DWP confirms ID data breaches
By Miya Knights,
Staff in over 30 local authorities have been the subject of serious ID card database security breaches over the last two and a half years, it has emerged.
The incidents were revealed in January, when the Department of Work and Pensions (DWP) issued an information bulletin to the authorities restating its access policy and penalties in light of the breaches.
Yesterday, the DWP confirmed it had sent the bulletin and that it was related to how it had detected staff accessing its Customer Information System (CIS) with “view-only” rights to its data on all UK citizens with a national insurance number.
These instances had no business justification and were detected from August 2006 onwards, in councils across the UK, including three at Sefton Council and two at Glasgow City Council.
The DWP press office issued a statement that said the fact the breaches were detected proved that CIS security measures were working.
“The bulletin included a reminder for local authority staff of the penalties for inappropriate accessing of customer information,” it stated. “This is an indication of how seriously the department and local authorities take data security.”
The penalties for unauthorised CIS access, such as viewing personal records or those of others they may know, include possible disciplinary action or prosecution.
Mark Evans, marketing and communications director at IT security specialist Imerja, said the incidents proved there is a real need for staff in every organisation to be better educated about IT security policies.
“The problem remains that, even with restricted access, there are still people who struggle to understand the importance of IT security and will write their login details on ‘Post-It’ notes for anyone to see,” he said.
“What we don’t know in this case is whether any of the detected breaches were malicious or if they were simply people misusing the database by taking shortcuts or even using it as a contacts directory. People don’t realise how easy it is to breach IT security protocol.”
You may also like...
Sponsored Links
advertisement
You may also like...
Latest Security Analysis & Insight
Do British police get cyber security?
Davey Winder listens to telephone conversations between the FBI and the Metropolitan Police, courtesy of Anonymous, and isn't impressed.
- Who to trust after the VeriSign hack?
- Striving to solve the security skills crisis
- Would you employ a hacker or malware writer?
- Q&A: Raj Samani, CTO McAfee
- Erase and rewind: the EU and privacy
- My email address is [CENSORED]
- Is there such a thing as a secure tablet?
- 2011: The year in news
- BYOD: Old or new, good or bad?
Latest Security Reviews
Check Point 2210 Appliance review
Rating: 
advertisement
Most popular
- Ubuntu vs. Windows 7 on the business desktop
- York researchers heat storage to speed up data
- BlackBerry Bold 9790 review
- OneNote hits Google?s Android
- O2 trials Olympic-scale remote working
- Will someone rid me of these troublesome Macs?
- Lenovo beats expectations again
- Who to trust after the VeriSign hack?
- Google to promise fairness after Motorola buy
- Report: Google cloud storage coming soon
Latest News Videos in Security
IT PRO Podcast: Are UK data protection laws flawed?
PlayWe bring in two experts to talk about the problems with UK data protection law and the way it is managed.
Register for IT PRO
You'll get exclusive member benefits including free whitepapers, downloads, Webinars and weekly newsletters full of the latest IT PRO news, reviews, insight and expertise.
