What a suprise!More data goes missing!

#1
When the fuc* will they learn?But it's ok,it's encrypted says 'gov tw@!

bbc.co.uk

An inquiry has been launched after a memory stick with user names and passwords for a key government computer system was found in a pub car park.

A spokeswoman said the matter was being taken "extremely seriously" and the Gateway website had been shut down.

She said the "integrity" of the website - which provides services including tax returns - had "not been compromised".

Subcontractor Atos Origin, which lost the stick, said there had been a "direct breach" of its procedures.

The Gateway website allows members of the public to access hundreds of government services including self-assessment tax returns, pension entitlements and child benefits.

The Mail on Sunday, which broke the story, said the memory stick might allow someone to access the personal details of the 12 million people registered on it.

But a spokeswoman for the Department of Work and Pensions said the device contained user names and passwords for testing an old version of the system, and all the information was encrypted.

"We are taking this issue extremely seriously and a full and urgent investigation is under way," she said.

"We have moved immediately to make sure there is no conceivable risk to users of the Government Gateway, and are convinced the integrity of the Government Gateway has not been compromised.

"On the basis of an initial examination of the contents of the memory stick, it is our experts' opinion that the contents would not allow anyone to breach the very strong security safeguards protecting the website."

It is clear that the employee removed the device from company premises in direct breach of our own operating procedure.


She said the system had been shut down "for a short period as a precaution", but was expected to be up and running again soon.

A spokesman for Atos Origin, the government subcontractor which runs Gateway, said one of its employees had "misplaced" the stick.

It was found in the car park of the Orbital Pub in Cannock, Staffordshire, near to where the firm is based.

"The company takes the loss of this device very seriously and we are currently carrying out a full investigation of both the circumstances surrounding its loss and the data content of the stick," the spokesman said.

"It is clear that the employee removed the device from company premises in direct breach of our own operating procedure.

"Atos Origin is working very closely with the government and the police. The company takes full responsibility for this loss and will discipline the individual involved.

"As this may become a criminal matter for the individual concerned, it is inappropriate for us to comment further at this stage."

This is the latest in a series of incidents in which memory sticks and other devices holding personal data have been lost.

In August, another government contractor PA Consulting lost a memory stick containing the personal details of tens of thousands of criminals.

Earlier, Work and Pensions Secretary James Purnell was forced to apologise after he left confidential ministerial correspondence on a train.
 
#2
#3
Now I don't know about you lot, but I am personally sick to death of hearing the following;

We are taking this issue extremely seriously and a full and urgent investigation is under way
Lessons have been learned
I don't deny that the government has been swift at punishing offenders in other cases. The real question is, what are they doing to prevent this happening again (and again and again and again)? Why are our security standards so low in UK that any Tom Dick and Harry can pop down the pub with a memory stick in his pocket? Where is the deterrent to stop this situation from continuing?
 
#4
And the Government is still insistent on ontroducing ID cards
 
#5
skintboymike said:
Now I don't know about you lot, but I am personally sick to death of hearing the following;

We are taking this issue extremely seriously and a full and urgent investigation is under way
Lessons have been learned
I don't deny that the government has been swift at punishing offenders in other cases. The real question is, what are they doing to prevent this happening again (and again and again and again)? Why are our security standards so low in UK that any Tom Dick and Harry can pop down the pub with a memory stick in his pocket? Where is the deterrent to stop this situation from continuing?

I guess it's a number of things, with the all new systems we're getting more and more mobile, so instead of the old office computer we've now got laptops, memory sticks and discs, add to that the more relaxed state of working with flexible working arrangements means a lot of people are using this equipment at home, after a while they start getting relaxed and that's when things go missing or get misplaced.

The other problem is that with encryption and other forms of security there is also the need for more and more usernames and passwords, you can keep the data encrypted but most people have their passwords and so on at hand in their mobiles, home computer and so on.

So in short, you can make a system as secure as it can be, but it will always have a person working on it, that's the weak spot, i personally don't take anything away as i just don't want the extra hassle of having this stuff away from work.
 
#6
How many of these security breaches are from PPP and PFI initiatives?
Yet the government continue to award massive contracts to private industry to carry out civil servant jobs (@ much greater cost), while at the same time using LEAN to cut back on Civil Servant jobs and relaxing the rules on chicking proceedures.
 
#7
I read this thread and then noticed that the advert at the bottom was for ebay auctioning - yes, you've guessed it - memory sticks :D
 
#8
Having worked with this company previously, the gateway used to be hosted from a List X site where you had to sign memory sticks, tapes in fact everything in and out from a central secure area. If at the end of the day you had not returned it, you had to justify why. All rooms were coded for access and they knew exactly who was where and when.

For whatever reason (probably cost) they decided to relocate to one of their own buildings where it would appear the security arrangements were not as high. I also believe most of the guys on the contract were replaced when it was relocated.
 

Similar threads

New Posts

Latest Threads

Top