The Home Office has admitted that the security of its ID and passport service database has been compromised several times, but denied that remote hackers were responsible.
In a response to a parliamentary question at the end of last week, the Home Office said it had had five security breaches in five years, mostly caused by civil service staff.
"The security breaches didn’t involve people hacking into the systems," a Home Office spokesperson told ZDNet UK on Thursday.
Four of the five incidents involved members of staff accessing the ID and Passport databases for unauthorised purposes. Three used their systems access privileges to conduct checks that were "not connected to their duties", according to an ID and Passport service spokesman, while in the other breach the staff member "misused data he was entitled to access".
In each of the cases "disciplinary action resulting in dismissal was undertaken", with one staff member "resigning before the proceedings came to an end" said the spokesman.
The fifth security breach occurred in a prison service legacy system, where a "technical failure" caused the system to crash. The system has since been replaced, according to the Home Office.
The ID and Passport Service (IPS) denied that this did not bode well for the ID card project, which will involve a massive database of personal and biometric data. Experts have raised questions about how secure a National Identity database linked to the Government's ID card scheme could be.
"The IPS takes the protection of systems and data very seriously. A range of protection and procedures are in place to prevent the misuse or abuse of official systems, and to detect it where it does occur. IPS is committed to investigating any such misuse or abuse, and will deal with it in the strongest manner," said the spokesman.
However, the IPS admitted that the security breaches had still occurred, even with the protection systems in place.
"At the end of the day it's an issue of trust," said the spokesman. "People are security vetted, but trust can be breached. Anyone identified as breaching the system will be treated severely."
Many security experts have cast doubts over how secure an ID card system and database could be, while senior civil servants appeared in July to be concerned about the viability of the scheme.
The Liberal Democrats warned in May that organised criminals will try and crack the identity cards database. Last year it was revealed that the identities of 13,000 civil servants had been stolen and used by criminals to make fake tax credit claims.
Liberal Democrat home affairs spokesman, Nick Clegg, said then that the theft was a "terrible omen" for the forthcoming ID cards scheme.
Clegg said that if organised criminals are capable of infiltrating the Department for Work and Pensions (DWP), "it is clear they will target the identity cards database, where the stakes are even higher".
Talkback
ON past form - a couple of illegals working for the HO could rip off the id data and then be long gone leaving no clues as to their real ID
We can't even find people we know!
There is no such thing as an "acceptable" breach of security on a public services database.
Every single breach is a signal of failure at some level within the public body concerned.
As such, no excuse should be accepted and, as a result of failure, the individual(s) concerned should have mandatory dismissal and barred from public service jobs.
Where the breach was by deliberate action of an individual then, in addition to automatic dismissal, there should be imposed a significant mandatory prison term, not only as punishment but as a deterrent.
Public databases must be sacrosanct.