The Home Office has admitted that the security of its ID and passport service database has been compromised several times, but denied that remote hackers were responsible.
In a response to a parliamentary question at the end of last week, the Home Office said it had had five security breaches in five years, mostly caused by civil service staff.
"The security breaches didn't involve people hacking into the systems," a Home Office representative told ZDNet UK on Thursday.
Four of the five incidents involved members of staff accessing the ID and Passport databases for unauthorized purposes. Three used their systems access privileges to conduct checks that were "not connected to their duties", according to an ID and Passport service spokesman, while in the other breach the staff member "misused data he was entitled to access".
In each of the cases "disciplinary action resulting in dismissal was undertaken," with one staff member "resigning before the proceedings came to an end," the spokesman said.
The fifth security breach occurred in a prison service system, when a "technical failure" caused the system to crash. The system has since been replaced, according to the Home Office.
The ID and Passport Service (IPS) said that this does not affect the ID card project, which will involve a massive database of personal and biometric data. Security experts have raised questions about how secure a national identity database linked to the government's ID card plan could be.
"The IPS takes the protection of systems and data very seriously. A range of protection and procedures are in place to prevent the misuse or abuse of official systems and to detect it where it does occur. IPS is committed to investigating any such misuse or abuse, and will deal with it in the strongest manner," the spokesman said.
However, the IPS admitted that the security breaches had still occurred, even with the protection systems in place.
"At the end of the day it's an issue of trust," the spokesman said. "People are security vetted, but trust can be breached. Anyone identified as breaching the system will be treated severely."
Employees taking advantage of their priveleges is appaling, but not uncommon. Think about the files you share, the email you send... that's supposed to be for your intended recipient only. The FBI reports that "80% of asset misdirection happens when information is exploited by authorized users" (<a class="jive-link-external" href="http://www.essentialsecurity.com/Documents/article23.htm" target="_newWindow">http://www.essentialsecurity.com/Documents/article23.htm</a>) ... so this happening is a common occurence. What needs to happen is more control, more policies and severe consequences for employees who take advantage of their priveleges. These employees got fired, which is a step in the right direction.
Chinese authorities have reportedly taken iPads from a third-party retailer, a move apparently brought on by Apple's continued refusal to honor a trademark for the iPad name owned by a Chinese manufacturer.
NY professor believes that a word-based algorithm can help bring together those who believe, with one glimpse, that they have found and lost the love of their lives.
After a higher-than-expected fourth quarter, the video subscription service unburdens itself of a pending yearlong class action suit and settles for $9 million.
Along with green-lighting Google's buy of Motorola, the Justice Department today OKs an Apple-Microsoft-RIM partnership deal to buy Nortel patents, and Apple's plan to acquire Novell patents.
Chamtech's spray-on antenna uses a nano material to provide a low-power boost to antenna range. The wireless-in-a-can product may some day bring an end to unsightly cell towers.
This week, we pass around Sony's new PlayStation Vita for some hands-on testing, check out HP's newest Beats Audio laptop, and debate the best and worst Valentine's Day gadget gifts.
EnerG2 opens a plant to make an engineered carbon that will improve performance of energy storage devices and make storage for start-stop hybrid cars less expensive.
What needs to happen is more control, more policies and severe consequences for employees who take advantage of their priveleges. These employees got fired, which is a step in the right direction.
It doesn't matter how many times, nor whom, nor whether from remote or not!!!
THE ONLY THING THAT MATTERS is that it was hacked and the data was breached. Something which should have never happened in the first place.
Bottom Line: Security is only as good as it's implemented. Bad security implementations cause problems like this!
Something which NEVER should have happened... BUT DID!!!
Unless the right heads roll on this one... it WILL happen again!!!
Walt