Security news18 December 2007
British government loses more personal data, Sophos comments Data belonging to more than three million learner drivers in the UK misplaced in the US
British Driving License Agency admits to losing data.
IT security and control firm Sophos is reminding organizations to tighten security following the announcement that the British government has again lost personal information, this time belonging to millions of UK drivers. The Driving and Vehicle Licensing Agency (DVLA) in the UK, employed a US company to house the names, addresses and phone numbers of more than three million learner drivers, on a hard drive. According to reports, the hard drive and all its details were lost in May 2007.
This latest data breach follows a number of government blunders, including the loss of unencrypted computer disks containing personal details of more than 25 million British families by Her Majesty's Revenue and Customs (HMRC).
In a separate incident, it was reported earlier this month that more disks had gone missing on route from the DVLA's office in Northern Ireland, to the agency's headquarters in Swansea. The unencrypted data contained information on 7,500 vehicles, including owner names and addresses, vehicle registrations, makes and colours, and chassis numbers.
"Despite public apologies and reassurances of tightening security measures, this recent misplaced disk debacle can only cement the public's distrust of government agencies," said Yogita Parmar, a spokesperson at Sophos. "The HMRC scandal was a well overdue wake-up call to both the public and private sector to secure and encrypt data to avoid it falling in the hands of fraudsters. Although the DVLA claims that in both these instances, no bank details and national security numbers were lost, criminals can still exploit the data available, highlighting that governments must ramp up their IT security to avoid embarrassing and damaging leaks in the future."
A further incident of disk loss occurred in December when the names, dates of birth and addresses of 160,000 children were lost at a London hospital. On this occasion however, the disks were encrypted, ensuring that no personal data could be retrieved - a further indication of the growing need for responsible IT security behavior.
In research published last month, Sophos revealed that 85% of the public lacked confidence in the security systems of their local government, and in a separate survey, 58% of those polled were not surprised that the UK government lost data on 25 million people.
Sophos has developed a list of symptoms that indicate when users may have become victims of identity theft. These include:
- You stop receiving bills or other mail; this could suggest that an identity thief has given a different address in place of your own
- You start receiving credit cards for which you did not apply
- You are denied credit for no obvious reason
- You receive calls from debt collectors about items you did not purchase
- When checking your credit history you see items you do not recognize
- Your bank statements include withdrawals, payments and money transfers for which you cannot account
Free virus scan
- Free virus, spyware, and adware scan
- Test your existing anti-virus protection
- Find threats your anti-virus missed
About Sophos
More than 100 million users in 150 countries rely on Sophos as the best protection against complex threats and data loss. Sophos is committed to providing security and data protection solutions that are simple to manage, deploy and use and that deliver the industry's lowest total cost of ownership. Sophos offers award-winning encryption, endpoint security, web, email, and network access control solutions backed by SophosLabs - a global network of threat intelligence centers. With more than two decades of experience, Sophos is regarded as a leader in security and data protection by top analyst firms and has received many industry awards.
Sophos is headquartered in Boston, US and Oxford, UK. More information is available at www.sophos.com.
