The identity details of more than 6,500 pensioners have been lost after HMRC, the beleaguered and serial identity data losing government agency, lost an IBM mainframe tape.
The tape, understood to be a backup tape, was neither encrypted nor password-protected, and contained details of Countrywide Assured plc policy holders. The details included national insurance numbers, names and addresses but not bank account details.
Countrywide has to send personal pension scheme policy holder information to HMRC. It sent the tape by courier on September 20th to HMRC offices at Ty Glas, in Llanishen, Cardiff, Wales. HMRC staff received it and signed for it. But they have subsequently not been able to locate it. Indeed HMRC contacted Countrywide in October and asked for the data, only to be told that it had already been sent.
Countrywide has sent letters to all affected policyholders this week and the company is very disappointed by HMRC's carelessness and incompetence.
This breach is one of the seven admitted to by acting HMRC chairman Dave Hartnett when attending a Parliamentary committee meeting. An HMRC spokesperson said: “We are taking this loss extremely seriously and have done everything possible to locate the data cartridge. We would like to apologise to all those affected.”
If, as expected, this is an IBM or StorageTek format backup tape then it can only be read in an equivalent tape drive by the appropriate software. This is not likely to happen, unless the cartridge has been stolen deliberately.
So we now have the following identity record leaks:-
- HMRC Standard Life - 15,000
- HMRC child benefit database - 25 million
- HMRC Countrywide Assured - 6,500
- NI DVA - 6,500
- Driving Standards Agency - 3 million
All of these losses occurred through bulk data transfer on unencrypted media. HMRC has mislaid 25,021,500 people's identity records. Its record is one of systematic and almost organised data handling incompetence. Systemic, systematic, what does the word matter? The agency is perniciously flawed from top to bottom as far as its sensitive data handling capabilities, procedures and culture are concerned. This is abundantly obvious.
The Driving Standards Agency (DSA) has mislaid 3,006,500 records and the total known loss across both HMRC and the DSA is of 28,027,00 records. The DSA has been very careless and neither agency has been open about its data loss failings until forced to be so.
We have come to know that CD transfer has been the media choice du jour for HMRC data transfer but now we know that tape cartridge transfer is also used by pension firms to send policyholder details to HMRC for tax purposes.
We can certainly assume that Countrywide Assured is not the only pensions firm to do this as it is sending a tape to be read by an IBM mainframe. That mainframe will be being sent tapes by multiple pensions companies at least once a year and possibly more often than that. We are talking about dozens of IBM mainframe tapes criss-crossing the country en route to Cardiff.
It will shortly become mandatory, we can be confident about this, that such tapes should be encrypted and sent in a more secure manner as well.
IBM mainframes do not support LTO4 format tapes with bundled encryption. Such mainframes typically only use IBM or StorageTek format tapes. StorageTek has its encrypting T10000 tape drive.
IBM has a mainframe tape encryption tool, as does CA. I feel it is likely that this cash-strapped HMRC mainframe does not have the latest generation tape drives, meaning that it doesn't have the capability to decrypt transmitted tape cartridges.
If both HMRC and pension firms are to encrypt tapes for transfer then there will be a cost in equipping systems with the requisite products and an argument about who should pay for this.