Government slammed over data breach

Data protection leak from DWP
Data protection leak from DWP

The government has been sending out highly sensitive data in packages with the passwords necessary to access it, it has been revealed today.

The admission comes from an internal email at the Department for Work and Pensions (DWP) by one of the department's security advisers which was leaked to internet blog Dizzy Thinks.

The email reads: "I have been advised of instances where password protected data has been sent out with the password being sent separately as detailed in Security Notice 02/07.

"However, once the data and the separate password are received, staff are then forwarding the data and password on together. This defeats the purpose of the security measure entirely."

The breach comes despite renewed instructions to civil servants initiated last December, specifying how passwords should be sent out separately to the sensitive data they protect.

The new instructions followed the government's catastrophic loss of 25 million child benefit records in the post last November, which was followed the next month by the loss of the details of over three million candidates for the driver theory test.

The DWP is trying to reassure the public today. A spokeswoman said: "We take the security of individuals' data extremely seriously.

"We expect all managers to monitor the application of our security controls and remind staff as necessary of the correct procedures."

But opposition parties and pressure groups are seizing on the mistake as further evidence the government should scrap its proposed ID card scheme.

Danny Alexander, Liberal Democrat spokesman for work and pensions, said: "The government's strategy for protecting citizens' personal information is a shambles.

"We've had mislaid CDs, lost laptops and now passwords are being circulated with the information they are supposed to protect.

"Data protection is being undermined across Whitehall - the very idea that this government could be responsible for an ID card database is a joke."

A NO2ID spokesman told "In a way that defies common sense, it sounds like the government is storing its pin number next to its credit cards."


Politics @ Lunch

Friday lunchtime. Your Inbox. It's a date.