British Driving License Agency admits to losing data.
IT security and control firm Sophos is reminding organizations
to tighten security following the announcement that the British
government has again lost personal information, this time belonging
to millions of UK drivers. The Driving and Vehicle Licensing Agency
(DVLA) in the UK, employed a US company to house the names,
addresses and phone numbers of more than three million learner
drivers, on a hard drive. According to reports, the hard drive and
all its details were lost in May 2007.
This latest data breach follows a number of government blunders,
including the loss of unencrypted computer disks containing
personal details of more than
25 million British families by Her Majesty's Revenue and Customs
(HMRC).
In a separate incident, it was reported earlier this month that
more disks had gone missing on route from the DVLA's office in
Northern Ireland, to the agency's headquarters in Swansea. The
unencrypted data contained information on 7,500 vehicles, including
owner names and addresses, vehicle registrations, makes and
colours, and chassis numbers.
"Despite public apologies and reassurances of tightening
security measures, this recent misplaced disk debacle can only
cement the public's distrust of government agencies," said Yogita
Parmar, a spokesperson at Sophos. "The HMRC scandal was a well
overdue wake-up call to both the public and private sector to
secure and encrypt data to avoid it falling in the hands of
fraudsters. Although the DVLA claims that in both these instances,
no bank details and national security numbers were lost, criminals
can still exploit the data available, highlighting that governments
must ramp up their IT security to avoid embarrassing and damaging
leaks in the future."
A further incident of disk loss occurred in December when the
names, dates of birth and addresses of 160,000 children were lost
at a London hospital. On this occasion however, the disks were
encrypted, ensuring that no personal data could be retrieved - a
further indication of the growing need for responsible IT security
behavior.
In research published last month, Sophos revealed that 85% of
the public lacked confidence in the security systems of their
local government, and in a separate survey, 58% of those
polled were not surprised that the UK government lost data on
25 million people.
Sophos has developed a list of symptoms that indicate when users
may have become victims of identity theft. These include:
- You stop receiving bills or other mail; this could suggest that
an identity thief has given a different address in place of your
own
- You start receiving credit cards for which you did not
apply
- You are denied credit for no obvious reason
- You receive calls from debt collectors about items you did not
purchase
- When checking your credit history you see items you do not
recognize
- Your bank statements include withdrawals, payments and money
transfers for which you cannot account
Sophos is headquartered in Boston, US and Oxford, UK. More information is available at www.sophos.com.