DWP confirms ID data breaches
The system that holds data key to the ID cards programme has been breached by staff in over 30 local authorities, the government department has admitted.
Staff in over 30 local authorities have been the subject of serious ID card database security breaches over the last two and a half years, it has emerged.
The incidents were revealed in January, when the Department of Work and Pensions (DWP) issued an information bulletin to the authorities restating its access policy and penalties in light of the breaches.
Yesterday, the DWP confirmed it had sent the bulletin and that it was related to how it had detected staff accessing its Customer Information System (CIS) with "view-only" rights to its data on all UK citizens with a national insurance number.
These instances had no business justification and were detected from August 2006 onwards, in councils across the UK, including three at Sefton Council and two at Glasgow City Council.
The DWP press office issued a statement that said the fact the breaches were detected proved that CIS security measures were working.
"The bulletin included a reminder for local authority staff of the penalties for inappropriate accessing of customer information," it stated. "This is an indication of how seriously the department and local authorities take data security."
The penalties for unauthorised CIS access, such as viewing personal records or those of others they may know, include possible disciplinary action or prosecution.
Mark Evans, marketing and communications director at IT security specialist Imerja, said the incidents proved there is a real need for staff in every organisation to be better educated about IT security policies.
"The problem remains that, even with restricted access, there are still people who struggle to understand the importance of IT security and will write their login details on Post-It' notes for anyone to see," he said.
"What we don't know in this case is whether any of the detected breaches were malicious or if they were simply people misusing the database by taking shortcuts or even using it as a contacts directory. People don't realise how easy it is to breach IT security protocol."
How virtual desktop infrastructure enables digital transformation
Challenges and benefits of VDIFree download
The Okta digital trust index
Exploring the human edge of trustFree download
Optimising workload placement in your hybrid cloud
Deliver increased IT agility with the cloudFree Download
Modernise endpoint protection and leave your legacy challenges behind
The risk of keeping your legacy endpoint security toolsDownload now