UK Gov Admits to More Serious Data Breaches

CD_Object.gif HM Revenue and Customs (HMRC) has finally officially admitted to six (as of now) significant data breaches in the last two years on top of the most recent one that saw the personal details of 25 million citizens go missing, the London Guardian reports.

The acting chairman of HMRC David Hartnett acknowledged that the numerous breaches "may well" indicate a systemic operational failure.

I wonder how many data breaches it would take over a two year period to indicate that it truly does mean a systemic failure exists? Especially after Hartnett explained that after a major data breach in 2006 - that no one in HMRC bothered to tell the public about - more stringent rules were introduced that obviously failed. The HMRC seems to me to have set a pretty high risk threshold.

Another interesting snippet is that the London Telegraph is reporting that the lost HMRC data discs contain the real and new names of hundreds of people in police witness protection programs. A senior police source told the Telegraph that, "This is disastrous. People's lives could be in danger. It makes a mockery of the witness protection programme."

One more bit of information to ponder is that ComputerWeekly says that insurance broker Jardine Lloyd Thompson estimates that the cost of a similar data breach (as the latest one by the HMRC) to a public company would be around £4 billion. No wonder the UK government is trying to pawn off the costs to the banks.


Risk Factor

IEEE Spectrum's risk analysis blog, featuring daily news, updates and analysis on computing and IT projects, software and systems failures, successes and innovations, security threats, and more.

Robert Charette
Spotsylvania, Va.
Willie D. Jones
New York City