Pony Express warning follows data loss at Standard Life

The data on the CD-ROM, which was lost in transit by an external courier on behalf of HM Revenue and Customs, is believed to include names, National Insurance numbers and pension plan reference numbers. “This is more than enough information for fraudsters to steal someone’s identity,” says Calum Macleod, European managing director of Cyber-Ark, who adds that it is the second time that data has been lost in the last month from HMRC. “Last month there was the theft of an HMRC employee’s laptop, containing the personal data of around 400 people, from the boot of a car, and you would think that people would learn from their mistakes,” he says. Macleod believes this latest incident should come as a warning to all organisations, whether public or private sector, to encrypt their data, both on and off the computer system. “Sending unencrypted data via CD-ROM, even by courier, is a ridiculous risk for HMRC to have taken. It makes the IT security system that the government agency employs little more than a laughing stock. Not only that but it really is high-time that the government spent a bit of effort ensuring they set an example rather than simply pontificating to everyone else about what they should do,” he says. “HMRC has gone on record as saying that it takes the security of customer information seriously and has improved the arrangements for moving sensitive information, but that’s no good for Standard Life pensioners, many of whom will now be worried sick about what has happened.”