Shostack + Friends Blog Archive


UK various breaches

  • Deptarment of Work and Pensions, 8,800 identities
  • Her Majesty’s Revenue and Customs (HMRC) was forced to close down the tax credits website at the start of December last year, after a spate of fraudulent claims came to light which exploited the stolen identities of Department for Work and Pensions staff.

  • Network Rail, 4,000 identities
  • Primarolo divulged the information after it was also revealed that 4,000 Network Rail employees had their personal details stolen and bank accounts set up under false pretences…Brian Contos of security firm ArcSight said: “This incident has been described as one of Britain’s biggest benefit frauds – with one in seven staff at Network Rail falling victim to this identity theft. [Both quotes from “Tax Credit Fiasco.”]

It’s a good thing the UK has a disclosure law the rules have changed, or each of these victims would be struggling alone to explain what has happened to them. The EU should pass a disclosure law. It’s good for victims of these crimes, it’s good for preventing these crimes, and it will be good for industry as a whole and the computer security industry in particular. Only those who know they have rotten security would oppose such a thing.