This news should be unsettling to every family in the UK with kids under 16: The BBC is reporting that two computer discs housing their names, addresses, birth dates, National Insurance numbers and, in some cases, bank details has gone missing.
Chancellor Alistair Darling urged calm, saying there’s no evidence the 25 million affected records are being used for identity fraud. But he did caution people to keep an eye on their bank accounts. He apologized for an “extremely serious failure on the part of HMRC to protect sensitive personal data entrusted to it in breach of its own guidelines.”
The Conservatives decried the disc loss as a “catastrophic” failure.
As serious as this is, it may be a bit on the hyperbolic side to call this a catastrophe. At an (ISC)2 security conference in Quincy, Mass., last week, Seth Berman, managing director and deputy general counsel at Stroz Friedberg LLC, a consulting and technical services firm specializing in such things as computer forensics, cyber-crime response and private investigations, noted how some companies rush to declare a data breach when discs go missing, only to find the discs safe and sound after money has been spent responding to the incident.
In most cases, he said, missing discs stay out of the hands of the bad guys. But he also noted that it’s best for organizations to avoid the appearance of a breach in the first place by making sure all discs are encrypted.