Security news
Security news18 December 2007
British government loses more personal data, Sophos comments Data belonging to more than three million learner drivers in the UK misplaced in the US
British Driving License Agency admits to losing data.
IT security and control firm Sophos is reminding organizations to tighten security following the announcement that the British government has again lost personal information, this time belonging to millions of UK drivers. The Driving and Vehicle Licensing Agency (DVLA) in the UK, employed a US company to house the names, addresses and phone numbers of more than three million learner drivers, on a hard drive. According to reports, the hard drive and all its details were lost in May 2007.
This latest data breach follows a number of government blunders, including the loss of unencrypted computer disks containing personal details of more than 25 million British families by Her Majesty's Revenue and Customs (HMRC).
In a separate incident, it was reported earlier this month that more disks had gone missing on route from the DVLA's office in Northern Ireland, to the agency's headquarters in Swansea. The unencrypted data contained information on 7,500 vehicles, including owner names and addresses, vehicle registrations, makes and colours, and chassis numbers.
"Despite public apologies and reassurances of tightening security measures, this recent misplaced disk debacle can only cement the public's distrust of government agencies," said Yogita Parmar, a spokesperson at Sophos. "The HMRC scandal was a well overdue wake-up call to both the public and private sector to secure and encrypt data to avoid it falling in the hands of fraudsters. Although the DVLA claims that in both these instances, no bank details and national security numbers were lost, criminals can still exploit the data available, highlighting that governments must ramp up their IT security to avoid embarrassing and damaging leaks in the future."
A further incident of disk loss occurred in December when the names, dates of birth and addresses of 160,000 children were lost at a London hospital. On this occasion however, the disks were encrypted, ensuring that no personal data could be retrieved - a further indication of the growing need for responsible IT security behavior.
In research published last month, Sophos revealed that 85% of the public lacked confidence in the security systems of their local government, and in a separate survey, 58% of those polled were not surprised that the UK government lost data on 25 million people.
Sophos has developed a list of symptoms that indicate when users may have become victims of identity theft. These include:
- You stop receiving bills or other mail; this could suggest that an identity thief has given a different address in place of your own
- You start receiving credit cards for which you did not apply
- You are denied credit for no obvious reason
- You receive calls from debt collectors about items you did not purchase
- When checking your credit history you see items you do not recognize
- Your bank statements include withdrawals, payments and money transfers for which you cannot account
Download now
- USA number 1 for malware and spam
- Huge surge in email attachment attacks
- Scareware makes users buy bogus products
About Sophos
Sophos enables enterprises all over the world to secure and control their IT infrastructure. Sophos's network access control, endpoint, web and email solutions simplify security to provide integrated defenses against malware, spyware, intrusions, unwanted applications, spam, policy abuse, data leakage and compliance drift. With over 20 years of experience, Sophos protects over 100 million users in nearly 150 countries with its reliably engineered security solutions and services. Recognized for its high level of customer satisfaction and powerful yet easy-to-use solutions, Sophos has received many industry awards, as well as positive reviews and certifications.
Sophos is headquartered in Boston, US and Oxford, UK. More information is available at www.sophos.com
