Office staff are hacking into the department's computers, putting at
risk the privacy of 40million people in Britain.
The revelation undermines Government claims that sensitive information
being collected for its controversial ID Cards scheme could not fall
into criminal hands.
The security breaches occurred at the Identity and Passport Service,
which is setting up the National Identity Register to provide access to
individuals' health, financial and police records as part of the
8billion ID card scheme scheduled to begin in 2008.
MPs and technology experts have expressed fears that the national
register, which will store sensitive details of more than 40million
people, will be a honeypot for hackers and identity thieves. Liberal
Democrat Home Affairs spokesman Mark Hunter said: 'These revelations
show it is folly to put all the precious personal data of our citizens
in one place.'
Personal information about every British passport holder - including
their date of birth, mother's maiden name, address and photographs - is
already held in the IPS computers.
A Home Office spokesman last night confirmed the IPS security breaches.
He also confirmed that three staff involved had been sacked and a fourth
had resigned before disciplinary procedures had concluded.
The spokesman said none of the security breaches involved'hacking' by
outside criminals, and a 'whole range of protocols and procedures' were
in place to protect Home Office databases from unauthorised staff use.
He said: 'System checks are routinely carried out and any violation is
dealt with severely.'
The spokesman added that the ID Cards database would be a 'completely
Home Office figures show that the department's databases have been
successfully penetrated on average once a year since 2001.
Four of these security failures were at databases maintained by the IPS,
an executive agency of the Home Office created in April.
Computer experts warn that more security breaches are likely to have
Phil Booth, of the NO2ID campaign, said government databases would
always be vulnerable to unscrupulous staff.
'That these breaches have taken place in the very agency that is
supposed to be protecting the identities of every citizen in this
country is a damning indictment of the current system,' he said.
'But when you consider that this agency will be running the ID card
scheme, it's truly terrifying.'
John Tullett, the technology editor of Secure Computing magazine, said
the Home Office would be 'naive' to assume that the total of recorded
breaches reflects the real number of security violations at the
He said: 'The trend in IT crime is towards "silent" breaches where very
competent criminals get into a system and cover their tracks so they can
get in again in future, all without the victim ever knowing.'
HITBSecConf2006 - Malaysia
The largest network security event in Asia
32 internationally renowned speakers
7 tracks of hands-on technical training sessions.
Register now: http://conference.hitb.org/hitbsecconf2006kl/