AOH :: IS1319.HTM

Ministers hit by two new security fiascos

Ministers hit by two new security fiascos
Ministers hit by two new security fiascos

  This message is in MIME format.  The first part should be readable text,
  while the remaining parts are likely unreadable without MIME-aware tools.

Content-Transfer-Encoding: QUOTED-PRINTABLE

By Rhodri Phillips 
Times Online
November 2, 2008

A MEMORY stick that could allow hackers to access the personal details 
of 12m people on a government website has been found in a pub car park.

The work and pensions department was last night forced to shut the 
affected Government Gateway site and begin an emergency inquiry.

The loss was the latest in a long line of scandals involving missing 
government data, including the personal details of all 25m recipients of 
child benefit in 2007.

The disclosure came as James Purnell, the minister in charge of the 
department, was forced to apologise for leaving confidential ministerial 
correspondence on a train.

The =C2=A318m Government Gateway opened six years ago, allowing businesses 
and the public to access hundreds of services from Whitehall 
departments.They can use it to file their tax and Vat returns and apply 
for pensions and child benefits.

When registering on the website applicants have to provide names, 
addresses, national insurance numbers and credit card details.

According to the Mail on Sunday, the memory stick contained confidential 
passwords for the website, security software and a technical blueprint 
of the system known as the =E2=80=9Csource code=E2=80=9D.

A computer security expert told the paper that the stick could be used 
to access a series of databases or payment systems and that the source 
code would be =E2=80=9Cinvaluable=E2=80=9D for hackers who wanted to access personal 
details or defraud the government.

=E2=80=9CNot only would a fraudster be able to take personal details using the 
tools provided on the lost memory stick, but the extent of the 
information contained in the source code would allow a hacker to access 
the Government Gateway=E2=80=99s payment systems and even divert tax money into 
private bank accounts,=E2=80=9D he said.

=E2=80=9CThis is potentially the most serious data loss this country has seen in 
recent times.=E2=80=9D

A spokeswoman for the department insisted last night that the system=E2=80=99s 
security had not been breached, and said the department was taking the 
loss =E2=80=9Cvery seriously=E2=80=9D. She added: =E2=80=9CWe have moved immediately to make 
sure there is no conceivable risk to users of the Government Gateway.=E2=80=9D 
The site is expected to re-open today.

The memory stick was lost by a 29-year-old employee of the computer 
management firm Atos Origin, which won a five-year, =C2=A346.7m contract to 
manage the Government Gateway website in 2006. The company has also been 
chosen to supply IT systems for the Olympic Games in London in 2012.


Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

Visit the InfoSec News Security Bookstore
Best Selling Security Books and More! 

Site design & layout copyright © 1986-2015 CodeGods