logo

  •   Submit to to del.icio.us   Submit to to digg   submit to to reddit   submit to to StumbleUpon   submit to to Google   Submit to to Yahoo!

Category: news | Posted by Avatar Staff 65 days ago
Via: http://lists.jammed.com | Tags: isn ministers hit security fiascos comments Discuss  






From: InfoSec News <alerts_at_private>




Date: Mon, 3 Nov 2008 02:29:02 -0600 (CST)






http://www.timesonline.co.uk/tol/news/politics/article5064274.ece



By Rhodri Phillips 

Times Online

November 2, 2008



A MEMORY stick that could allow hackers to access the personal details 

of 12m people on a government website has been found in a pub car park.



The work and pensions department was last night forced to shut the 

affected Government Gateway site and begin an emergency inquiry.



The loss was the latest in a long line of scandals involving missing 

government data, including the personal details of all 25m recipients of 

child benefit in 2007.



The disclosure came as James Purnell, the minister in charge of the 

department, was forced to apologise for leaving confidential ministerial 

correspondence on a train.



The £18m Government Gateway opened six years ago, allowing businesses 

and the public to access hundreds of services from Whitehall 

departments.They can use it to file their tax and Vat returns and apply 

for pensions and child benefits.



When registering on the website applicants have to provide names, 

addresses, national insurance numbers and credit card details.



According to the Mail on Sunday, the memory stick contained confidential 

passwords for the website, security software and a technical blueprint 

of the system known as the “source code”.



A computer security expert told the paper that the stick could be used 

to access a series of databases or payment systems and that the source 

code would be “invaluable” for hackers who wanted to access personal 

details or defraud the government.



“Not only would a fraudster be able to take personal details using the 

tools provided on the lost memory stick, but the extent of the 

information contained in the source code would allow a hacker to access 

the Government Gateway’s payment systems and even divert tax money into 

private bank accounts,” he said.



“This is potentially the most serious data loss this country has seen in 

recent times.”



A spokeswoman for the department insisted last night that the system’s 

security had not been breached, and said the department was taking the 

loss “very seriously”. She added: “We have moved immediately to make 

sure there is no conceivable risk to users of the Government Gateway.” 

The site is expected to re-open today.



The memory stick was lost by a 29-year-old employee of the computer 

management firm Atos Origin, which won a five-year, £46.7m contract to 

manage the Government Gateway website in 2006. The company has also been 

chosen to supply IT systems for the Olympic Games in London in 2012.



[...]





______________________________________________      

Visit the InfoSec News Security Bookstore

Best Selling Security Books and More!

http://www.shopinfosecnews.org 



Received on Mon Nov 03 2008 - 00:29:02 PST
addto Add this link to... report Bury 


Comments Who Voted Related Links
Copyright 2005-2008 Best of Security