Thanks to all the readers who have written to tell me about the HM Revenue and Customs breach in the UK. I’m on vacation at the moment, and haven’t had a chance to read in depth. However, example stories include the BBC’s “Pressure on Darling over records:”
Alistair Darling has apologised for the “extremely serious failure”, which has exposed all Child Benefit recipients to the threat of identity fraud.
and the Times Online’s “Moment’s blunder puts half the country at risk.”
In June, 2007, I wrote “It’s not all about ‘identity theft’,” and if you’ll indulge me, I’d like to repeat myself:
Data breaches are not meaningful because of identity theft.
They are about honesty about a commitment that an organization has made while collecting data, and a failure to meet that commitment. They’re about people’s privacy, as the Astroglide and Victoria’s Secret cases make clear.
The issue here is not ID theft risk. The data in the CDs don’t lead to that. The issue is a massive breach of public trust by Her Majesty’s government, and over that, people are rightly outraged.
[Update: I may have spoken too soon on the question of "can this data lead to ID theft in the UK." See the comments.]