UK Government was warned on data loss

UK Government was warned on data loss


Risk assessment raised concern about junior staff access in 2004

The UK Government was warned that allowing junior staff to access the child benefit database was a security risk, three years before discs containing 25 million records were lost.

Treasury risk manager Richard Fennelly carried out the assessment in March 2004 and sent a letter warning of weak procedures to the Treasury.

That revelation will cause embarrassment for current Prime Minister Gordon Brown, who was Chancellor of the Exchequer at the time.

"Fraudulent/malicious activity was not being detected," said a copy of Fennelly's comments obtained by the News of the World.

"Live support staff had root access and could do anything without being detected with obvious risks."

Fennelly also warned that there was "no encryption between certain elements in the system".

Shadow work and pensions secretary Chris Grayling said the document rubbished Gordon Brown's claims in Parliament that the data breach was a one-off incident.

"Now we know that internal watchdogs in the government were warning three years ago that the child benefit database was at risk," he told the News of the World.

"Because no one took any action we now face a situation where millions of bank account details and information about all our children has been lost."

HM Revenue and Customs (HMRC) lost discs containing the child benefit records of 25 million people, including the bank details of 7.25 million families, when it sent the unencrypted data through the regular post service.

Information Minister Richard Thomas has warned that other damaging data loss incidents could emerge, as several public bodies have secretly admitted to losing data following the HMRC crisis.