August 31, 2006 10:53 AM PDT
U.K.'s Home Office admits to database breaches
- Related Stories
Biometric ID card plan under British reviewJuly 11, 2006
Do we need a national ID card?May 23, 2006
Keeping tabs on citizensApril 19, 2006
Britain to use ID card database as national registerApril 19, 2006
In a response to a parliamentary question at the end of last week, the Home Office said it had had five security breaches in five years, mostly caused by civil service staff.
"The security breaches didn't involve people hacking into the systems," a Home Office representative told ZDNet UK on Thursday.
Four of the five incidents involved members of staff accessing the ID and Passport databases for unauthorized purposes. Three used their systems access privileges to conduct checks that were "not connected to their duties", according to an ID and Passport service spokesman, while in the other breach the staff member "misused data he was entitled to access".
In each of the cases "disciplinary action resulting in dismissal was undertaken," with one staff member "resigning before the proceedings came to an end," the spokesman said.
The fifth security breach occurred in a prison service system, when a "technical failure" caused the system to crash. The system has since been replaced, according to the Home Office.
The ID and Passport Service (IPS) said that this does not affect the ID card project, which will involve a massive database of personal and biometric data. Security experts have raised questions about how secure a national identity database linked to the government's ID card plan could be.
"The IPS takes the protection of systems and data very seriously. A range of protection and procedures are in place to prevent the misuse or abuse of official systems and to detect it where it does occur. IPS is committed to investigating any such misuse or abuse, and will deal with it in the strongest manner," the spokesman said.
However, the IPS admitted that the security breaches had still occurred, even with the protection systems in place.
"At the end of the day it's an issue of trust," the spokesman said. "People are security vetted, but trust can be breached. Anyone identified as breaching the system will be treated severely."
Tom Espiner of ZDNet UK reported from London.
2 commentsJoin the conversation! Add your comment