DWP sending sensitive data with passwords

[security curmudgeon <jericho () attrition org>]

---------- Forwarded message ----------
From: InfoSec News <alerts () infosecnews org>

http://www.computing.co.uk/computing/news/2216315/dwp-sending-sensitive-passwords

By Tom Young
Computing
09 May 2008

Government staff in the Department of Work and Pensions (DWP) have been 
sending out sensitive data in packages containing passwords that provide 
access to the information.

An internal email to DWP staff outlining the poor security practices was 
leaked to influential political blog Dizzy Thinks.

"Staff are... forwarding the data and password on together, which defeats 
the purpose of the security measure entirely," the email reads.

After HM Revenue and Customs lost the details of 25 million families last 
year, civil servants were told all information sent between departments 
had to be password protected with passwords sent separately.

[..]
_______________________________________________
Dataloss Mailing List (dataloss () attrition org)
http://attrition.org/dataloss

Tenable Network Security offers data leakage and compliance monitoring
solutions for large and small networks. Scan your network and monitor your
traffic to find the data needing protection before it leaks out!
http://www.tenablesecurity.com/products/compliance.shtml