Her Majesty’s Revenue & Customs in the UK, already under the spotlight for losing details of up to 25 million individuals in the UK, has admitted another data loss. According to sources, it is the seventh such example in the last couple of months.
This time, details of 6,500 customers belonging to a pension firm have been lost at an office of HM Revenue and Customs (HMRC) in Cardiff, Wales. Names, addresses, date of births, national insurance numbers and pension contributions were included on a data cartridge which has been lost.
This follows news earlier this week that another government body, the Driving Standard Agency, lost the details of around three million learner drivers. The data was being held by a private contractor, which reported the loss to the government back in May 2007. Why it took so long for the government to make the data loss public is still unclear.
What is clear is that the 25 million records initially lost by the HMRC is indeed turning out to be the tip of the iceberg. Organizations, both in the public and private sectors, need to urgently address their data security policies and ensure that they are not leaving gaping wide holes open in the security mechanisms by failing to address issues such as removable media devices on the network.
