More firms 'admit disc failings'

http://news.bbc.co.uk/go/rss/-/1/hi/uk_politics/7127951.stm

Version 0 of 1.

Several firms have admitted security failings in the wake of the loss of two discs containing 25 million people's details, MPs have been told.

Information Commissioner Richard Thomas told the Commons justice committee that public and private sector bodies had come forward "on a confessional basis".

He said they were not on the scale of the HM Revenue and Customs mistake, but more would "come out in the wash".

Police are searching for the two discs, which apparently got lost in the post.

The two unencrypted discs, containing the entire child benefit database, were posted from HMRC offices in Tyne and Wear in October, but never turned up at their destination - the National Audit Office.

Bank details

The prime minister and chancellor have apologised and an inquiry is under way, alongside a police investigation.

Millions of families have been told to be on the alert for fraudulent use of their details, which include children's names, addresses, dates of birth and National Insurance and bank details.

It was a really shocking example of loss of security Richard ThomasInformation Commissioner

Mr Thomas told the justice committee that, since October, "quite a number of organisations, both public and private sector, have come to us saying that they think they have found a problem... almost on a confessional basis, bringing to our attention problems they have encountered with security in their own organisations.

"None appear to be on anything like the same scale as that involving HMRC, but I think there is certainly more to come out in the wash as we move forward."

Chancellor Alistair Darling has said a junior official was responsible for sending the discs by post - in breach of HMRC security rules.

But Mr Thomas told MPs: "I would question whether anybody should be allowed to download an entire database of this scale without going through the most rigorous pre-authorisation checks."

He said software should be in place to stop entire databases being downloaded, adding of the missing discs: "It was a really shocking example of loss of security."

He also said he continued to have "anxieties" about the impending introduction of ID cards, particularly if information would be uploaded onto central databases, whenever cards are used.

18 October - Junior official from HMRC in Washington, Tyne and Wear, sends two CDs containing password-protected records to audit office in London through courier TNT, neither recorded nor registered 24 October - When package fails to arrive, second one is sent by registered post and arrives safely3 November - Senior managers are told first package has been lost10 November - Prime minister and other ministers are informed12 November - HMRC tell ministers CDs will probably be found 14 November - When HMRC searches fail, Metropolitan Police are called in 15 November- Richard Thomas, Information Commissioner, says remedial action must be taken before public is informed 20 November - HMRC Chairman Paul Gray resigns; Chancellor Alistair Darling makes announcement to House of Commons21 November - Prime Minister Gordon Brown apologises and orders security checks <a class="" href="/1/hi/uk_politics/7104368.stm">Timeline in detail</a>