• On TechRepublic: 10 cool USB flash drive tricks
November 3, 2008 4:04 PM PST

British tax site goes dark after data security breach

by Elinor Mills

Security breaches happen all the time. But a recent incident in England is particularly worrisome and illustrates the risks of storing sensitive data on USB thumb drives which can easily slip out of a pocket or briefcase.

The British Department for Work and Pensions shut down a consumer Web site after a flash drive containing confidential passwords and source code was found in the parking lot of a pub two weeks ago, according to the Daily Mail.

The Government Gateway site, which about 12 million citizens use to file tax returns and pay parking tickets, contains addresses, salaries, National Insurance numbers, and credit card information.

The drive was lost by a 29-year-old IT analyst at Atos Origin, which has a contract to manage the Web site for the British government, according to the report.

"Not only would a fraudster be able to take personal details using the tools provided on the lost memory stick, but the extent of the information contained in the source code would allow a hacker to access the Government Gateway's payment systems and even divert tax money into private bank accounts," Jacques Erasmus of Internet protection firm Prevx told the paper.

The data was password protected but it would be "relatively easy" to crack, he said.

Elinor Mills covers Internet security and privacy. She joined CNET News in 2005 after working as a foreign correspondent for Reuters in Portugal and writing for The Industry Standard, the IDG News Service, and the Associated Press. E-mail Elinor.
Topics:

Privacy & data protection

Tags:

England,

security,

privacy

Share:
Digg
Del.icio.us
Reddit
advertisement
Click here!
Recent posts from Security
Microsoft to fix holes in Windows, Office
Google privacy controls: Most people won't care
Zero-day flaw found in Web encryption
Mac Game: Art project or malware?
Corporate bank accounts targeted in online fraud
Hacker breaks into jailbroken iPhones, asks for $7
Malwarebytes accuses rival of software theft
Security firm M86 acquires Finjan
Related
ChoicePoint to pay $275,000 in latest data breach
Hands on: Lexar total security thumbdrive
IBM privacy chief: Asia need not mimic Europe
Hacked Web mail accounts used to send spam
MobileMe: Syncing keychains asks for a password to a different computer
Phished or not, leaked passwords show lazy habits
LA approves $7.2 million Google Apps deal
Q&A: Schneier warns of marketers and dancing pigs
Add a Comment (Log in or register) (4 Comments)
  • prev
  • 1
  • next
by NewsReader_ November 3, 2008 6:20 PM PST
Correction :-)

The drive was lost by a "former" 29-year-old IT analyst at Atos Origin
Reply to this comment
by Hunnter2k3 November 4, 2008 4:12 AM PST
Seriously can't believe these things even happen.

When i was at college, i never lost my drive because i knew it would screw my work up by a few days, but losing THIS?! I don't think he will ever be hired again by any IT company...

But even then, the fact that these things aren't Truecrypted or similar, or even better, put in another container which has GPS, is rather shocking.
Reply to this comment
by askgees November 4, 2008 10:12 AM PST
This is just another example of the problems faced today. It's not the systems that are the risk, it's the people who manage them. The person who copied the data to the flash drive and then lost it should be fired or placed in another position where brains are not necessary. Any data transferred to a jump drive should be stored on a secure jump drive not just any old drive. Second of all not securing the drive is worse. It only proves that the weak link is the human link.
Reply to this comment
by csegeek November 6, 2008 6:07 PM PST
The Dreaded Flash Drive the most Dangerous IT Tool

These little marvels of technology have made life easy for IT, the common worker, and even myself.

The drives now come in a variety of sizes that will suit almost anyone?s needs, from 1GB for $5.99 for documents, pictures, and music to 32GB $59.99 that will transport six full length DVD quality movies with room to spare for documents, pictures, and your favorite mp3?s. The larger models could even transport a mid-sized company?s entire data base containing all of their customer?s information.

There in lies the problem. Data Security needs to be a ground up item, starting with the people that have access to the information


<a href="http://cegeekbook.blogspot.com">ce's geekbook</a>

csegeek
Reply to this comment
(4 Comments)
  • prev
  • 1
  • next
advertisement

FAQ: Buying the right Windows 7 upgrade

Readers still have lots of questions on just which version of the software they need to buy in order to upgrade their PC. CNET News tries to offer some answers.

N.Y. lawsuit details Intel's 'largesse' toward Dell

Attorney General Andrew Cuomo's federal antitrust case filed Wednesday alleges a longstanding symbiotic relationship between Intel and Dell.

About Security

Online security is threatened by more than hacking and phishing attempts. Check here for the latest updates on software vulnerabilities, data leaks, and rapidly spreading viruses--and learn how to protect your systems.

Add this feed to your online news reader

Security topics

advertisement
advertisement

Inside CNET News

Scroll Left Scroll Right
News
News site map
Latest headlines
Contact News
News staff
Corrections
CNET blogs
Popular topics
Apple iPhone
Apple iPod
Cell phones
Dell
GPS
LCD TV
CNET sites
CNET Site map
CNET TV
Downloads
News
Reviews
Shopper.com
More information
Newsletters
CNET Mobile
Customer Help Center
RSS
CNET Widgets
About CNET