Talk About Breach Of Contract!

During an investigation with the National Audit Office (NAO), it was discovered about 25 million child benefit records were lost in the UK, 25 million, that's a lot of information. How do you lose that much data? That's a serious security breach. The information about the child benefit records belongs to the Revenue and Customs department, which was copied to two compact discs. The information includes the person's name, birth date, home address and bank information.

The British government had a meeting regarding this incident, and at first, accusations were flying and there was even a suggestion that the Chancellor was to blame and should resign. He refused, saying that he felt sorry for what happened and that he did not believe that the data had been misused. He also went on to say that the breach was catastrophic and that his confidence was not as strong.

At first, it was thought that the lost records were a result of staff cutbacks at the Revenue and Customs department, but that notion was quickly squashed by the Chancellor himself. The department also had been advised to cut corners in procedures to save money for the department by using outdated technology. If that was the case, then that should be a red flag right there. When you cut corners, the outcome will always be less than desirable. In this case, over 25 million people and over 7 million bank accounts were affected.

Then it was implied that the government was too complacent and laid back. Again, that notion got shot down, also. The Prime Minister squashed that by saying that the complacency statement was absurd. One of the members of the government went so far as to insult the Prime Minister. In addition to him saying that the government failed the British people, he said that the Prime Minister was not up to the task and that he was irresponsible. The irresponsible comment was in response to the Prime Minister's suggestion to have a national ID system and register. The same person from the government felt this idea would not fit in with the locals, especially since some of them have already experienced identity theft or similar problems.

They eventually found out who was responsible. It was a civil servant. He opted not to follow procedures for transmittal of sensitive data, including omitting encryption of it. The data was placed on a disc and sent without having it recorded. This means that the data was sent without having anyone to sign for it upon delivery. What made it so bad was that British officials didn't find out until a few weeks afterward what had happened. The Revenue and Customs department held off on informing others because they were hoping (seriously) that the information would come back to them. This way, they wouldn't be at such a loss to explain what happened. The civil servant was clearly out of order, but it wasn't mentioned whether or not he received any punishment or even termination. Unfortunately, this incident caused the chairman of the Revenue and Customs department to resign.

This is not the first time something like this has occurred with the Revenue and Customs department. Not too long before this incident, it was noted that at least 15,000 life insurance customers had their security breached. Their pension information was sent to their provider by the department through a third-party courier. As with the child benefit fiasco, the disc never got to its location and it was not encrypted. Even though the number of people affected was only a tiny sliver than that of the child benefits deal, it still raises (or at least should raise) a flag as to what's going on at the Revenue and Customs department. There should be no excuse for lack of executing sensitive information the correct way.

Can you imagine losing personal and financial information for over 25 million people? Now, because of the breach, the banks were burdened with the extra task of monitoring the accounts of all those who were affected by the fiasco. In turn, the banks and the Chancellor have also asked those affected to help themselves and go ahead and monitor their own accounts. If they notice something out of place, contact authorities and the bank immediately. It was also stated that if there was anyone who was scammed and lost funds because of this, the bank would reimburse them for the loss.

Even though there were indirect calls for him to step aside, the Chancellor stated that he will stick with this through the end until it gets resolved. He also stated that the Revenue and Customs department should not allow this to happen again. To him, this is very serious. Due to the nature of business, the Revenue and Customs department are supposed to maintain high standards when dealing with sensitive and personal information. At no time should the rules or procedures regarding this be compromised. If it is, as shown here, the trust of the people can be lost. So far, knock on wood, the government hasn't heard anyone mention that they had fraudulent activity on their account. The child benefit payments are still being processed. Of course, due to all this mess, the government has taken a hit and people are wary of them trying to take care of business. For several years now, they have been the brunt of criticism for the way they handle tax credit information and VAT fraud. VAT (Value Added Tax) fraud is when items are bought tax-free, but the importer fails to pay taxes to the government.

After these two embarrassing incidents, the Revenue and Customs department now has a procedure in place that everyone is to follow. A manager must give their approval in writing and provide adequate security for any transfer of sensitive or personal information. This is another one of the reasons the security breaches occurred because of lack of communication.

People look to the government to be accountable with their sensitive and personal information. If they can't trust them, who can they trust?