Category Archives: ID Theft

Banks lose information on 1m customers

It seems that these stories are starting to crop up with alarming regularity, if it’s not the Government that is losing this information it is someone else, this time it is the banks.

Personal data of 1m bank customers found on eBay | Mail Online

Personal details of more than a million bank customers have been found on a computer sold on eBay.

This isn’t the first time that the banks have been exposed as being lackadaisical with our information. BBC TVs Watchdog programme has show time and again that the banks simply dump credit cards, bank statements, loan applications, and other sensitive information, out with the rubbish for anyone to go through.

This sort of negligence really needs to be a serious offence, so that companies are forced to do something, rather than asked albeit using stern words, to please be careful.

The banks are taking a tougher line with identity theft, shifting the blame onto customers for ‘clicking links in emails‘ or having ‘unsecure computers‘, and trying to make customers prove that they have been a victim. When clearly their own procedures are lax.

Tom Milksop – Chairman RBS

I am a customer of one of these banks, and as one of the two computers (that we know about – they are not obliged to tell us) hasn’t yet been found I could become a victim of fraud. I will now be scrutinising all my bank account and credits cards all the more, just in case. And should I be a victim I am going to have spend time and money proving it and trying to get my money back.

If people were able to sue the banks for this kind of data loss, it would quickly become a thing of the past. Instead we have an Information Commissioner who, on very rare occasions, will fine a company for a serious data breach.

Last year the Financial Services Authority fined Nationwide £980,000 after it lost a laptop containing customer information.

For companies that make upwards of £6 billion a year from British customers, £1 million is a drop in the ocean and hardly likely to make them spend money on decent security procedures and training. But if 1m customers could sue for negligence….

I am sure that would make all the banks buck up their ideas.

‘Reckless’ ministers lose 3,200 laptops and mobile phones from Whitehall | Mail Online

More than 3,200 laptops and mobile phones containing sensitive information have been lost or stolen from Government departments, it was revealed on Monday.

Shame the same thing couldn’t be done to the Government too.

Jacqui Smith Just Can’t Cope

Jacqui Smith under fire as Home Office data-loss firm will be kept on… and they’ll be handling ID cards too | Mail Online

Jacqui Smith was under fire for failing to sack the private contractor which lost personal data on thousands of criminals.

I am sure there is a perfectly reasonable explanation for this, such as them offering her a place on their board.

I have never been averse to women in politics, in fact I quite liked Maggie Thatcher, but the current crop of women in the Government is making me change my opinion.

There is Hazel Blears, who is so stupid that she thinks computer security just means putting a password on her Windows account, Harriet ‘Danger’ Harman who feels the need to walk around her own constituency wearing a stab vest and protected by several police officers. And now we have Oxford educated Jacqui Smith, who believes that personal data is irrelevant unless it refers to her.

When MPs lost their right to fight Freedom of Information Act disclosures regarding their expenses, a change in the law was proposed to stop the public from finding out about the internal workings of Parliament or any letters between MPs or government departments. Initially Smith didn’t vote but she later voted for exempting MPs from the Freedom of Information Act and also against auditing or making public MPs expenses, such as claims on homes and furniture, in fact she voted to reject virtually all the recommendations made by a committee appointed to review expenses and the transparency of Parliament.

In almost every instance citing privacy and security concerns.

Jacqui Smith visits the shops, just like a normal person.

Clearly she is not so stringent with the information of others. The company responsible for this latest loss, bearing in mind her department was responsible for the loss of the data of 25m people last year, hasn’t even been punished for their glaring breach. Why would she want to? Any kind of monetary punishment would probably have to come out of her backhanders.

Would she have been so uncaring had the information been personal information on a different group, say MPs? Of course not, but then that is not likely to happen, after all that kind of information would be kept securely somewhere.

Fortunately this time the information lost was on criminals, so I find it difficult to care, but this company is also responsible for the forthcoming ID cards, which I do care about.

Liberal Democrat Nick Clegg summed it up:

‘Charlie Chaplin could do a better job running the Home Office than this Labour government.’

PA Consulting, for some reason has an offender management contract, whatever that is. It seems that today Government privatises almost every aspect of governing the country, so someone can make millions.

“The firm, based in London, has been paid £95,577,902 by the Home Office alone in just three years.”

A shocking figure, surely with that much money they could afford simple encrytption software? They also have responsibility for the Criminal Records Bureau checks, which are plagued with delays and incorrect information, as well as the probation service, which is utterly useless at present.

The irony is they are being paid millions, most likely billions to develop the government’s hi-tech and state of the art biometric technology which is meant to be foolproof yet they can’t even encrypt their own memory sticks.

More ‘secret’ data made public

Anyone that uses a computer today is well aware of the need for security. Any sensible person has anti-virus software, a firewall and most likely anti-spyware to protect their information and identity.

Security experts recommend that those that use any form of portable device, such as laptops, memory sticks and external hard drives should use encryption software to protect sensitive information as any sort of personal information can be used by criminals to steal identities. So why on earth was a deputy chief constable carrying a laptop around with him without any kind of encryption?

Police sources say Mr Beckley, a former member of the terrorism committee of the Association of Chief Police Officers, had insisted on using his own computer when he joined the force last year.

As a result, none of the information accessible from the machine – which includes anti-terror details, private information about individual officers, and details of criminal investigations, suspects and undercover operations – is encrypted.

It is about time this sort of thing was made an offence. It is one thing to be cavalier with your own information but another thing entirely when it is sensitive information about others or national security. This man should be prosecuted, if people are prosecuted for other, trivial offences, then this man too should feel the full extent of the law.

