Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email firstname.lastname@example.org
From: InfoSec News (alertsinfosecnews.org)
Date: Mon Nov 03 2008 - 02:29:02 CST
By Rhodri Phillips
November 2, 2008
A MEMORY stick that could allow hackers to access the personal details
of 12m people on a government website has been found in a pub car park.
The work and pensions department was last night forced to shut the
affected Government Gateway site and begin an emergency inquiry.
The loss was the latest in a long line of scandals involving missing
government data, including the personal details of all 25m recipients of
child benefit in 2007.
The disclosure came as James Purnell, the minister in charge of the
department, was forced to apologise for leaving confidential ministerial
correspondence on a train.
The £18m Government Gateway opened six years ago, allowing businesses
and the public to access hundreds of services from Whitehall
departments.They can use it to file their tax and Vat returns and apply
for pensions and child benefits.
When registering on the website applicants have to provide names,
addresses, national insurance numbers and credit card details.
According to the Mail on Sunday, the memory stick contained confidential
passwords for the website, security software and a technical blueprint
of the system known as the “source code”.
A computer security expert told the paper that the stick could be used
to access a series of databases or payment systems and that the source
code would be “invaluable” for hackers who wanted to access personal
details or defraud the government.
“Not only would a fraudster be able to take personal details using the
tools provided on the lost memory stick, but the extent of the
information contained in the source code would allow a hacker to access
the Government Gateway’s payment systems and even divert tax money into
private bank accounts,” he said.
“This is potentially the most serious data loss this country has seen in
A spokeswoman for the department insisted last night that the system’s
security had not been breached, and said the department was taking the
loss “very seriously”. She added: “We have moved immediately to make
sure there is no conceivable risk to users of the Government Gateway.”
The site is expected to re-open today.
The memory stick was lost by a 29-year-old employee of the computer
management firm Atos Origin, which won a five-year, £46.7m contract to
manage the Government Gateway website in 2006. The company has also been
chosen to supply IT systems for the Olympic Games in London in 2012.
Visit the InfoSec News Security Bookstore
Best Selling Security Books and More!