Categories
Archives
- May 2008
- April 2008
- March 2008
- December 2007
- November 2007
- October 2007
- September 2007
- August 2007
- July 2007
- June 2007
- May 2007
- April 2007
- February 2007
- January 2007
- December 2006
- November 2006
- October 2006
- September 2006
- August 2006
- July 2006
- June 2006
- May 2006
- April 2006
- March 2006
- February 2006
- January 2006
- December 2005
- November 2005
- October 2005
- September 2005
- July 2005
- June 2005
- May 2005
- April 2005
- March 2005
- February 2005
- January 2005
- December 2004
- November 2004
I resisted writing about the British Tax Authorities’ blunder disclosed last week when they lost two CDs full of sensitive information (bank accounts and social benefits information) of 25 million UK families. The story received enough mainstream press attention and I was afraid that many of our readers are starting to suffer from "breach fatigue" - hearing all too often about security breaches and missing personal information.
The fundamental reason why the breach occurred are all too common these days - e-mails released by the U.K.’s National Audit Office have confirmed that officials at the Revenue and Customs, did not want to remove sensitive information from child benefit data sent to the auditors because doing so would cost extra (although some experts have said that the cost of "sanitizing" the data could have cost less than the equivalent of $10,000).
Anyway, I could not resist writing about the recent development from the UK for a different reason. As a response to the initial breach, the Revenue & Customs decided that it owed an apology to the families affected by the breach. So it decided to mail them a personalized apology letter. The letter, however, was too personalized - it included name, address, national insurance and child benefit numbers. The information contained in this letter is all that is needed by identity thieves to open bank accounts, claim benefits or even apply for passports on behalf of somebody else.
The UK authorities urge people who received the letters to destroy them after they receive them and read them. But there are a large number of families who will never receive their - either because they moved or because somebody ‘conveniently’ picked the letter out of their mailbox on their behalf.
So what follows next? A second apology letter to apologize for the loss of the CDs and the first apology letter? No, instead the Revenue & Customs authorities are shifting the blame to the concerned citizens who did not receive the letter by saying that they should have updated their mailing address.
No Responses to “British Authorities: Insult to Injury”
No comments yet
Leave a Reply
Recent Posts
- CAN-SPAM Rules Modified
- CFAA Damages Calculation Includes Cost of Tracking Hacker
- Courts split on whether making a copyrighted song available for download violates copyright law.
- How to Respond to Data Breach
- Border Agents Can Search Laptops
- What is your return address?
- Proposed FRE 502 is good for electronic discovery, but it is not going to drastically reduce the cost of litigation as the authors are hoping.
- British Authorities: Insult to Injury
- Introduction to James Paulick
- TXJ Costs Continue Increasing
- Proposed Amendments to Section 1030
- Securing the Endpoints
- Measurement of Spam Damages For Federal Sentencing Purposes
- Email Attack Targets Executives
- “Open Wireless” Defense Not So Successful