[ISN] Security breach on U.K. tax site halts online filing

From: InfoSec News (isnat_private)
Date: Mon Jun 03 2002 - 03:22:23 PDT

  • Next message: InfoSec News: "[ISN] Linux Advisory Watch - May 31st 2002"

    By Laura Rohde
    IDG News Service, 05/31/02
    The U.K. Inland Revenue Monday shut down its Internet tax
    self-assessment service because of security breaches, the tax
    department said on Friday.
    "Several people were using the self assessment online service over the
    weekend when they noticed the details of other filers and reported the
    problem to us. As a result, we temporarily shut down the system on
    Monday night and are now working around the clock to get to the bottom
    of the problem," an IR spokesman said.
    The IR declined to give details of the personal data revealed, or how
    many people had confidential information made public. The government
    department was also unable to estimate how long it will take to repair
    the problem and get the service back online.
    According to the IR, the security breach was in an electronic form
    used for filing taxes online.
    "There are several commercial products that are available for filing
    taxes over the Internet, and we are still accepting those," the
    spokesman said.
    The IR has a contract with Plano, Texas, IT services company
    Electronic Data Systems (EDS), valued at $3.5 billion, but the form in
    question was created and administered by EDS subcontractor EzGov, the
    IR spokesman said. This Atlanta company provides technology and
    services to governments.
    "We are not looking to attach blame to anybody, we are just looking to
    fix the problem as soon as possible. Security is very important to
    us," the IR spokesman said.
    Representatives from EDS and EzGov could not be immediately reached
    for comment.
    Last year in the U.K., 76,287 returns out of a total of just under 9
    million were completed over the Internet, the IR said. The IR's
    self-assessment service accounted for 90% of the returns filed online,
    the spokesman said. So far this year, 10,928 citizens have used the IR
    online filing system, he said.
    The U.K. government has been encouraging people to file their taxes
    online and IR recently sent out fliers in an attempt to allay public
    concerns over security issues and urging tax payers to switch over to
    the online system.
    Chancellor Gordon Brown announced in April government plans for
    getting businesses and individuals to file tax returns online by 2010,
    which could possibly include imposing fines those who fail to use the
    Internet to file.
    Accounting company Ernst & Young LLP conducted an internal review of
    the IR's online system soon after it went public about two years ago
    and determined that security issues kept Ernst & Young from
    recommending the system to its customers or using it themselves,
    Rayner Peett an Ernst & Young spokesman said Friday.
    "Our review turned up a number of concerns about the IR's online
    filing system, including the flexibility of the system, but one of the
    main concerns was over security. Such a system has to be able to
    guarantee the absolute security of confidential information and we
    didn't feel the IR's system could do that. The government has
    encouraged people to file online and what we hope is that this breach
    in security will goad the government into doing whatever is necessary
    to assure the security and confidentiality that taxpayers require,"  
    Peett said.
    ISN is currently hosted by Attrition.org
    To unsubscribe email majordomoat_private with 'unsubscribe isn'
    in the BODY of the mail.

    This archive was generated by hypermail 2b30 : Mon Jun 03 2002 - 06:41:02 PDT