What is Digg?142 Comments
- inactive, on 11/21/2007, -0/+47knowing the ineptitude of our government (uk) its probably clear text in a .doc
- renesisx, on 11/21/2007, -0/+46They just admitted it's actually *25* million records
- ucbluman, on 11/21/2007, -0/+45who the hell stores this kind of data on cd's then mails it???
- kaelyiesta, on 11/21/2007, -0/+41Encrypted? Cleartext? Please tell me it wasn't cleartext.
- scabbers, on 11/21/2007, -0/+32At least this should kill the "ID card" scheme dead.
- jazh, on 11/21/2007, -0/+29This has to be the stupidest government mistake in the history of government mistakes. They expect us to have an ID card database? NO WAY!
- axisofphilippe, on 11/21/2007, -1/+23I'm pretty sure 'misplace' is one word.
- drkansm, on 11/21/2007, -0/+20Bet you that the login code to the cd is
ukgov
admin - renesisx, on 11/21/2007, -1/+21This is serious *****, the British Government is to give a statement on “a major operational problem” at 1530 GMT today (Tues 20 Nov) to "outline the measures taken to protect those whose data has been lost."
Uh-oh. - Po0py, on 11/21/2007, -1/+20Shouldn't they be using some ***** encryption for this *****? I can imagine the clerk at the HM Revenue office thinking "Ok, I'll just pop these 25 million bank details and National Insurance numbers onto a cd and send it off in the post."
As a British citizen. I'd just like to say: Oh yes. Thanks for that. - dyranios2, on 11/21/2007, -0/+17They were lost in the mail though....so there is no indication they will be maliciously used they could have ended up being thrown away in the trash or something. Well at least that's what I'm hoping for.
- dyranios2, on 11/21/2007, -1/+18"It's just so crazy it's GOT to work!"
- relaxeder, on 04/17/2009, -0/+16"...In other news, a group of Internet 'hackers on steroids' has claimed responsibility for the theft, threatening to post rips of the CD online 'for the lulz'."
- superspud, on 11/21/2007, -0/+15Turns out the data wasn't encrypted. Instead they were just password protected, much in the same way your login on your computer is passworded - that coming from an expert on BBC Newsnight.
May I be the first of many to say; Hahaha, oh wow! - TheGreatBelow, on 11/21/2007, -1/+16Permission to say "oh *****"
- endlessraining, on 11/21/2007, -0/+14Have the government never heard of using a VPN + SSL? Jesus Christ.
- IamTCM, on 11/21/2007, -0/+14TJX (The people who own TJ Maxx) still have the worst data breach recorded by losing "at least" 45.7 million credit and debit cards.
- nexah3, on 11/21/2007, -0/+12ouch
- renesisx, on 11/21/2007, -0/+12I really hope so. That's the best thing that could come out of this.
- Speed, on 11/21/2007, -0/+11You are REALLY paying attention to the wrong part of the story.
- SEANWOOKIE, on 11/21/2007, -2/+13So when will the Rapidshare be up?
- alexkorova, on 11/21/2007, -0/+10Ok, and they want the largest DNA register and an ID card database...
- Matri, on 11/21/2007, -0/+9The bigger question you should be asking is: Why was this sent through the mail?
- renesisx, on 11/21/2007, -1/+10Apparently it was "password protected". Probably some crappy Excel spreadsheet password that some freeware tool from Astalavista will crack open in seconds...
- 3dom, on 11/21/2007, -1/+10The data was encrypted in some form as the following bbc article states the discs were 'password protected'. Hopefully this was at least done using a half-decent algorithm.
http://news.bbc.co.uk/1/hi/uk_politics/7104840.stm - MonkeyHugger, on 11/21/2007, -0/+8James May FTW
- tomj88, on 11/21/2007, -0/+8and whats the population 60 million? So nearly half the population of this country has had private information lost? WOW.
- monstermunch, on 11/21/2007, -1/+9Question 1: Why on earth was this data 'sent' by CD and not over an encrypted network connection?
Question 2: Assuming there was any reason to use a CD, why was the data not encrypted? - aliguana, on 11/21/2007, -0/+8you're serious, right? The govt (as a body of people) have issues just dealing with the concept of email.
- fandyboy, on 11/21/2007, -1/+9I don't care if someone has my bank details, Gordon Brown has stole all my ***** money anyway.
- lowerlogic, on 11/21/2007, -0/+8Ah, *****. I can't believe you've done this.
- renesisx, on 11/21/2007, -0/+7No, just that we're not yet sure where the CDs are, so "misplaces" is in quotes because it might not be accurate until we find out more informaiton. The correct word could be 'sold' or 'lost' or 'burned'. Who knows?
- naffets, on 11/21/2007, -1/+8If any of my money from my account goes missing as a result of this, I'll do what I can to ensure someone ends up getting ***** for it, what a serious cockup. Between this and Royal Mail taking days off whenever they feel like it, I'm starting to think I pay tax for nothing!
