Yesterday the UK Government admitted that it has lost two computer discs containing personal information about almost half of the UK population. This is Britain’s worst ever data protection breach, and around 25 million people are now wondering if their identities are safe and what they should do. I’m wondering how that much data could be entrusted to a junior member of staff who doesn’t know the difference between standard and recorded delivery. I’m also wondering what sort of crazy discs they used to cram that much data on – presumably HD-HDV or Blu-Ray…
But, sorry, let’s get back to the story. The simple advice, for now, is "don’t panic". There is no evidence, we’re told, that the discs have fallen into the wrong hands or are being used by identity fraudsters. Of course, this advice could quickly change if widespread security attacks are reported, so stay tuned to the media for updates.
Even armed with these discs there’s still a lot of work for fraudsters to do before they could make financial gain from these data. While the discs contained names, addresses, dates of birth, child benefit numbers, National Insurance numbers and banking details, these alone are not enough for high value identity fraud to be committed. The details could theoretically be used to secure a credit card, loan or mobile phone account, but it would be difficult to withdraw money from a bank account without additional details like your password or debit card PIN.
One tactic often used by identity fraud criminals is simply to phone their intended victim and ask for the missing details. Armed with your bank account details and a little charm, it’s surprisingly easy for criminals to convince some people that they are calling from their bank. Don’t make it easy for these con men to do their work. Never give any details to anyone you don’t know. As the GetSafeOnline.org web site says "if you wouldn’t give details to a stranger in the street, don’t put them online." The same advice stands when a stranger phones you up asking for information. Tell them where to go, then report the suspicious call to your bank so they can strengthen security access to your account and investigate.
The other (rather obvious) piece of advice is that if you use the same password on multiple internet sites, you’re setting yourself up to become a victim. If, for example, you’ve used your online banking password on any online shopping sites there’s a real risk that should the shopping site be compromised your bank account will also be attacked. Use different and complex passwords on each ‘high value’ site you use, and update them regularly.
For more details see the useful Q&A’s at the BBC and Sky News sites.