owned by Her Majesty's Revenue and Customs
Her Majesty's Revenue and Customs
Her Majesty's Revenue and Customs is a non-ministerial department of the UK Government responsible for the collection of taxes and the payment of some forms of state support....

 containing data relating to child benefit
Child benefit
Child benefit is a social security payment disbursed to the parents or guardians of children. Child benefit is means-tested in some countries.-Australia:...

 went missing. The incident was announced by the Chancellor of the Exchequer
Chancellor of the Exchequer
The Chancellor of the Exchequer is the title held by the British Cabinet minister who is responsible for all economic and financial matters. Often simply called the Chancellor, the office-holder controls HM Treasury and plays a role akin to the posts of Minister of Finance or Secretary of the...

, Alistair Darling
Alistair Darling
Alistair Maclean Darling is a Scottish Labour Party politician who has been a Member of Parliament since 1987, currently for Edinburgh South West. He served as the Chancellor of the Exchequer from 2007 to 2010...

, on 20 November 2007. The two discs contained the personal details of all families in the United Kingdom
United Kingdom
The United Kingdom of Great Britain and Northern IrelandIn the United Kingdom and Dependencies, other languages have been officially recognised as legitimate autochthonous languages under the European Charter for Regional or Minority Languages...

 claiming child benefit
Child benefit
Child benefit is a social security payment disbursed to the parents or guardians of children. Child benefit is means-tested in some countries.-Australia:...

, of which takeup in the UK is near 100%.

The loss

The discs were sent by junior staff at HM Revenue and Customs
Her Majesty's Revenue and Customs
Her Majesty's Revenue and Customs is a non-ministerial department of the UK Government responsible for the collection of taxes and the payment of some forms of state support....

 (HMRC) based at Waterview Park in Washington
Washington, Tyne and Wear
Washington is a town in the City of Sunderland in Tyne and Wear, England. Historically part of County Durham, it joined a new county in 1974 with the creation of Tyne and Wear...

, Tyne and Wear
Tyne and Wear
Tyne and Wear is a metropolitan county in north east England around the mouths of the Rivers Tyne and Wear. It came into existence as a metropolitan county in 1974 after the passage of the Local Government Act 1972...

, to the National Audit Office
National Audit Office (United Kingdom)
The National Audit Office is an independent Parliamentary body in the United Kingdom which is responsible for auditing central government departments, government agencies and non-departmental public bodies...

 (NAO), as unrecorded internal mail via TNT N.V.
TNT N.V.
TNT N.V., more commonly known as TNT, is an international express and mail delivery services company with headquarters in Hoofddorp, Netherlands. In the Netherlands, TNT operates the national postal service under the name TNT Post. The group also offers postal services in eight other European...

 on October 18. On October 24 the NAO complained to the HMRC that they had not received the data. On November 8, senior officials in HMRC were informed of the loss, with Chancellor of the Exchequer
Chancellor of the Exchequer
The Chancellor of the Exchequer is the title held by the British Cabinet minister who is responsible for all economic and financial matters. Often simply called the Chancellor, the office-holder controls HM Treasury and plays a role akin to the posts of Minister of Finance or Secretary of the...

, Alistair Darling
Alistair Darling
Alistair Maclean Darling is a Scottish Labour Party politician who has been a Member of Parliament since 1987, currently for Edinburgh South West. He served as the Chancellor of the Exchequer from 2007 to 2010...

 being informed on November 10. On November 20, Darling announced:
The lost data was thought to concern approximately 25 million people in the UK (nearly half of the country's population). The personal data on the missing discs was reported to include names, addresses and dates of birth of children, together with the National Insurance
National Insurance
National Insurance in the United Kingdom was initially a contributory system of insurance against illness and unemployment, and later also provided retirement pensions and other benefits...

 numbers and bank details of their parents.

The "password protection" in question is that provided by WinZip
WinZip
WinZip is a proprietary file archiver and compressor for Microsoft Windows and Mac OS X, developed by WinZip Computing...

 version 8. This is a weak, proprietary scheme (unnamed encryption and hash
Hash function
A hash function is any algorithm or subroutine that maps large data sets to smaller data sets, called keys. For example, a single integer can serve as an index to an array...

 algorithms) with well known attacks. Anyone competent in computing would be able to break this protection by downloading readily-available tools. WinZip version 9 introduced AES
Advanced Encryption Standard
Advanced Encryption Standard is a specification for the encryption of electronic data. It has been adopted by the U.S. government and is now used worldwide. It supersedes DES...

 encryption (with unnamed hash
Hash function
A hash function is any algorithm or subroutine that maps large data sets to smaller data sets, called keys. For example, a single integer can serve as an index to an array...

 algorithms), which would have been secure and only breakable by correctly knowing the passphrase
Passphrase
A passphrase is a sequence of words or other text used to control access to a computer system, program or data. A passphrase is similar to a password in usage, but is generally longer for added security. Passphrases are often used to control both access to, and operation of, cryptographic programs...