Am I the only one who feels like leaving the country? - inactive, on 11/21/2007, -0/+7Let me add to the chorus of others telling UK politicians that think IT is the silver bullet that will solve the national ID problem... that this bullet will shoot them in the foot much as this story proves. I have yet to see the UK government successfully roll out a large scale IT system (air traffic control system, child benefit system, and countless others cumulating into billions of euros failures). Keep it tight, keep it lean and modular. Start weaning departments off those draining Microsoft dependencies costing us a fortune first. We have so many strengths, and a civil service with a surprising amount of integrity. Competence in rolling out nationwide IT projects we haven't. In which case let's stay behind the curve, watch and learn from others failures, and come back to it in a decade when it becomes a commodity item. I'm sick of seeing 'consultants' (and it's the usual suspects for each project) being paid a fortune to come up with an unworkable scheme, which when it goes wrong as usual turns into a buck-passing project.
Phillip. - renesisx, on 11/21/2007, -0/+71) These government departments are "old school". This was probably the easiest way for them to move the data.
2) Again, laziness most likely. Or they just didn't really know. It could have been some low-level employee who had no clue.
Anyway, the movement of the data in this way was illegal, so heads will roll. - inactive, on 11/21/2007, -1/+7***** you tax man
- MonkeyHugger, on 11/21/2007, -1/+7That's just under half the population of Britain. That is such an immense figure it's almost hard to believe. Half the population of Britain who now have their bank details, their addresses, their names, out there somewhere and possibly been sold to criminals. And that, includes me. Quite a scary thought.
This is just gonna be another nail in the coffin for the ID card scheme; before the Conservatives get elected. - rebotfc, on 11/21/2007, -0/+6The real question is, why did a low level employee have access to this data to burn in the first place?
- RyanBlueThunder, on 11/21/2007, -2/+7Should five per cent appear too small,
Be thankful I don't take it all. - morph988, on 11/21/2007, -0/+5How come when Govt does something wrong, it's never criminal? This should be a criminal offense.
- Po0py, on 11/21/2007, -3/+8Shouldn't they be using some ***** encryption for this *****? I can imagine the clerk at the HM Revenue office thinking "Ok, I'll just pop these 25 million bank details and National Insurance numbers onto a cd and send it off in the post."
As a British citizen. I'd just like to say: Oh yes. Thanks for that. - gidd, on 11/21/2007, -0/+4To take that a bit further, why is all that information held cross-referenced in a single database in the first place?
I mean, okay, someone in the financial department needs the basic bank account details and amount to be paid. A social worker needs the address, the names and ages of the children, and so forth. A compliance officer requires a summary of the case at hand, and some identifying information to validate that the case is not fraudulent. Any extra information needed for a given case should require a manual lookup on a different system, requiring authentication and authorisation procedures.
NO-ONE needs all of the information at once in one place, and as you say, rebotfc, especially not a low level employee, presumably with no data security training.
This kind of information should be kept compartmentalised in completely separate database systems, with anonymised foreign keys, and no single identifying primary key. The fact that it isn't stored in such a way tells me that whoever designed and commissioned the system is unqualified to do so.
I'm not a secure database expert, as I work on fairly non-critical databases, and even I'm aware of these kinds of safeguards.
The fact that it was technically possible for ANYONE to cross-reference and burn a copy is shocking, let alone someone who is ignorant of basic data security and common-sense. - capiCrimm, on 11/21/2007, -1/+5he "mis-placed" his dictionary.
- Zaeyde, on 11/21/2007, -0/+4The issue is not whether or not they have a backup. The issue is that someone else may have intercepted the discs and are exploiting them. Or intending to exploit them.
It's a brilliant move, if someone planned to intercept them. Think, they could sit on it long enough for everyone to think they were just lost, not stolen, then use the information to their advantage later on. - patcarling, on 11/21/2007, -0/+4Should do, yes. Except that the plonkers running the show will make some absurd sounds about "lessons having been learned" and about how ID cards are needed to combat Saddam Hussein and Bin Laden and WMD .... and they'll just go ahead with ID cards!
- renesisx, on 11/21/2007, -1/+5That was serious, but it didn't include full details of all members of the family, plus Natioal Insurance (Social Security) numbers, dates of birth and bank account details. So I still think this is worse.
- troye, on 11/21/2007, -0/+4A password protected file means nothing. I can crack the password on many office file formats (like .doc, .pdf, .xls) in no time with free (as in beer) hacker tools. If the dics turns out to be stolen and not misplaced, the Brits will be angrier than when we threw the tea into the harbour. Misplaced means that you can find it but it will take time. Stolen means ... you know what it means ;)
- aliguana, on 11/21/2007, -0/+4even better. the disks were burned, put in an envelope and just sent by parcel post. No armed guards, no recorded delivery, nothing. When they didn't arrive at destination, they did the same thing again, burned the disks, put in the post. When THEY didn't arrive, they realised they had a problem...
Secure network, anyone? - MonkeyHugger, on 11/21/2007, -0/+4The best part was it wasn't just lost; it was stolen. God knows whos got those details now, but it's for sure in the hands of those who use it maliciously.
-
Show 51 - 100 of 135 discussions
Digg is coming to a city (and computer) near you! Check out all the details on our 
© Digg Inc. 2009
— Content created and posted by Digg users is