Sunday, 25 November 2007

HMRC: More Discs Go Missing, Is it Foul Play?

Yet more CD/DVDs have gone missing within HMRC's internal postage system, this time a batch of 6 "discs" have disappeared in transit in between Preston and London. This incident was spotted by HMRC on 30th October and apparently held customer complaint conversations, which I certainly would regards as personal information.

This is the third HMRC postage containing sensitive CDs which has gone missing within the same month, October 2007. Don't forget the CD which HMRC sent(lost) to Standard Life, which held 15,000 records, as reported on 2nd November, I can't forget that missing disc, as my personal details were on it!

So I have to ask whether there could be foul play? I can't answer that for certain as I don't work for HMRC or know all the facts, however I'm going to have a go at speculating since two of incidents involve my peronal information.

Organised criminals have been know to target large intuitions just for their data, going through external bins for info, using social engineering techniques, web hacking and even infiltrating organisation internally, there was a Scottish credit card call centre which was found to be deliberately infiltrated by a gang earlier in the year for money laundering purposes. It's too much of co-incidence for three packages containing CDs to have gone missing in the same month, I had period on Ebay where I sold loads of DVDs once, never had any packages go missing within the public postage system. It's not exactly hard to guess by the size and shape of the packaging that it holds a disc.

Interestingly if HMRC actually ships loads of CDs around their organisation all the time (which is bad) then you would have to say the stats wouldn't point to foul play at all. I do understand HMRC is a large and complex organisation, so it could be possible there are shed loads of CD/DVDs flying around HMRC, if there is, then there has to be a better and more secure methods of sharing that information.

To sum up my own conclusion on this, either HMRC sends CDs within the post unprotected as a matter of coarse OR HMRC send only a few CDs around which would indicate possible foul play, OR it's just a big co-incidence!

A lot of fraud, particularly identity theft does start in the mail system, HMRC mainly use TNT to deliver their mail between sites and organisations. In relation to the 25Million record discs, TNT are stating they don't think that missing package has even entered their mailing systems, but as it's unrecorded delivery they can't be certain, and I understand TNT are searching for it. A spokesman for HMRC recently said "All the evidence points to the fact that these discs are still on our premises," - Well if you keep searching and searching (I'm sure no stone is being left unturned) and they don't turn up, I think there is only one likely conclusion to be reached.

3 comments:

Anonymous said...

HMRC could have easily avoided this blunder by using the host of FREE encryption tools out there. I encrypt all my data before sending with Crypturn which can be downloaded from http://www.siturn.com/downloads%5Ccrypturn.exe.

Anonymous said...

3 YEARS LATER STILL NO NEWS ON THE THOUSANDS OF INTERNALY STOLEN NI NUMBERS SOME OF WHICH HAVE COST THE TAX PAYER AT LEAST 2 MILLION.

Anonymous said...

While the Civil service still insists on sending so much personal information on Families /couples /singles/through the post it has to be said this is handled by a significant number of non British people.Example London Royal mail closes down on Friday afternoon for Prayer.Point is this info is in high demand. Fact check out the nationalities by % of cases so far detected. One corrupt postal worker can obtain complete family statements down to the last detail -not just bank accounts/dobs/tel/mob/ex partners/child details/work history and much more.
The poeple in charge never lose their jobs. APPAULING SITUATION