U.K. government loses pensioner data

By Tom Espiner
Special to CNET News.com Published: December 19, 2007 7:51 AM PST

Tools

Related Stories: U.K. government loses data on driving-test candidates
December 18, 2007; A call for rational discourse on identity theft
December 6, 2007; The new battleground in cybercrime
November 30, 2007; U.K. government reveals its 'biggest privacy disaster'
November 21, 2007
Related Blogs: My information, my story, my life
parent . thesis
November 26, 2007

Her Majesty's Revenue & Customs, the U.K. government department responsible for collecting taxes and other services, has admitted losing the personal details of more than 6,500 people who file pension claims.

The details were lost at an office of HMRC in Cardiff, the capital and largest city in Wales, after a data cartridge went missing in September, an HMRC spokesperson said on Tuesday. The cartridge had been sent to the Cardiff office by Countrywide Assured, a life insurance and pensions company.

Details on the cartridge included names, addresses, national insurance numbers, and pension contributions, according to Graham Kettleborough, chief executive officer of Chesnara, the parent company of Countrywide Assured.

The cartridge was signed for when it reached the office but was subsequently misplaced, said the HMRC spokesperson. However, the spokesperson insisted that, because the information on the data cartridge can be accessed only by a mainframe computer, the risk to the individuals involved is "very low."

Kettleborough said that, in regard to personal pension policies, Countrywide Assured made submissions to HMRC "to make the correct tax additions to policies and (to get) the right numbers for the right people."

The breach was outlined by HMRC's director general, Dave Hartnett, to the Treasury select committee last week.

Compromised personal details have in the past been sold to fraudsters for the purposes of identity theft and other criminal activities.

Chesnara said it had sent a letter to those affected, and that the letter had been partly an explanation of what had happened and partly an apology.

HMRC said in a statement on Tuesday: "We are taking this loss extremely seriously and have done everything possible to locate the data cartridge. We would like to apologize to all those affected."

The breach is the latest in a series of incidents, seven of which have affected HMRC this year.

In November, HMRC admitted to losing the details, including bank account information, of 25 million people claiming and receiving child benefits, while, earlier this week, the Driving Standards Agency admitted to compromising the personal details of 3 million driver's test candidates.

Tom Espiner of ZDNet UK reported from London.

More from News.com on this story's topics: Identity theft
RSS feed; Government
Create an email alert | RSS feed; Security
Create an email alert | RSS feed

See more CNET content tagged:
spokesperson, cartridge, tax, office

Add a Comment (Log in or register) 2 comments (Page 1 of 1)

Three Sttrikes and you are out?
by hawkeyeaz1 December 19, 2007 11:05 AM PST: n/t; Reply to this comment

I cannot believe the following statement:
by wbenton December 24, 2007 7:38 PM PST: >>>the data cartridge can be accessed only by a mainframe computer<<< Remove the plastic cartridge and read the magnetic tape via a special reader. Convert the EBCDIC coded information into ISO or UTF format and anybody can see it. Many major universities and corporations have mainframes. FWIW; Reply to this comment