Data Loss in the British Government: A Bounty of Credentials for Organised Crime

Personal information stored in large government databases is a prime target for criminals because of its potential use in identity theft and associated crime, such as fraud. In 2007-2008, a number of very high-profile cases of data loss within the British government, its departments and non-departmental bodies raised three pressing issues of public significance: (1) how broad was the loss across agencies; (2) how deep was each loss incident; and (3) what counter-measures (organizational and technical) could be put in place to prevent further loss? This paper provides a chronological review of data loss incidents, and assesses the potential to mitigate risk, given organizational structures and processes, and taking into account current government calls for further medium and long-term acquisition and storage of citizen\´s private data. The potential use of the "lost" credentials is discussed in the context of identity theft.