Call: +44 (0)1904 557620 Call

Pete Finnigan's Oracle Security Weblog

This is the weblog for Pete Finnigan. Pete works in the area of Oracle security and he specialises in auditing Oracle databases for security issues. This weblog is aimed squarely at those interested in the security of their Oracle databases.

[Previous entry: "Would you like a job in Oracle security - Limited is hiring"] [Next entry: "Eight ways to hack Oracle"]

Personal details for 25 Million people go missing in the UK

To say i was shocked is an understatement. I was completely gob-smacked that a UK government agency can spend (presumably) millions of our IT pounds storing and using our personal data and then proceed to take it out of its secure IT centers and take it away from the application protections, audit trails and procedures and put the data onto CD's (All of our personal data) and post it to the National Audit Office. To say its the fault of a junior member of staff may be true in literal sense but presumably someone asked him to send this data to the NAO? - he would not have just decided to do it all on his own. Also why is a junior member of staff allowed to access all of the data and why is he allowed to download it from the HMRC systems and put it onto CD's?. The fact that this was done and seems to be a planned action points at support people who have high levels of access.

The BBC has a nice timeline of events in a page - Lost CD's - Sequence of events and also a write up of the events in a story Brown apologises for records loss".

I personally am angry as my children get child benefit along with almost all other children in the UK, now my details that i entrusted to the government are floating around an office, post office or who knows where waiting for someone to get at them.

The timeline above is amazing. It states that the first set of two disks with password protected records - (what is used? - MS Excel Password, Winzip, what?) went missing and when they package failed to arrive they sent a second one. This is in addition to the record that a juior official (doesnt say if its the same one?) sent a full copy of HMRC child benefit data to the NAO, it goes on to say that that data is returned. Does this mean the CD's were posted back? - if so how do we know that the data was wiped from everywhere it was written to at the NAO?

To download all of this data once and write it to CD's is bad, but to do it again and again is crazy. How does a junior official get access to a system to download all the personal details and to then write them to CD in the fisrt place?

The moral of this story? - database security is complex, its complicated to design, implement, to harden existing systems and more but the data has no security at all if you take it from the databases and away from the RBAC, the audit trails, the procedures and write it to CD or disc or any other medium. it bypasses the security completely.

I have to ask another question. If this action had not gone wrong and the CD's had arrived, presumably someone in the NAO, loaded the data onto other systems, who controls the CD's, where would they be kept, would they be destroyed, what about the data on the NAO analysts machines, how is that protected - MS Excel password?, how long is it kept, how is it destroyed?

There are so many questions, this is why database security is so important, our personal details, NINO, bank accounts, names, childrens names and more? should be held in secure databases and audited, protected with strong RBAC, accessed by authenticated and authorised users only and much more, my data and that of every other parent in the UK should not be taken from the secure database and applications and sent to anyone on a CD. There is no security whatsoever on a CD that is password protected.

As i said - Gob-smacked!!!

There has been 4 Comments posted on this article

November 21st, 2007 at 07:05 pm

Pete Finnigan says:

A quick note of my thoughts on this scandal. I find it amazing that such a thing could happen, but equally amazing is the short-sightedness the public and media can be regarding the use of such data.

All people are discussing is fraud. The use of the data to extract money from peoples accounts.

There are other sinister uses that no-one seems to have covered. Any UK citizen who receives child benefit is listed on these discs. In the wrong hands a criminal organisation can scan through the files looking for affluent names, Stars, Bankers or any other wealthy persons, with the view to kidnapping their children for ransom etc. (use your imagination on this one)

Another not so sinister use could be large corporations, advertising companies and the like. Just by feeding all the addresses into a computer program, this could map out density of families living in neighbourhood. With the addresses you have a mailing list that targets the required

The home office loves databases, and my guess is these databases are kept to a standard form. Therefore if there are any other 'missing' databases out there, I'm sure they could be easily cross referenced allowing an even more broader database of info.

Be afriad. I am. laugh out loud

November 22nd, 2007 at 12:03 pm

Pete Finnigan says:

The two previous comments both clearly demonstrate why we should be concerned and alarmed. I feel powerless in this situation, my family details potentially availabe for all to see and I wonder how we might begin to address this situation. We need to be able to send a clear message 'on mass' that demands action and lets government understand that they will be held accountable.

November 23rd, 2007 at 08:30 am

Pete Finnigan says:

One of the real challenges now, is that for a whole generation of children, pseudo-private details like date of birth and mother's surname (and according to some reports mother maiden name) now have to be assumed to be firmly in the public domain (even if the CD are found - were they copied etc).

As such, these details cannot be use AT ALL by banks etc as part of identity validation - so this will lead to the need to make major changes to the way identity validation takes place.

The government will of course argue identity cards are the way to solve that - taking us full circle - how can we possibly secure the national identity register when wide ranging government access will be deemed to be needed.

November 25th, 2007 at 07:30 pm

Pete Finnigan says:

Thanks everyone for the comments. The problem seems to be getting bigger from the news reports on news24, they are now talking about a further 6 CD's going missing although its unclear what they are. The news reporters seem to suggest that at least one of them is voice recordings sent from HMRC in Preston on October 10th.

Thanks for your views Colin, you make a really good point and a very far reaching issue. Does this mean that all people with children need to now contact their bank and set up new security details and also going forwards now for at least one more generation.

This is a major problem and more far reaching issues are likely to come out of the woodwork. How can the suggestion of any new system be made to help resolve this? - ID cards.

Also for me, its a problem of lack of awareness of data security. Niall made a good point in his blog that he felt the issue was made / caused by auditors being feared by organisations and the first reaction by organisations was always to do what the auditors want or ask for. Doesn't this make you wonder how much of our personal details are traversing the country on CD's or similar insecure media??