An investigation is underway after a memory stick with user names and passwords for a government computer system was found in a pub car park, leading to the shutting down of the website as a security precaution.
The latest embarrassing episode for the Government in a long list of data mishandling involved the Gateway website, which is used by members of the public to access dozens of services including self-assessment tax returns, pension entitlements and child benefits. It has 12 million registered users.
With critics lambasting the latest security breach, the Prime Minister intervened in the affair to say that the Department for Work and Pensions would be taking action and the company which lost the information, Atos Origin, could face changes to its five year contract worth £46m.
"It was unacceptable behaviour. I think the important thing is to prevent these kind of things happening in future," Gordon Brown said.
The Government's embarrassment was compounded by the disclosure that Work and Pensions Secretary James Purnell – whose department is responsible for Gateway – had had to apologise after leaving confidential letters relating to the case of a constituent of Labour MP Sir Gerald Kaufman, on a train in early October. The papers were returned to the DWP three days later by a passenger.
The memory stick lost in the latest incident was found in the car park of the Orbital pub in Cannock, Staffordshire, where Atos Origin is based. Atos said in a statement that it was clear that an employee had removed the memory stick from the company's premises in "direct breach" of its procedures. The statement said: "The company takes the loss of this device very seriously and we are carrying out a full investigation of the circumstances surrounding its loss and the data content of the stick. Atos Origin is working with the Government and police. The company takes full responsibility for this loss and will discipline the individual involved."
A spokeswoman for the Department for Work and Pensions said the Gateway system was shut down "for a short period as a precaution". She insisted the memory stick contained data for "only a handful" of people, and all their passwords were encrypted.
"Our absolute priority is the security of data. While there was a question mark over the data on the memory stick it was right to temporarily suspend the Gateway. We are satisfied neither the Gateway nor the public have seen their security compromised and the Gateway is online again."
Liberal Democrat MP Norman Baker said the latest loss threw fresh doubt on the Government's plans for ID cards. "An inquiry is the way forward, but it is not a substitute for the use of proper procedures," he said.
"I would have thought the basic security step would be to ensure that memory sticks with all this information on simply don't exist. Why should we trust the Government with our details for its database or ID cards.?"
Shami Chakrabarti, director of the civil rights watchdog Liberty, said her organisation had conducted an audit which showed the Government had lost 30 million items of data in the past year. "They plough on with their Big Brother ambitions, such as ID cards and scary central communications database, which are disasters waiting to happen at our expense," she said.
Loss of memory: Data disasters
*October 2008: Ministry of Defence loses disc with details of 100,000 members of Armed Forces.
*September 2008: Files on 200 patients lost by NHS Trust in Co Durham.
*August 2008: Home Office contractor loses memory stick with files on 84,000 prisoners.
*June 2008: Government official leaves top secret documents on train.
*April 2008: Army captain's laptop taken as he ate in McDonald's.
*January 2008: Details of 600,000 potential Navy recruits go missing in Birmingham.
*December 2007: Three million driving test candidates' details disappear.
*November 2007: HM Revenue & Customs loses child benefit records with details of 25 million people.
Comments