http://www.timesonline.co.uk/tol/news/politics/article5064274.ece By Rhodri Phillips Times Online November 2, 2008 A MEMORY stick that could allow hackers to access the personal details of 12m people on a government website has been found in a pub car park. The work and pensions department was last night forced to shut the affected Government Gateway site and begin an emergency inquiry. The loss was the latest in a long line of scandals involving missing government data, including the personal details of all 25m recipients of child benefit in 2007. The disclosure came as James Purnell, the minister in charge of the department, was forced to apologise for leaving confidential ministerial correspondence on a train. The £18m Government Gateway opened six years ago, allowing businesses and the public to access hundreds of services from Whitehall departments.They can use it to file their tax and Vat returns and apply for pensions and child benefits. When registering on the website applicants have to provide names, addresses, national insurance numbers and credit card details. According to the Mail on Sunday, the memory stick contained confidential passwords for the website, security software and a technical blueprint of the system known as the “source code”. A computer security expert told the paper that the stick could be used to access a series of databases or payment systems and that the source code would be “invaluable” for hackers who wanted to access personal details or defraud the government. “Not only would a fraudster be able to take personal details using the tools provided on the lost memory stick, but the extent of the information contained in the source code would allow a hacker to access the Government Gateway’s payment systems and even divert tax money into private bank accounts,” he said. “This is potentially the most serious data loss this country has seen in recent times.” A spokeswoman for the department insisted last night that the system’s security had not been breached, and said the department was taking the loss “very seriously”. She added: “We have moved immediately to make sure there is no conceivable risk to users of the Government Gateway.” The site is expected to re-open today. The memory stick was lost by a 29-year-old employee of the computer management firm Atos Origin, which won a five-year, £46.7m contract to manage the Government Gateway website in 2006. The company has also been chosen to supply IT systems for the Olympic Games in London in 2012. [...] ______________________________________________ Visit the InfoSec News Security Bookstore Best Selling Security Books and More! http://www.shopinfosecnews.orgReceived on Mon Nov 03 2008 - 00:29:02 PST
This archive was generated by hypermail 2.2.0 : Mon Nov 03 2008 - 00:42:00 PST