December 18, 2007 7:45 AM PST

U.K. government loses data on driving-test candidates

Britain's Driving Standards Agency, which administers exams for drivers and driving instructors, has admitted losing details relevant to more than 3 million candidates for driver's-license testing.

As part of a speech to Parliament on Monday, transportation minister Ruth Kelly said that the details had been lost by a third-party contractor, Pearson Driving Assessments, in May of this year.

Pearson Driving Assessments, a private contractor for the Driving Standards Agency, informed the agency that "a hard disk had gone missing from its secure facility in Iowa City, Iowa," said Kelly. "The hard-disk drive contained the records of just over 3 million candidates for the driving theory test."

The lost details included names, postal addresses, e-mail addresses, and telephone numbers of people who participated in the test between September 2004 and April this year.

"The lost hard disk did not contain bank account and credit card details, driving license, or national insurance numbers," said Kelly. She added that the disk had been formatted specifically for Pearson systems "and, as such, is not readily usable or accessible by third parties."

Kelly said that the Information Commissioner's Office in the U.K. had been informed of the loss and, while being concerned at the scale of the breach, had deemed it unnecessary to contact individuals involved as there appeared to be "no substantial risk" connected to the loss of their data.

Pearson now uses electronic transfer in place of hard disks, said Kelly.

The speech was made by Kelly in response to the loss of more than 7,600 motorists' details by the Northern Ireland Driver and Vehicle Agency earlier this month, and follows the loss by Her Majesty's Revenue & Customs of personal and financial details on 25 million people claiming and receiving child benefits. Kelly divulged the learner-driver data loss during the speech "in the interests of greater transparency."

Tom Espiner of ZDNet UK reported from London.

See more CNET content tagged:
candidate, contractor, speech, U.K., hard drive

3 comments

Join the conversation!
Add your comment
Secure facility?
I think they should change that to unsecured.

What do they mean by "format" does that mean encrypted? If its just a file system I am sure someone with half a brain could figure out how to mount a file system. Most of the linux distros can handle at least 20+ different types of file systems. It would be sad if a child preditor's laptop had encryption and a DOL/DMV (whatever they call it) didn't.
Posted by Astinsan (132 comments )
Reply Link Flag
Storing UK goverment data in Iowa, USA?
Isn't is great in this global economy, that the UK goverment is storing it's data in a "secure" facility in Iowa, USA! I'm sure there are plenty of companies in the UK that would love to have that business, rather than send it to the USA.
Posted by likes2comment (101 comments )
Reply Link Flag
What kind of security do that call that?
Regardless of whether the disk was formatted for his system only (that's Microsoft weak encryption), did it have any kind of stronger encryption method implemented? If not, why not.

>>>between September 2004 and April this year.<<<

We are now in December 2007 and this happened quite a few months earlier. Why wasn't the info made known back then?

That means that slightly less than 3 years worth of information was all stored on one disk in a single location. Don't they do yearly offline backups and then purge the prior year's data once it's been backed up offline? Yearly backups would have been in 3 different backup sets. As such, even if one was stolen, that would mean that only 1/3rd of the entire database. And if it were encrypted with much stronger encryption over and above Microsoft's, then that would have ensured even more safety.

BTW: Why is a UK company's data being stored in the US?

FWIW
Posted by wbenton (522 comments )
Reply Link Flag
 

Join the conversation

Add your comment

The posting of advertisements, profanity, or personal attacks is prohibited. Click here to review our Terms of Use.

What's Hot

Discussions

Shared

RSS Feeds

Add headlines from CNET News to your homepage or feedreader.