DWP confirms ID data breaches

The system that holds data key to the ID cards programme has been breached by staff in over 30 local authorities, the government department has admitted.

Staff in over 30 local authorities have been the subject of serious ID card database security breaches over the last two and a half years, it has emerged.

The incidents were revealed in January, when the Department of Work and Pensions (DWP) issued an information bulletin to the authorities restating its access policy and penalties in light of the breaches.

Yesterday, the DWP confirmed it had sent the bulletin and that it was related to how it had detected staff accessing its Customer Information System (CIS) with "view-only" rights to its data on all UK citizens with a national insurance number.

These instances had no business justification and were detected from August 2006 onwards, in councils across the UK, including three at Sefton Council and two at Glasgow City Council.

The DWP press office issued a statement that said the fact the breaches were detected proved that CIS security measures were working.

"The bulletin included a reminder for local authority staff of the penalties for inappropriate accessing of customer information," it stated. "This is an indication of how seriously the department and local authorities take data security."

The penalties for unauthorised CIS access, such as viewing personal records or those of others they may know, include possible disciplinary action or prosecution.

Mark Evans, marketing and communications director at IT security specialist Imerja, said the incidents proved there is a real need for staff in every organisation to be better educated about IT security policies.

"The problem remains that, even with restricted access, there are still people who struggle to understand the importance of IT security and will write their login details on Post-It' notes for anyone to see," he said.

"What we don't know in this case is whether any of the detected breaches were malicious or if they were simply people misusing the database by taking shortcuts or even using it as a contacts directory. People don't realise how easy it is to breach IT security protocol."

Featured Resources

How virtual desktop infrastructure enables digital transformation

Challenges and benefits of VDI

Free download

The Okta digital trust index

Exploring the human edge of trust

Free download

Optimising workload placement in your hybrid cloud

Deliver increased IT agility with the cloud

Free Download

Modernise endpoint protection and leave your legacy challenges behind

The risk of keeping your legacy endpoint security tools

Download now

Recommended

UK and US agree deeper data-sharing partnership
Policy & legislation

UK and US agree deeper data-sharing partnership

9 Dec 2021
Industry "delighted" with UK's 'landmark' anti-bias AI standard
artificial intelligence (AI)

Industry "delighted" with UK's 'landmark' anti-bias AI standard

30 Nov 2021
Practicality of UK government’s cyber bill criticised by industry experts
Policy & legislation

Practicality of UK government’s cyber bill criticised by industry experts

26 Nov 2021
NCSC: COVID-19 vaccines were prime target for hackers in 2021
National Cyber Security Centre (NCSC)

NCSC: COVID-19 vaccines were prime target for hackers in 2021

17 Nov 2021

Most Popular

How to move Microsoft's Windows 11 from a hard drive to an SSD
Microsoft Windows

How to move Microsoft's Windows 11 from a hard drive to an SSD

4 Jan 2022
Synology DiskStation DS2422+ review: A cube of great capacity
network attached storage (NAS)

Synology DiskStation DS2422+ review: A cube of great capacity

10 Jan 2022
Microsoft Exchange servers break thanks to 'Y2K22' bug
email delivery

Microsoft Exchange servers break thanks to 'Y2K22' bug

4 Jan 2022