Home Office Says -“Database Breaches Did Occur”

There have been confirmations from the Home Office in the UK regarding database breaches into its ID and passport service (IPS) database. However the possibility of a hacker attack being behind them was ruled out.

Five security breaches has been confirmed with the civil service staff mostly being the cause, putting the privacy of 40 million UK citizens at risk in five years. A home office representative admits that it was not remote hackers who hacked their system. This statement was made on August 31 2006 to ZDNet UK, in response to a question in the parliament put forth last week.

Four of the five breaches were caused by office staff with unauthorized access to the IPS database. In three of the instances, access privileges were used by the staff to carry out checks, which were unauthorized. In the fourth incident, data was misused by the employee that he had access to. As for the fifth, the cause was a system crash arising from a technical glitch that affected the prison service system. In all the cases the defaulters were subject to disciplinary action.

The IPS informs that the breaches have no effect on their ID card plan for creating a vast database comprising personal and biometric details. Nevertheless the database security is being questioned due to these breaches.

A statement by a spokesman for IPS clarifies that the security of systems and data is a serious concern for IPS. There are various protective procedures used for ensuring that abuse or misuse of official systems does not occur and to detect each one when it does occur. IPS has a commitment to probe any cases of this kind of misuse or abuse and taking the most severe action to deal with it.

Eventually it boils down to a question of trust. Despite security, breach of trust is possible. Should anyone be found guilty of a system breach, the reaction will be harsh.

In IT crime there is a tendency for silent breaches in which skilled criminals enter a system and then leave no traces for future breaches, keeping the victim unaware. This was the view of John Tullett, technology editor, Security Computing magazine.

IPS admits that even with adequate security measures, breaches could not be overruled completely.

Related article: Hawaiian Legislature Hobbled By Computer Virus

» SPAMfighter News - 9/7/2006