Continuing on from my earlier post about the HMRC losing 25million personal records let me to the following questions:
- Who’s idea was it to send the disc via the post unregistered (which was also asked on the radio)
- Was this data encrypted, or at least, password protected.
As for 1, the press is concentrating its attention on the government, they do like a bit of bashing don’t they? But why has no attention been brought on TNT*
the post office? The media appears to have accepted the fact that TNT the post office loses items and thinks nothing of it. The media does however write to say that when the HMRC posted a another copy of the CD’s via recorded delivery, TNT the post office managed to deliver this copy without an issue?
And for 2, the HMRC hasn’t mentioned in their letter of apology that the data was encrypted in any form. Had it been, and had been encrypted using strong encryption rather than a password protected zip file, then the likely hood of the details being used for obtaining money are very slim.
I also heard on the radio that the banks are urging people who have passwords containing date’s of births or names, especially their children considering these details are on the discs along with the bank details, then they should change their passwords immediately. Hold on, the banks already tell you not to use easily guessable details as passwords! If someone has your bank details, they can go to the records office for births, deaths and marriages to get names and dates of births! What idiot would use an easy password, oh Grant Shapps did having set his youtube password to “1234” (since changed), oops. On second thoughts, I can see why the government is so inept at security, damn. I can’t wait to see what mess the government makes with the national identity cards.
That brings me onto another gripe. During the interview on Radio 4 last night, the women (forgot her name, maybe some MP for labour) talked about the breach and what would happen with the National Identity Card, she claimed that the national identity card sheme is safe because it’s based on new technology and the Child Benefit works on an old computer system. Wait a sec, some employee posted CD’s containing the details via unrecorded post. The system could have been a quantum computer for all we know, the fact remains a member of staff didn’t follow procedure. The National Identity Card scheme will still have staff administering it, and there will still be the ability for this kind of error to happen in the future.
*Originally I had heard post office, but on later reading of the news I found it was in fact TNT that lost the discs.