IT Pro is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Learn more

DWP confirms ID data breaches

The system that holds data key to the ID cards programme has been breached by staff in over 30 local authorities, the government department has admitted.

Staff in over 30 local authorities have been the subject of serious ID card database security breaches over the last two and a half years, it has emerged.

The incidents were revealed in January, when the Department of Work and Pensions (DWP) issued an information bulletin to the authorities restating its access policy and penalties in light of the breaches.

Yesterday, the DWP confirmed it had sent the bulletin and that it was related to how it had detected staff accessing its Customer Information System (CIS) with "view-only" rights to its data on all UK citizens with a national insurance number.

These instances had no business justification and were detected from August 2006 onwards, in councils across the UK, including three at Sefton Council and two at Glasgow City Council.

The DWP press office issued a statement that said the fact the breaches were detected proved that CIS security measures were working.

"The bulletin included a reminder for local authority staff of the penalties for inappropriate accessing of customer information," it stated. "This is an indication of how seriously the department and local authorities take data security."

The penalties for unauthorised CIS access, such as viewing personal records or those of others they may know, include possible disciplinary action or prosecution.

Mark Evans, marketing and communications director at IT security specialist Imerja, said the incidents proved there is a real need for staff in every organisation to be better educated about IT security policies.

"The problem remains that, even with restricted access, there are still people who struggle to understand the importance of IT security and will write their login details on Post-It' notes for anyone to see," he said.

"What we don't know in this case is whether any of the detected breaches were malicious or if they were simply people misusing the database by taking shortcuts or even using it as a contacts directory. People don't realise how easy it is to breach IT security protocol."

Featured Resources

The Total Economic Impact™ Of Turbonomic Application Resource Management for IBM Cloud® Paks

Business benefits and cost savings enabled by IBM Turbonomic Application Resource Management

Free Download

The Total Economic Impact™ of IBM Watson Assistant

Cost savings and business benefits enabled by Watson Assistant

Free Download

The field guide to application modernisation

Moving forward with your enterprise application portfolio

Free Download

AI for customer service

Discover the industry-leading AI platform that customers and employees want to use

Free Download

Recommended

Tory party delays leadership selection over hacking fears
hacking

Tory party delays leadership selection over hacking fears

3 Aug 2022
UK government puts Online Safety Bill 'on ice'
Policy & legislation

UK government puts Online Safety Bill 'on ice'

14 Jul 2022
Oracle to build sovereign cloud regions in the EU for 2023
data governance

Oracle to build sovereign cloud regions in the EU for 2023

12 Jul 2022
Online Safety Bill: Messaging apps 'forced to scan messages' for child abuse content in fresh amendment
Policy & legislation

Online Safety Bill: Messaging apps 'forced to scan messages' for child abuse content in fresh amendment

6 Jul 2022

Most Popular

Apple patches 'superpower' zero-days affecting iPhones, iPads, and Macs
zero-day exploit

Apple patches 'superpower' zero-days affecting iPhones, iPads, and Macs

18 Aug 2022
Why convenience is the biggest threat to your security
Sponsored

Why convenience is the biggest threat to your security

8 Aug 2022
Google is now spending a staggering amount on blockchain
Business strategy

Google is now spending a staggering amount on blockchain

17 Aug 2022