[ISN] DWP sending sensitive data with passwords

From: InfoSec News (alerts@private)
Date: Mon May 12 2008 - 01:24:08 PDT


By Tom Young
09 May 2008

Government staff in the Department of Work and Pensions (DWP) have been 
sending out sensitive data in packages containing passwords that provide 
access to the information.

An internal email to DWP staff outlining the poor security practices was 
leaked to influential political blog Dizzy Thinks.

"Staff are... forwarding the data and password on together, which 
defeats the purpose of the security measure entirely," the email reads.

After HM Revenue and Customs lost the details of 25 million families 
last year, civil servants were told all information sent between 
departments had to be password protected with passwords sent separately.

"We have carried out a major review of procedures around the transfer of 
data to ensure the security of customer information. We expect all 
managers to monitor the application of our security controls and ensure 
that the correct action is taken in all cases," said a spokesman for the 

Attend Black Hat USA, August 2-7 in Las Vegas, 
the world's premier technical event for ICT security experts.
Featuring 40 hands-on training courses and 80 Briefings 
presentations with lots of new content and new tools.
Network with 4,000 delegates from 50 nations.  
Visit product displays by 30 top sponsors in 
a relaxed setting. http://www.blackhat.com

This archive was generated by hypermail 2.1.3 : Mon May 12 2008 - 01:36:45 PDT