British tax site goes dark after data security breach
USB thumb drive with passwords turns up in pub parking lot, prompting government site to shut down to protect sensitive data of 12 million English citizens.
Security breaches happen all the time. But a recent incident in England is particularly worrisome and illustrates the risks of storing sensitive data on USB thumb drives which can easily slip out of a pocket or briefcase.
The British Department for Work and Pensions shut down a consumer Web site after a flash drive containing confidential passwords and source code was found in the parking lot of a pub two weeks ago, according to the Daily Mail.
The Government Gateway site, which about 12 million citizens use to file tax returns and pay parking tickets, contains addresses, salaries, National Insurance numbers, and credit card information.
The drive was lost by a 29-year-old IT analyst at Atos Origin, which has a contract to manage the Web site for the British government, according to the report.
"Not only would a fraudster be able to take personal details using the tools provided on the lost memory stick, but the extent of the information contained in the source code would allow a hacker to access the Government Gateway's payment systems and even divert tax money into private bank accounts," Jacques Erasmus of Internet protection firm Prevx told the paper.
The data was password protected but it would be "relatively easy" to crack, he said.