Data Leak in Britain Affects 25 Million

November 21, 2007 from The New York Times – “The British government struggled Wednesday to explain its loss of computer disks containing detailed personal information on 25 million Britons, including an unknown number of bank account identifiers, in what analysts described as potentially the most significant privacy breach of the digital era…

In sheer numbers, the breach was smaller than several in the United States over the last few years. Last year, a computer and detachable hard drive with the names, birth dates and Social Security numbers of 26.5 million veterans and military personnel was stolen from the home of an analyst, but recovered apparently without any harm. In 2003, a former software engineer at America Online pleaded guilty to stealing and selling 92 million user names and e-mail addresses, setting off an avalanche of up to seven billion unsolicited e-mail messages.

But the disks lost in Britain contained detailed personal information on 40 percent of the population: in addition to the bank account numbers, there were names, addresses and national insurance numbers, the British equivalent of Social Security numbers. They also held data on almost every child under 16.”

180 View – “The disks were protected by a password, the government said, but were not encrypted.” How many wake-up calls are necessary before sensitive data is routinely encrypted?