UK's families put on fraud alert

Square Ball · November 20, 2007, 09:17:49 PM

First 40 BILLION to bail out Northern Rock now this:

Two computer discs holding the personal details of all families in the UK with a child under 16 have gone missing.
The Child Benefit data on them includes name, address, date of birth, National Insurance number and, where relevant, bank details of 25m people.

Chancellor Alistair Darling said there was no evidence the data had gone to criminals - but urged people to monitor bank accounts "for unusual activity".

The Conservatives described the incident as a "catastrophic" failure.

CHILD BENEFIT HELPLINE
0845 302 1444

In an emergency statement to MPs, Mr Darling apologised for what he described as an "extremely serious failure on the part of HMRC to protect sensitive personal data entrusted to it in breach of its own guidelines".

MPs gasped as Mr Darling told them: "The missing information contains details of all Child Benefit recipients: records for 25 million individuals and 7.25 million families. "

The police are not aware of any evidence that it has been used for fraudulent purposes or criminal activity

Alistair Darling
Chancellor

Point-by-point: Darling
Q&A: Records lost

The chancellor blamed mistakes by junior officials at HMRC, who he said had ignored security procedures when they sent information to the National Audit Office (NAO) for auditing.

Mr Darling told MPs: "Two password protected discs containing a full copy of HMRC's entire data in relation to the payment of child benefit was sent to the NAO, by HMRC's internal post system operated by the courier TNT.

The package was not recorded or registered. It appears the data has failed to reach the addressee in the NAO."

He added: "The police tell me that they have no reason to believe that this data has found its way into the wrong hands.

"The police are not aware of any evidence that it has been used for fraudulent purposes or criminal activity."

Fraud protection

The HMRC has set up a Child Benefit Helpline on 0845 302 1444 for customers who want more details.

The data was sent on 18 October and senior management at HMRC were told it was missing on 8 November and the chancellor on 10 November.

MISSING DATA INCLUDES...
National insurance number
Name, address and birth date
Partner's details
Names, sex and age of children
Bank/savings account details

Mr Darling said banks were adamant that they wanted as much time to prepare for his announcement as possible.

He added: "If someone is the innocent victim of fraud as a result of this incident, people can be assured they have protection under the Banking Code so they will not suffer any financial loss as a result."

Mr Darling said people should monitor their accounts "for any unusual activity".

Chairman resigns

The Metropolitan Police are investigating the disappearance of the two discs and the Independent Police Complaints Commission (IPCC), which monitors HMRC, is investigating the security breach.

Uniformed officers were earlier checking HMRC's offices in Washington, Tyne and Wear.

It is the latest and by far the most serious of a string of missing data incidents at HM Revenue and Customs.

WHAT CAN YOU DO?
Check your bank statements for odd transactions
Monitor your account if you bank online
Change your account password if it is a date of birth or name
Source: Apacs

How worried should you be?

HMRC chairman Paul Gray resigned earlier after the latest incident came to light.

Shadow Chancellor George Osborne said: "Let us be clear about the scale of this catastrophic mistake - the names, the addresses and the dates of birth of every child in the country are sitting on two computer discs that are apparently lost in the post, and the bank account details and National Insurance numbers of 10 million parents, guardians and carers have gone missing.

"Half the country will be very anxious about the safety of their family and the security and the whole country will be wondering how on earth the government allowed this to happen."

'Ancient' computers

He urged the government to "get a grip" and said it was the "final blow for the ambitions of this government to create a national ID database" as "they simply can not be trusted with people's personal information".

Liberal Democrat Acting Leader Vince Cable said it was now the Treasury and not the Home Office that was "not fit for purpose".

CHILD BENEFIT

Available to the parents, normally mother, of every child in UK under 16
Older children in full-time education still eligible
Taken up by almost 100%
It amounts to £18.10 a week for a first-born child
For subsequent children - it amounts to £12.10 a week

Timeline: Benefit records loss

"Why does HMRC still use CDs for data transmission in this day and age? The ancient museum pieces it is currently using for computing must be replaced.

"After this disaster how can the public possibly have confidence in the vast centralised databases needed for the compulsory ID card scheme.

"Where does the buck stop after this catalogue of disasters?"

Giving his reaction, the Information Commissioner, Richard Thomas, said: "This is an extremely serious and disturbing security breach."

Mr Thomas welcomed the Chancellor's announcement of an independent review of the incident by Kieran Poynter of PricewaterhouseCoopers and said he would decide on further action once he has received the report.

"Searching questions need to be answered about systems, procedures and human error inside both HMRC and NAO," said Mr Thomas.

The prime minister's official spokeswoman said Gordon Brown has "full confidence" in Mr Darling. She added that Mr Darling has not offered to resign.

they were not even sent recorded delivery

Pangurban · November 20, 2007, 09:36:30 PM

Possibility of a class action against government under data protection act, do you think. Most likely Crown is immune. Reaction of Tories is laughable, Pot,Kettle and Black spring immediately to mind.

Square Ball · November 20, 2007, 09:58:15 PM

think that the fact that it was encrypted may get them off the hook, but i have no idea. Mine would be on it and I wonder what will happen if they applied for benefit in my name, they have my NINO, address and bank account information, it already has happened with applications for Working Familys Tax Credit with details that were stolen fron DWP.

Shamrock Shore · November 20, 2007, 10:02:06 PM

A few civil servants Dine Site got in trouble after it was proven they were snooping in tax and social welfare files that they shouldn't have. An official reprimand and a stay on promotion was their lot and proper order.

I cannot see why half the UK's pops basic details had to be sent by shaggin CD. Surley there is IT channels like secure T1 lines or whatever to handle this craic.

Square Ball · November 20, 2007, 10:07:01 PM

The passwords can be broken in minutes.

Orior · November 20, 2007, 11:07:48 PM

Big deal. This sort of data accidently "disappears" every day on memory sticks in the pockets of civil servants. I'll not loose any sleep over it.

ziggysego · November 21, 2007, 01:10:58 AM

What a complete f**k up. Peter Robinson enquired if Northern Irish details have been lost too and they have, even though it should have been devolved. With all these fucks up, it looks like the Tories could be back. Now that would be a disaster.

Declan · November 21, 2007, 04:12:42 PM

Working in London at the moment and lads here are going mad over this. Serious fear of identity theft and fraud. Its a complete balls up.

Square Ball · November 21, 2007, 10:17:12 PM

Looks as if the "Junior Official" is an Admin Officer who has resigned, hard to believe that this bloke would have access to all that data and was able to download it onto disc. My own PC in work has its rewriter disabled and I need to have written consent from a person two grades higher than me to have it enabled, so wonder what went on there?

Donagh · November 21, 2007, 10:38:12 PM

The only fraud we're likely to see here are the PSNI and screws using this as another excuse to move/upgrade their houses.

Bensars · November 21, 2007, 10:49:32 PM

Quote from: Square Ball on November 21, 2007, 10:17:12 PM
Looks as if the "Junior Official" is an Admin Officer who has resigned, hard to believe that this bloke would have access to all that data and was able to download it onto disc. My own PC in work has its rewriter disabled and I need to have written consent from a person two grades higher than me to have it enabled, so wonder what went on there?

Seems he was told to burn the information to disc , and by the way add all the details on the database to save us sending them additional information in the future. This decision seems to be a cost saving measure from higher authorities despite the auditors not needing any banking information