Tax website shut down as memory stick with secret personal data of 12million is found in a pub car park

[security curmudgeon <jericho () attrition org>]

[This title is very misleading. From what I read, the source code to a web
  site was found on the drive, not details of 12 million. If a bad person
  got ahold of this information, they could then access the web site and
  the 12 million records. While the memory stick was 'handed in', there
  aren't enough solid details to indicate how long the stick was gone, if
  contents were copied, and who turned it in. - jericho]


http://www.dailymail.co.uk/news/article-1082402/Tax-website-shut-memory-stick-secret-personal-data-12million-pub-car-park.html

Tax website shut down as memory stick with secret personal data of 
12million is found in a pub car park

By Daniel Boffey
Last updated at 3:05 PM on 02nd November 2008

Ministers have been forced to order an emergency shutdown of a key 
Government computer system to protect millions of people's private 
details.

The action was taken after a memory stick was found in a pub car park 
containing confidential passcodes to the online Government Gateway system, 
which covers everything from tax returns to parking tickets.

[..]

The Department for Work and Pensions insisted that the system's security 
has not been breached, but a computer expert told The Mail on Sunday that 
in the wrong hands the data on the memory stick could enable hackers to 
access personal details of the 12million people who have registered on the 
system, including their passwords.

[..]


Another article:

http://www.scmagazineuk.com/Lost-USB-stick-contained-complete-source-code-for-gateway/article/120283/

Jacques Erasmus, director of malware research at Prevx, claimed that the 
4GB stick was almost full and the data was not encrypted. Studying it at 
the offices of the Mail on Sunday, whom the stick was handed into after 
being found in a car park, Erasmus claimed that the government were not 
taking the contents and loss seriously.

[..]

The most shocking thing was that the source code for the gateway was on 
there, this included code for the website, service commands and modules. 
So any hacker could get the source code as it was not secured and exploit 
the service.

[..]
_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)

CREDANT Technologies, a leader in data security, offers advanced data encryption solutions.
Protect sensitive data on desktops, laptops, smartphones and USB sticks transparently 
across your enterprise to ensure regulatory compliance.
http://www.credant.com/stopdataloss