Security Bytes

Nov 20 2007   3:09PM GMT

Missing in the UK: Discs with 25 million records

Leigha Leigha Cardwell Profile: Leigha

This news should be unsettling to every family in the UK with kids under 16: The BBC is reporting that two computer discs housing their names, addresses, birth dates, National Insurance numbers and, in some cases, bank details has gone missing.

Chancellor Alistair Darling urged calm, saying there’s no evidence the 25 million affected records are being used for identity fraud. But he did caution people to keep an eye on their bank accounts. He apologized for an “extremely serious failure on the part of HMRC to protect sensitive personal data entrusted to it in breach of its own guidelines.”

The Conservatives decried the disc loss as a “catastrophic” failure.

As serious as this is, it may be a bit on the hyperbolic side to call this a catastrophe. At an (ISC)2 security conference in Quincy, Mass., last week, Seth Berman, managing director and deputy general counsel at Stroz Friedberg LLC, a consulting and technical services firm specializing in such things as computer forensics, cyber-crime response and private investigations, noted how some companies rush to declare a data breach when discs go missing, only to find the discs safe and sound after money has been spent responding to the incident.

In most cases, he said, missing discs stay out of the hands of the bad guys. But he also noted that it’s best for organizations to avoid the appearance of a breach in the first place by making sure all discs are encrypted.

 Comment on this Post

There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

Share this item with your network: