Britain's Driving Standards Agency, which administers exams for drivers and driving instructors, has admitted losing details relevant to more than 3 million candidates for driver's-license testing.
As part of a speech to Parliament on Monday, transportation minister Ruth Kelly said that the details had been lost by a third-party contractor, Pearson Driving Assessments, in May of this year.
Pearson Driving Assessments, a private contractor for the Driving Standards Agency, informed the agency that "a hard disk had gone missing from its secure facility in Iowa City, Iowa," said Kelly. "The hard-disk drive contained the records of just over 3 million candidates for the driving theory test."
The lost details included names, postal addresses, e-mail addresses, and telephone numbers of people who participated in the test between September 2004 and April this year.
"The lost hard disk did not contain bank account and credit card details, driving license, or national insurance numbers," said Kelly. She added that the disk had been formatted specifically for Pearson systems "and, as such, is not readily usable or accessible by third parties."
Kelly said that the Information Commissioner's Office in the U.K. had been informed of the loss and, while being concerned at the scale of the breach, had deemed it unnecessary to contact individuals involved as there appeared to be "no substantial risk" connected to the loss of their data.
Pearson now uses electronic transfer in place of hard disks, said Kelly.
The speech was made by Kelly in response to the loss of more than 7,600 motorists' details by the Northern Ireland Driver and Vehicle Agency earlier this month, and follows the loss by Her Majesty's Revenue & Customs of personal and financial details on 25 million people claiming and receiving child benefits. Kelly divulged the learner-driver data loss during the speech "in the interests of greater transparency."
What do they mean by "format" does that mean encrypted? If its just a file system I am sure someone with half a brain could figure out how to mount a file system. Most of the linux distros can handle at least 20+ different types of file systems. It would be sad if a child preditor's laptop had encryption and a DOL/DMV (whatever they call it) didn't.
Isn't is great in this global economy, that the UK goverment is storing it's data in a "secure" facility in Iowa, USA! I'm sure there are plenty of companies in the UK that would love to have that business, rather than send it to the USA.
Regardless of whether the disk was formatted for his system only (that's Microsoft weak encryption), did it have any kind of stronger encryption method implemented? If not, why not.
>>>between September 2004 and April this year.<<<
We are now in December 2007 and this happened quite a few months earlier. Why wasn't the info made known back then?
That means that slightly less than 3 years worth of information was all stored on one disk in a single location. Don't they do yearly offline backups and then purge the prior year's data once it's been backed up offline? Yearly backups would have been in 3 different backup sets. As such, even if one was stolen, that would mean that only 1/3rd of the entire database. And if it were encrypted with much stronger encryption over and above Microsoft's, then that would have ensured even more safety.
BTW: Why is a UK company's data being stored in the US?
Web giant is spending $120 million to beef up its Mountain View, Calif., headquarters, according to filings with the city reviewed by the San Jose Mercury News.
The Samsung Galaxy Mini 2 S6500 could make its debut at the Mobile World Congress in Barcelona later this month, according to a leaked promotional image.
MIT creates a simulation to celebrate the 50th anniversary of Spacewar. A relic of the early days of minicomputers, it was one of the first computer video games and set the stage for many others, including Asteroids.
What do they mean by "format" does that mean encrypted? If its just a file system I am sure someone with half a brain could figure out how to mount a file system. Most of the linux distros can handle at least 20+ different types of file systems. It would be sad if a child preditor's laptop had encryption and a DOL/DMV (whatever they call it) didn't.
>>>between September 2004 and April this year.<<<
We are now in December 2007 and this happened quite a few months earlier. Why wasn't the info made known back then?
That means that slightly less than 3 years worth of information was all stored on one disk in a single location. Don't they do yearly offline backups and then purge the prior year's data once it's been backed up offline? Yearly backups would have been in 3 different backup sets. As such, even if one was stolen, that would mean that only 1/3rd of the entire database. And if it were encrypted with much stronger encryption over and above Microsoft's, then that would have ensured even more safety.
BTW: Why is a UK company's data being stored in the US?
FWIW