2007年11月22日 星期四

Data Leak in Britain Affects 25 Million

2007年11月22日


英國多份主要報章今天繼續追擊報道政府稅務局丟失2500萬個人資料的消息﹔此外,英格蘭國家足球隊出局,無緣進入歐洲杯決賽圈也是重點報道的消息。 《每日電訊報》報道說,丟失個人資料的危機現在算到首相布朗的頭上,因為在布朗出任財相與首相期間,有關方面已經一再告知財政部與其他部門,部門內人員疏忽行事的陋習,將可能導致保密資料落入不法者手中。 《衛報》報道說,由於政府丟失了2500萬個人資料,這當中包括銀行帳戶號碼與地址,資訊專員敦促大臣們檢討準備推出的身份證計劃收集的個人資料數量,此前支持身份證計劃的工黨後座議員,也贊成這樣做。



布朗等高層官員需要承擔責任 《泰晤士報》報道說,由於擔心個人資料落入不法分子手中,昨天有數千人更改了銀行帳戶的提款密碼。此外,銀行以及信貸資料服務機構的電話響個不停,這些來自兒童福利申請人的電話,希望能夠保護到個人的資料。 《獨立報》把政府這起丟失資料的醜聞稱為“數據門”。報章在頭版刊登了政府多個機構也儲存有諸如個人地址、銀行帳戶、繳稅記錄等個人資料,這些機構包括內政部、全國醫療保險系統、司機及汽車牌照局等。



紐約時報

Data Leak in Britain Affects 25 Million
LONDON, Nov. 21 — The British government struggled Wednesday to explain its loss of computer disks containing detailed personal information on 25 million Britons, including an unknown number of bank account identifiers, in what analysts described as potentially the most significant privacy breach of the digital era.

It has defended its decision not to disclose the loss until Tuesday, 10 days after it had been informed, saying banks had asked for time to put heightened security measures in place first.

The data went astray in October, after two computer disks that contained information on families that receive government financial benefits for children were sent out from a government tax agency unregistered, via a private delivery service. The episode is one of three this year in which the agency improperly handled its vast archive of personal data, according to an account by the chancellor of the Exchequer — including the sending of a second set of disks when the first set did not arrive.

In sheer numbers, the breach was smaller than several in the United States over the last few years. Last year, a computer and detachable hard drive with the names, birth dates and Social Security numbers of 26.5 million veterans and military personnel was stolen from the home of an analyst, but recovered apparently without any harm. In 2003, a former software engineer at America Online pleaded guilty to stealing and selling 92 million user names and e-mail addresses, setting off an avalanche of up to seven billion unsolicited e-mail messages.

But the disks lost in Britain contained detailed personal information on 40 percent of the population: in addition to the bank account numbers, there were names, addresses and national insurance numbers, the British equivalent of Social Security numbers. They also held data on almost every child under 16.

“This particular breach would dwarf anything we’ve seen in the United States in terms of percentage of the population impacted,” said Paul Stephens, director of policy and advocacy for the Privacy Rights Clearinghouse, a nonprofit consumer advocacy group based in California.

The head of the tax agency, Paul Gray, resigned Tuesday, and Prime Minister Gordon Brown apologized to the nation on Wednesday and said he had ordered a review of the government’s handling of all private data. In an address to the House of Commons, he said, “I profoundly regret and apologize for the inconvenience and worries that have been caused to millions of families that receive child benefits.”

The data breach offered the opposition new ammunition. David Cameron, the leader of the opposition Conservative Party, said in Parliament that the government had “failed in its first duty — to protect the public.”

Bank officials said they had scrutinized their records back to Oct. 18, when the disks were mailed, but had discerned no unusual account activity, and the government pledged that no individuals would be responsible for any losses related to the security breach. British families are eligible for a weekly payment of $36.30 for their first child, and $25 per additional child. Those who choose to have the money deposited directly into bank accounts must provide this information to the government.

The disks were protected by a password, the government said, but were not encrypted. They were sent by Her Majesty’s Revenue and Customs, the country’s tax collection agency, to the National Audit Office, which monitors government spending, via a parcel delivery company, TNT.

According to the chancellor of the Exchequer, Alistair Darling, who delivered a lengthy explanation to the House of Commons on Tuesday, a “junior” staff member sent the disks. Three weeks later, the tax agency’s managers were informed that the disks had not arrived. Mr. Darling said he was told of the problem two days later, but first had law enforcement officials hunt for the disks and then alerted banks.

“In making this statement today,” he said, “I have had to balance the imperative of informing the House and the public at the earliest opportunity, whilst at the same time ensuring that when I did so the appropriate safeguards were in place to protect the public, including in relation to bank accounts. Indeed the banks were adamant that they wanted as much time as possible to prepare for this announcement.”

But on Wednesday, a spokeswoman for the British Bankers Association, Lesley McLeod, said the group had been informed only on Friday, and that its security measures had been completed by Monday.

Mr. Darling noted two other instances in which the tax agency had sent delicate information to the National Audit Office that were not in keeping with security rules: first in March this year, and then a second time in October, when the audit office first told the tax agency that the two disks had not arrived. Those, he said, were sent by registered mail, and did arrive. Experts on security data said there were signs of systemic security problems.

“It sort of beggars belief how anyone could have access to that data,” Simon Zimmo, the commercial director for Europe, the Middle East and Africa at SecuriData, a data security specialist based in Scotland.

Experts said the information could allow crimes beyond identity theft. Some people use the name of a child or part of an address as a password on a bank account, so the combination of these details could allow someone to break their code.

“You can bet your bottom dollar that there will be people out there looking for those disks, and it’s not just MI5 trying to get them back,” said Mike Davis, an analyst with the Ovum technology consulting firm in London, referring to the British domestic security services.

Matt Richtel contributed reporting from New York.




When one says it 'beggars belief' it is another way of saying it defies belief. Or, in other words, it doesn't ring true. To use it in a sentence:
That story the driver cooked up and told the state trooper beggars belief.





沒有留言: