If you’ve seen the news in the UK in the last couple of days, you’ll be aware that Her Majesty’s Revenue & Customs has managed to lose the digital records of 25 million British citizens in the post and exposed them to potential identity theft.
For those not aware, briefly: The National Audit office requested a sample of National Insurance numbers of Child Benefit claimants from HMRC stripped of any other data. HMRC therefore sent the entire record of all British child benefit claimants on apparently unencrypted CD-Rs via unrecorded delivery. Almost inevitably, these disks have been lost in the post. The data contained on the disks includes:
- Name
- Address
- Date of Birth
- National Insurance Number
- Bank details (or, presumably PO accounts)
The details cover 7.25 million families, a total of 25 million records of both the claimants and their children.
Now, HMRC have stated that they do not believe that the disks have fallen into the wrong hands. However, this is based on their being no evidence of fraud being perpetrated using these details as of yet. The fact of the matter seems to be that HMRC and the Police simply have no idea where the disks are.
Furthermore the Chancellor, Darling, mentioned that the records were contained within “password protected” files. I take this to mean that they were in unencrypted ‘password locked’ zipfiles or similar, otherwise the Chancellor would have been telling us all not to worry as the encryption could not be broken. Exactly how hard can it be to use something like Truecrypt to secure files?
The Real Risk
Another red-herring from the Chancellor, Darling, was that banks were now monitoring accounts for suspicious activity. Any even moderately organised criminal worth his or her salt will not be bothering to try to access people’s accounts with this information. They will appreciate that if the information relates to benefit claimant’s details then the likely hood of any given account containing much money at any given time is rather slim.
Instead, they would use the details they have acquired to assume the identity of the person from any given record. This stolen identity would then be used to take out lines of credit in the victim’s name. This is the most common use of identity theft. With the details that have gone missing, it should be trivial, for example, to obtain items like birth certificates to further back up the identity-thief’s operations.
Unfortunatly, when identity theft is used to perpetrate credit fraud, no amount of checking your current account will help you. Only the likes of Experian and Equifax can tell you if someone is taking out credit in your name without your knowledge and their service is both chargeable and reactive (They can only tell you it’s happening after it has happened).
Tags: chancellor, child benefit, darling, data, hmrc
Entries (RSS)
This is a vital issue, and Brown’s first real Test. This needs sorting out because Her Majesty’s Revenue & Customs going to come under a lot of critism and feel that they are respondable, which they are. Yet again, the UK fail to deliever.
Really good and really interesting post. I expect (and other readers maybe :)) new useful posts from you!
Good luck and successes in blogging!
For the record all parents and legal guardians in the UK are eligible for child benefit, regardless of income level or financial standing, so don’t assume that they don’t have any money in their accounts! I have never heard of anyone, even if they are high earners, turning it down…
What the banks have said in response to Darling’s comments is that there is no way they can effectively monitor the millions of accounts involved for suspicious behavior.