Her Majesty's Revenue & Customs has admitted losing the personal details of over 6,500 people claiming pensions.
The details were lost at an office of HM Revenue & Customs in Cardiff after a data cartridge went missing in September, an HMRC spokesperson said on Tuesday. The cartridge had been sent to the Cardiff office by Countrywide Assured, a life assurance and pensions company.
Details on the cartridge included names, addresses, national insurance numbers and pension contributions, according to Graham Kettleborough, chief executive officer of Chesnara, the parent company of Countrywide Assured.
The cartridge was signed for when it reached the office but was subsequently mislaid, said the HMRC spokesperson. However, the spokesperson insisted that, because the information on the data cartridge can only be accessed by a mainframe computer, the risk to the individuals involved is "very low".
Kettleborough said that, in regard to personal pension policies, Countrywide Assured made submissions to HMRC "to make the correct tax additions to policies and [to get] the right numbers for the right people".
The breach was outlined by HMRC's director general, Dave Hartnett, to the Treasury select committee last week.
Compromised personal details have in the past been sold to fraudsters for the purposes of identity theft and other criminal activities.
Chesnara said it had sent a letter to those affected, and that the letter had been partly an explanation of what had happened and partly an apology.
Read this
Feature: Cracking open the cybercrime economy
Hacking for fun has evolved into hacking for profit, and created a business model that is nearly as sophisticated as that of legal software
HMRC said in a statement on Tuesday: "We are taking this loss extremely seriously and have done everything possible to locate the data cartridge. We would like to apologise to all those affected."
The breach is the latest in a series of incidents, seven of which have affected HMRC this year.
In November, HMRC admitted to losing the details, including bank account information, of 25 million people claiming and receiving child benefits, while, earlier this week, the Driving Standards Agency admitted to compromising the personal details of three million learner drivers.
Talkback
How many times do we have to hear of some Government department or agency losing track of our private data, then listen to them bleating and ringing their hands about how this never happens and that it won't happen again .. honest. How often does this have to happen before the public wake up and realise that HMG are the very last people we should be trusting to set up the biggest database of personal data (note: OUR private data) that has ever existed. The National Identity Register, database behind the ID card project, breaks records for the first and the biggest on a number of fronts.
Trust us; we're the government. Yeah right.
While such thoughts are certainly to be vehemently rejected by the civil service, I think it is time that Data Protection law made it an individuals responsibility whenever a data loss occurred.
If it is made mandatory that data (discs, cartridges, dongles, etc) is receipted at EVERY stage of its journey and logged in at destination, then it will be a simple matter to apportion blame and initiate prosecution.
Individual civil servants must accept responsibility.
While I whole heartedly agree, I'm afraid I laughed like a drain when I read this. You and I both know that that is utterly and completely counter-cultural for the Civil Services. It could never be implemented.