How secure is our data?

Last Modified: 21 Nov 2007
By: Andy Davies, Benjamin Cohen

HMRC have mislaid personal data previously - so just how safe is it? And what can consumers do to protect their identities?

This latest data fiasco is not the first time that people's personal details have been compromised.

Earlier this month, Revenue and Customs mislaid another CD containing the details of thousands of Standard Life policyholders, putting them at risk of identity fraud.

In October, a laptop computer holding sensitive information was stolen from the boot of a car belonging to a Revenue and Customs employee. So just how secure is the personal data the government holds? Our report explores.

Consumer queries

Although there is currently no evidence that sensitive data has ended up in the hands of criminals, that doesn't mean millions of child benefit recipients shouldn't take precautions.

The details on the CDs, which include bank account numbers, were not encrypted and could be used to commit identity fraud.

In the report, our technology correspondent Benjamin Cohen explains what people should do.

"This data breach means that the information about approximately half the country is essentially lost, it's sitting somewhere on discs and nobody knows where it is. We haven't seen anything on that scale anywhere in the world."
Tom Ilube, online security expert

Effects of data loss

Revenue and Customs allowed an entire database to be viewed and copied without any form of encryption. Confidential financial and personal details about every family in Britain, lost in the mail.

In the wrong hands, the information could be used to apply for loans, credit or store cards and mobile phone accounts.

Even if the two missing discs are found, there remains a major risk of fraud because, when we spoke to Revenue & Customs they wouldn't guarantee their security hasn't been breached before.

Identity theft is now officially the biggest growing crime in the UK. So far, there's no evidence of fraud.

What you can do

How do we protect ourselves?

1. Check bank statements

2. Change your password and pin

3. Look out for bills or letters

First of all, you should check your bank statements for any irregular activity.

If you bank online, don't use your child's name or date of birth as a password or pin number.

Look out for any bills for items you haven't bought or letters regarding credit applications you know nothing about.

Sandra Quinn of APACS, the UK's payment commission, says, "The clear message for customers is that banks are aware of this problem. You don't need to close your account. You don't even need to contact your bank or building society.

"What you do need to do is continue to check your statements as we all should be doing normally. But the clear thing to remember is that this information alone isn't enough for an ID fraudster to get into your account and take money out of it."

Staying alert

So the advice is you don't need to close your account, but you should contact your bank immediately if you spot anything suspicious. The Government has promised that if anyone does suffer fraud they'll be compensated.

There's one final irony - someone's already making money out of this debacle. Revenue and Customs claim it's not them, but if you call the Child Benefit Helpline (0845 302 1444) they have set up, it will cost up to 30p a minute.

And they're refusing to issue anyone with new national insurance numbers. But lawyers are already warning that the Data Protection Act does allow anyone effected to sue the department and the Chancellor, Alistair Darling.