Pete Finnigan's Oracle security weblog

Phil T says:

A quick note of my thoughts on this scandal. I find it amazing that such a thing could happen, but equally amazing is the short-sightedness the public and media can be regarding the use of such data.

All people are discussing is fraud. The use of the data to extract money from peoples accounts.

There are other sinister uses that no-one seems to have covered. Any UK citizen who receives child benefit is listed on these discs. In the wrong hands a criminal organisation can scan through the files looking for affluent names, Stars, Bankers or any other wealthy persons, with the view to kidnapping their children for ransom etc. (use your imagination on this one)

Another not so sinister use could be large corporations, advertising companies and the like. Just by feeding all the addresses into a computer program, this could map out density of families living in neighbourhood. With the addresses you have a mailing list that targets the required
audience.

The home office loves databases, and my guess is these databases are kept to a standard form. Therefore if there are any other 'missing' databases out there, I'm sure they could be easily cross referenced allowing an even more broader database of info.

Be afriad. I am.

Ian says:

The two previous comments both clearly demonstrate why we should be concerned and alarmed. I feel powerless in this situation, my family details potentially availabe for all to see and I wonder how we might begin to address this situation. We need to be able to send a clear message 'on mass' that demands action and lets government understand that they will be held accountable.

Colin R says:

One of the real challenges now, is that for a whole generation of children, pseudo-private details like date of birth and mother's surname (and according to some reports mother maiden name) now have to be assumed to be firmly in the public domain (even if the CD are found - were they copied etc).

As such, these details cannot be use AT ALL by banks etc as part of identity validation - so this will lead to the need to make major changes to the way identity validation takes place.

The government will of course argue identity cards are the way to solve that - taking us full circle - how can we possibly secure the national identity register when wide ranging government access will be deemed to be needed.

Pete says:

Thanks everyone for the comments. The problem seems to be getting bigger from the news reports on news24, they are now talking about a further 6 CD's going missing although its unclear what they are. The news reporters seem to suggest that at least one of them is voice recordings sent from HMRC in Preston on October 10th.

Thanks for your views Colin, you make a really good point and a very far reaching issue. Does this mean that all people with children need to now contact their bank and set up new security details and also going forwards now for at least one more generation.

This is a major problem and more far reaching issues are likely to come out of the woodwork. How can the suggestion of any new system be made to help resolve this? - ID cards.

Also for me, its a problem of lack of awareness of data security. Niall made a good point in his blog that he felt the issue was made / caused by auditors being feared by organisations and the first reaction by organisations was always to do what the auditors want or ask for. Doesn't this make you wonder how much of our personal details are traversing the country on CD's or similar insecure media??