[ISN] Ministers hit by two new security fiascos

From: InfoSec News <alerts_at_private>
Date: Mon, 3 Nov 2008 02:29:02 -0600 (CST)

By Rhodri Phillips 
Times Online
November 2, 2008

A MEMORY stick that could allow hackers to access the personal details 
of 12m people on a government website has been found in a pub car park.

The work and pensions department was last night forced to shut the 
affected Government Gateway site and begin an emergency inquiry.

The loss was the latest in a long line of scandals involving missing 
government data, including the personal details of all 25m recipients of 
child benefit in 2007.

The disclosure came as James Purnell, the minister in charge of the 
department, was forced to apologise for leaving confidential ministerial 
correspondence on a train.

The £18m Government Gateway opened six years ago, allowing businesses 
and the public to access hundreds of services from Whitehall 
departments.They can use it to file their tax and Vat returns and apply 
for pensions and child benefits.

When registering on the website applicants have to provide names, 
addresses, national insurance numbers and credit card details.

According to the Mail on Sunday, the memory stick contained confidential 
passwords for the website, security software and a technical blueprint 
of the system known as the “source code”.

A computer security expert told the paper that the stick could be used 
to access a series of databases or payment systems and that the source 
code would be “invaluable” for hackers who wanted to access personal 
details or defraud the government.

“Not only would a fraudster be able to take personal details using the 
tools provided on the lost memory stick, but the extent of the 
information contained in the source code would allow a hacker to access 
the Government Gateway’s payment systems and even divert tax money into 
private bank accounts,” he said.

“This is potentially the most serious data loss this country has seen in 
recent times.”

A spokeswoman for the department insisted last night that the system’s 
security had not been breached, and said the department was taking the 
loss “very seriously”. She added: “We have moved immediately to make 
sure there is no conceivable risk to users of the Government Gateway.” 
The site is expected to re-open today.

The memory stick was lost by a 29-year-old employee of the computer 
management firm Atos Origin, which won a five-year, £46.7m contract to 
manage the Government Gateway website in 2006. The company has also been 
chosen to supply IT systems for the Olympic Games in London in 2012.


Visit the InfoSec News Security Bookstore
Best Selling Security Books and More!
Received on Mon Nov 03 2008 - 00:29:02 PST

This archive was generated by hypermail 2.2.0 : Mon Nov 03 2008 - 00:42:00 PST