.

In a list of frequently asked questions, on the BBC news web site a breakdown of the loss was reported as being:
  • 7.25 million claimants
  • 15.5 million children, including some who no longer qualify but whose family is claiming for a younger child
  • 2.25 million 'alternative payees' such as partners or carers
  • 3,000 'appointees' who claim the benefit under court instructions
  • 12,500 agents who claim the benefit on behalf of a third party


Whilst government ministers claimed that a junior official was to blame, the Conservatives said that the fault lay in part with senior management. This was based on a claim that the National Audit Office had requested that bank details be removed from the data before it was sent, but that the HMRC had denied this request, because it would be "too costly and complicated".
Emails released on 22 November confirmed that senior HMRC officials had been made aware of the decision on cost grounds not to strip out sensitive information. The cost of removing sensitive information has been given as £
Pound sterling
The pound sterling , commonly called the pound, is the official currency of the United Kingdom, its Crown Dependencies and the British Overseas Territories of South Georgia and the South Sandwich Islands, British Antarctic Territory and Tristan da Cunha. It is subdivided into 100 pence...

5,000. Although the cost was found to be substantially less (£650) in an academic study.

According to a IT trade journal
Trade journal
A trade magazine, also called a professional magazine, is a magazine published with the intention of target marketing to a specific industry or type of trade. The collective term for this area of publishing is the trade press....

 Computer Weekly
Computer Weekly
ComputerWeekly was a weekly magazine for IT professionals which was published by Reed Business Information for over 40 years. The magazine was available free to IT professionals who met the circulation requirements...

, it said that back in March 2007, the NAO had asked for completed information of the child benefit database to be send by post on CDs, instead of a sample of the database. The first time this was done, things went smoothly, and the package was registered post. However this time, it was unregistered through the courier.

It was later revealed on the 17 December 2007, that the data protection manual for HMRC was in itself under restriction to only senior members of staff, not junior civil servants who had just a summary of what the manual says on security.

This was followed by several other data scandals. On the 17th of December, it was revealed by Ruth Kelly
Ruth Kelly
Ruth Maria Kelly is a British Labour Party politician of Irish descent who was the Member of Parliament for Bolton West from 1997 until she stood down in 2010...

 that the details of three million L-drivers were lost in the USA. However, name, address, phone number, the fee paid, the test centre, payment code and e-mail
E-mail
Electronic mail, commonly known as email or e-mail, is a method of exchanging digital messages from an author to one or more recipients. Modern email operates across the Internet or other computer networks. Some early email systems required that the author and the recipient both be online at the...

 were the only details lost, so not much of a panic was caused due to little risk of fraud
Fraud
In criminal law, a fraud is an intentional deception made for personal gain or to damage another individual; the related adjective is fraudulent. The specific legal definition varies by legal jurisdiction. Fraud is a crime, and also a civil law violation...

. On the 23 December, it was revealed that nine NHS
National Health Service
The National Health Service is the shared name of three of the four publicly funded healthcare systems in the United Kingdom. They provide a comprehensive range of health services, the vast majority of which are free at the point of use to residents of the United Kingdom...

 trusts had also lost the data of hundreds of thousands of patients, some of it archive information, some of it medical records, contact details and soft financial data. A few other trusts also lost data, but found it fairly quickly. Several other UK firms have also admitted security failings.

Response

Darling stated that there was no indication that the details had fallen into criminal hands, but he urged those affected to monitor their bank accounts. He said "If someone is the innocent victim of fraud as a result of this incident, people can be assured they have protection under the Banking Code so they will not suffer any financial loss as a result." HMRC then set up a Child Benefit Helpline for those concerned about the data loss.

The incident was a breach of the UK's Data Protection Act and resulted in the resignation of HMRC chairman Paul Gray
Paul Gray (civil servant)
Paul Richard Charles Gray, CB was a British civil servant who was Chairman of HM Revenue & Customs until he resigned on 20 November 2007.- Early career :...