The halfwits that allowed him to use his own laptop should also face some sort of reprimand, as it appears they seem to think that encrypted, police supplied laptops are a perk of the job, and not a necessity.

Apart from the obvious problem of not knowing what he is doing on the laptop, as a taxpayer I do not want to be paying a police officer to supplement his downloaded music collection, browse his family photos or look at child porn (he wouldn’t be the first, or even the second or third), there is also the question of what he uses it for at home. If he visits disreputable websites, such as piracy or porn websites, chat rooms or other sites, he could pick up viruses and so on that give others access to the sensitive information on the laptop.

How well protected was his personal laptop. Did he have up to date anti-virus software? Did he have a firewall? Anti-spyware products? I am sure that neither the police force nor the public will have any idea whether he was taking the necessary steps to secure the information on his laptop.

This brings me to another important point, if it was decided, by someone, somewhere, that he could use his own personal laptop, why on earth wasn’t his laptop checked over to make sure that it was up to scratch and secure, and why wasn’t some sort of encryption software added as a matter of course?

Encryption, or at least good encryption, is nigh on impossible to crack and it would have made it almost a certainty that the thief got themselves a nice laptop, but nothing else. Yet the officer and the police force just didn’t bother. This is of course after two discs containing child benefit information on 25 million people went missing, again it wouldn’t have been much of a problem had it been encrypted, but it wasn’t. The cost of encryption, virtually nothing. The value of the data to criminals, about £1.5 billion.

This was then followed by information on drivers being lost by the DVLA, again it was unencrypted.

We were then treated to the usual round of ministers and MPs saying things like, “Lessons have been learned,” “Full enquiry,” and “Review procedures.” Nothing changed however as within weeks an MoD laptop went missing containing the full personal details of 600,000 people. Even the MoD don’t bother encrypting data as standard procedure.

Now we are clear that the police have also taken sod all measures to ensure that their data is protected, and we now have the message loud and clear that the government, the MoD and the police couldn’t give a toss about our data.

The only good news was the recent attempt to get legislation through to punish people for their negligence, naturally the ministers were all over the place trying to cover their arses.

“Ministers argued it was “premature” as inquiries were under way into breaches such as the loss of 25m people’s data.”

In other words they had yet to find a low level civil servant willing to carry the can. This legislation needs bringing in as soon as possible, perhaps the threat of prison will make these idiots pull their finger out and treat the information of the public in the way that the public expects it to be treated.

Mr. X

You would have thought that if any organisation were to be tough on protecting information it would be the MoD, but no!

BBC News | Police probe theft of MoD laptop

West Midlands police are investigating the theft of a laptop from a Royal Navy officer which held the personal details of 600,000 people.

Why is it that these days people seem to be taking the piss with what is quite frankly better than hard cash to many criminals, our personal information? Fortunately I have not recently, or ever, applied for a post in the Royal Navy, I’m not gay. But I feel sorry for the 600,000 people who have and whose details are now more than likely in the hands of some Russian gang.

Just like the HMRC discs and other stuff recently there are those, even I suspect within the organisation that lost the information, that shrug their shoulders and say that the information is harmless, and that nothing will ever come of it and even if it does, they are protected.

That kind of information, or really any information about a person, is not harmless anymore. With many people owning a plethora of store cards and credit cards, we are easy targets for criminals as it is. This is the age of remote shopping and banking, it has in fact never been easier to be a thief. The simple sort code and account number is more than enough for a scam company or bunch of criminals to set up a Direct Debit and take money out of your account. Just ask Jeremy Clarkson.

But there are bigger prizes than emptying someone’s bank account as most people tend to notice that kind of thing. Why steal a few hundred pounds from someone when you could steal thousands upon thousands?

With the kind of information on the HMRC discs and the MoD laptop it is possible to apply for several credit cards, loans perhaps even mortgages in someone else’s name. The criminal gets to spend the money, the victim gets the debt collectors on their backs and has to prove that it wasn’t them spending it.

Of course at the moment everyone is protected, the banks will cover any losses for you, for now. Slowly though, the banks are getting tougher on this. They see it as a customer problem and are slowly changing their Terms and Conditions to make sure that the customer is responsible.

At the moment the banks will take you on your word that you have been scammed or your information stolen, once. Twice and they’ll think you have been too free with your information and may or may not cover your losses, they’ll definitely want you to prove that you’re the victim. Three times and well, you’re on your own!

Clarkson said:

“The bank cannot find out who did this because of the Data Protection Act and they cannot stop it from happening again.”

Banks won’t cover you if you have given your bank details to someone and the onus is on you to prove that you haven’t.

This is the real problem with ID theft, the banks blame the customers for ‘falling for scams’ when in all likelihood the information that was used came from elsewhere, probably the bank itself. Sometimes it is years before the identities are used or the frauds are uncovered and all the time everyone is giving out more and more information. You have to supply the Inland Revenue with information, you have to provide full information when applying for a job and all the time this information is going missing. Government agencies come clean, but how many businesses do you think admit that they have lost data or been hacked? They aren’t obliged to by law.

You may think that you are quite careful with your personal information but if it isn’t HMRC losing your information, or the DVLA or even companies that you applied to work for, what about those companies that sell your information on? That’s right, everytime you pass on information to a company, be it an online retailer, newsletter or club, they can then sell it to whoever they please. And they do, as it is worth a lot of money.

Add to that the fact that the Electoral Roll is freely available and you soon realise that protecting your identity is like fighting a losing battle. It isn’t a matter of if your information will end up in the wrong hands, but when.