- Related Stories
-
A call for rational discourse on identity theft
December 6, 2007 -
U.K. government reveals its 'biggest privacy disaster'
November 21, 2007 -
Uncle Sam's newest security challenge to businesses
November 5, 2007 -
Why we still invite data breaches
October 29, 2007 -
Lawmaker blasts U.K. government on Microsoft policy
October 10, 2007 - Related Blogs
-
SourceForge hacked, but not to worry(?)
December 6, 2007 -
'60 Minutes' on TJX computer security
November 25, 2007
As part of a speech to Parliament on Monday, transportation minister Ruth Kelly said that the details had been lost by a third-party contractor, Pearson Driving Assessments, in May of this year.
Pearson Driving Assessments, a private contractor for the Driving Standards Agency, informed the agency that "a hard disk had gone missing from its secure facility in Iowa City, Iowa," said Kelly. "The hard-disk drive contained the records of just over 3 million candidates for the driving theory test."
The lost details included names, postal addresses, e-mail addresses, and telephone numbers of people who participated in the test between September 2004 and April this year.
"The lost hard disk did not contain bank account and credit card details, driving license, or national insurance numbers," said Kelly. She added that the disk had been formatted specifically for Pearson systems "and, as such, is not readily usable or accessible by third parties."
Kelly said that the Information Commissioner's Office in the U.K. had been informed of the loss and, while being concerned at the scale of the breach, had deemed it unnecessary to contact individuals involved as there appeared to be "no substantial risk" connected to the loss of their data.
Pearson now uses electronic transfer in place of hard disks, said Kelly.
The speech was made by Kelly in response to the loss of more than 7,600 motorists' details by the Northern Ireland Driver and Vehicle Agency earlier this month, and follows the loss by Her Majesty's Revenue & Customs of personal and financial details on 25 million people claiming and receiving child benefits. Kelly divulged the learner-driver data loss during the speech "in the interests of greater transparency."
Tom Espiner of ZDNet UK reported from London.
- More from News.com on this story's topics
Security
Government
United Kingdom
See more CNET content tagged:
candidate,
contractor,
speech,
hard drive
Unlimited long distance $24.99/mo
What do they mean by "format" does that mean encrypted? If its just a file system I am sure someone with half a brain could figure out how to mount a file system. Most of the linux distros can handle at least 20+ different types of file systems. It would be sad if a child preditor's laptop had encryption and a DOL/DMV (whatever they call it) didn't.
>>>between September 2004 and April this year.<<<
We are now in December 2007 and this happened quite a few months earlier. Why wasn't the info made known back then?
That means that slightly less than 3 years worth of information was all stored on one disk in a single location. Don't they do yearly offline backups and then purge the prior year's data once it's been backed up offline? Yearly backups would have been in 3 different backup sets. As such, even if one was stolen, that would mean that only 1/3rd of the entire database. And if it were encrypted with much stronger encryption over and above Microsoft's, then that would have ensured even more safety.
BTW: Why is a UK company's data being stored in the US?
FWIW