. He was subsequently found to be working at Cabinet Office. The Metropolitan Police
Metropolitan police
Metropolitan Police is a generic title for the municipal police force for a major metropolitan area, and it may be part of the official title of the force...

 and the Independent Police Complaints Commission
Independent Police Complaints Commission
The Independent Police Complaints Commission is a non-departmental public body in England and Wales responsible for overseeing the system for handling complaints made against police forces in England and Wales.-Role:...

 both investigated the security breach, and uniformed police officers investigated HMRC offices. The loss led to much criticism by the Acting Leader of the Liberal Democrats
Liberal Democrats
The Liberal Democrats are a social liberal political party in the United Kingdom which supports constitutional and electoral reform, progressive taxation, wealth taxation, human rights laws, cultural liberalism, banking reform and civil liberties .The party was formed in 1988 by a merger of the...

 Vince Cable and Shadow Chancellor
Shadow Chancellor of the Exchequer
The Shadow Chancellor of the Exchequer in the British Parliamentary system is the member of the Shadow Cabinet who is responsible for shadowing the Chancellor of the Exchequer. The title is in the gift of the Leader of the Opposition but is informal. The Shadow Chancellor has no constitutional...

 George Osborne
George Osborne
George Gideon Oliver Osborne, MP is a British Conservative politician. He is the Chancellor of the Exchequer of the United Kingdom, a role to which he was appointed in May 2010, and has been the Member of Parliament for Tatton since 2001.Osborne is part of the old Anglo-Irish aristocracy, known in...

. Osborne said:
In addition he said that it was the "final blow for the ambitions of this government to create a national ID database
British national identity card
The Identity Cards Act 2006 was an Act of the Parliament of the United Kingdom. It provided for National Identity Cards, a personal identification document and European Union travel document, linked to a database known as the National Identity Register .The introduction of the scheme was much...

". Cable also criticised the use of disks in the modern age of electronic data transfer. Spokespersons for Gordon Brown
Gordon Brown
James Gordon Brown is a British Labour Party politician who was the Prime Minister of the United Kingdom and Leader of the Labour Party from 2007 until 2010. He previously served as Chancellor of the Exchequer in the Labour Government from 1997 to 2007...

, however, said that the Prime Minister fully supported Darling, and said that Darling had not expressed any intention to resign.

The general reaction of the public was one of anger and worry. Banks, individuals, businesses and government departments became more vigilant over data fraud and identity theft and the government pledged to be more careful with data. The public and media was particularly angry over the fact that the data was not registered or recorded, and that it was not encrypted.

Nick Assinder, a political correspondent at the BBC
BBC
The British Broadcasting Corporation is a British public service broadcaster. Its headquarters is at Broadcasting House in the City of Westminster, London. It is the largest broadcaster in the world, with about 23,000 staff...

, expressed the opinion that he believed Darling to be "on borrowed time". George Osborne, who questioned whether Darling was "up to the job", suggested that it would be a matter of days before a decision was made regarding Darling's future.

TNT stated that, as the delivery was not recorded, it would not be possible to even ascertain if it had actually been sent, let alone where it went.

Jeremy Clarkson direct debit fraud

On 7 January 2008, Jeremy Clarkson
Jeremy Clarkson
Jeremy Charles Robert Clarkson is an English broadcaster, journalist and writer who specialises in motoring. He is best known for his role on the BBC TV show Top Gear along with co-presenters Richard Hammond and James May...

 found himself the subject of direct debit
Direct debit
A direct debit or direct withdrawal is an instruction that a bank account holder gives to his or her bank to collect an amount directly from another account. It is similar to a direct deposit but initiated by the beneficiary...

 fraud after publishing his bank account and sort code details in his column
Column (newspaper)
A column is a recurring piece or article in a newspaper, magazine or other publication. Columns are written by columnists.What differentiates a column from other forms of journalism is that it meets each of the following criteria:...

 in The Sun
The Sun (newspaper)
The Sun is a daily national tabloid newspaper published in the United Kingdom and owned by News Corporation. Sister editions are published in Glasgow and Dublin...

to make the point that public concern over the scandal was unnecessary. He wrote, “All you'll be able to do with them is put money into my account. Not take it out. Honestly, I've never known such a palaver about nothing”. Someone then used these details to set up a £500 Direct Debit to the charity Diabetes UK
Diabetes UK
Diabetes UK is a patient, healthcare professional and research charity dedicated to improving the lives of people with diabetes and to working towards a future without the chronic condition diabetes....

. In his next Sunday Times column, Clarkson wrote, “I was wrong and I have been punished for my mistake.″ Under the terms of the Direct Debit Guarantee, the payment should have been returned. It is not known whether Barclays Bank have honoured their obligation.

External links

The source of this article is wikipedia, the free encyclopedia.  The text of this article is licensed under the GFDL.
 
x
OK