25 Million Brits Exposed to Identity Theft
The BBC is reporting that 25 million Britains were exposed to the threat of identity theft when the HM Revenue & Customs (similar to the IRS in the U.S.) lost a CD containing personal data.
This has to be one of the worst data breaches ever, since the CD was not encrypted (just password protected) and the data included:
- Date of birth
- Bank account details
- National insurance number
In case you’re not familiar with that last item, it’s similar to the Social Security Number here in the U.S. What else could a potential thief want?
The CD with the data was sent to another HMRC location by a lower level employee via regular mail instead of using an encrypted network connection or some other secure method. The CD never showed up at the other office and officials are now trying to determine if it was stolen or just lost.
“The data lost – bank account numbers, names and addresses – represents a gold mine for the thieves and is much more valuable to them than credit card numbers or taxpayer id numbers,” said Gartner analyst Avivah Litan.
“In fact, in the black market, bank account numbers sell for the highest price, or between $30 and $400 (£15 to £200), which is significantly more than the fifty cents to five dollars that criminals pay for credit cards.”
This disaster has already forced the resignation of HMRC’s chairman – Paul Gray. I’m guessing the employee involved was also “sacked,” as the Brits like to put it. Let’s hope so.