British tax site goes dark after data security breach

Security breaches happen all the time. But a recent incident in England is particularly worrisome and illustrates the risks of storing sensitive data on USB thumb drives which can easily slip out of a pocket or briefcase.

The British Department for Work and Pensions shut down a consumer Web site after a flash drive containing confidential passwords and source code was found in the parking lot of a pub two weeks ago, according to the Daily Mail.

The Government Gateway site, which about 12 million citizens use to file tax returns and pay parking tickets, contains addresses, salaries, National Insurance numbers, and credit card information.

The drive was lost by a 29-year-old IT analyst at Atos Origin, which has a contract to manage the Web site for the British government, according to the report.

"Not only would a fraudster be able to take personal details using the tools provided on the lost memory stick, but the extent of the information contained in the source code would allow a hacker to access the Government Gateway's payment systems and even divert tax money into private bank accounts," Jacques Erasmus of Internet protection firm Prevx told the paper.

The data was password protected but it would be "relatively easy" to crack, he said.

[NewsReader_]

Correction :-)

The drive was lost by a "former" 29-year-old IT analyst at Atos Origin

[Hunnter2k3]

Seriously can't believe these things even happen.

When i was at college, i never lost my drive because i knew it would screw my work up by a few days, but losing THIS?! I don't think he will ever be hired again by any IT company...

But even then, the fact that these things aren't Truecrypted or similar, or even better, put in another container which has GPS, is rather shocking.

[askgees]

This is just another example of the problems faced today. It's not the systems that are the risk, it's the people who manage them. The person who copied the data to the flash drive and then lost it should be fired or placed in another position where brains are not necessary. Any data transferred to a jump drive should be stored on a secure jump drive not just any old drive. Second of all not securing the drive is worse. It only proves that the weak link is the human link.

[csegeek]

The Dreaded Flash Drive the most Dangerous IT Tool

These little marvels of technology have made life easy for IT, the common worker, and even myself.

The drives now come in a variety of sizes that will suit almost anyone?s needs, from 1GB for $5.99 for documents, pictures, and music to 32GB $59.99 that will transport six full length DVD quality movies with room to spare for documents, pictures, and your favorite mp3?s. The larger models could even transport a mid-sized company?s entire data base containing all of their customer?s information.

There in lies the problem. Data Security needs to be a ground up item, starting with the people that have access to the information


<a href="http://cegeekbook.blogspot.com">ce's geekbook</a>

csegeek