Security breach on U.K. tax site halts online filing

[InfoSec News <isn () c4i org>]

http://www.nwfusion.com/news/2002/0531irsec.html

By Laura Rohde
IDG News Service, 05/31/02

The U.K. Inland Revenue Monday shut down its Internet tax
self-assessment service because of security breaches, the tax
department said on Friday.

"Several people were using the self assessment online service over the
weekend when they noticed the details of other filers and reported the
problem to us. As a result, we temporarily shut down the system on
Monday night and are now working around the clock to get to the bottom
of the problem," an IR spokesman said.

The IR declined to give details of the personal data revealed, or how
many people had confidential information made public. The government
department was also unable to estimate how long it will take to repair
the problem and get the service back online.

According to the IR, the security breach was in an electronic form
used for filing taxes online.

"There are several commercial products that are available for filing
taxes over the Internet, and we are still accepting those," the
spokesman said.

The IR has a contract with Plano, Texas, IT services company
Electronic Data Systems (EDS), valued at $3.5 billion, but the form in
question was created and administered by EDS subcontractor EzGov, the
IR spokesman said. This Atlanta company provides technology and
services to governments.

"We are not looking to attach blame to anybody, we are just looking to
fix the problem as soon as possible. Security is very important to
us," the IR spokesman said.

Representatives from EDS and EzGov could not be immediately reached
for comment.

Last year in the U.K., 76,287 returns out of a total of just under 9
million were completed over the Internet, the IR said. The IR's
self-assessment service accounted for 90% of the returns filed online,
the spokesman said. So far this year, 10,928 citizens have used the IR
online filing system, he said.

The U.K. government has been encouraging people to file their taxes
online and IR recently sent out fliers in an attempt to allay public
concerns over security issues and urging tax payers to switch over to
the online system.

Chancellor Gordon Brown announced in April government plans for
getting businesses and individuals to file tax returns online by 2010,
which could possibly include imposing fines those who fail to use the
Internet to file.

Accounting company Ernst & Young LLP conducted an internal review of
the IR's online system soon after it went public about two years ago
and determined that security issues kept Ernst & Young from
recommending the system to its customers or using it themselves,
Rayner Peett an Ernst & Young spokesman said Friday.

"Our review turned up a number of concerns about the IR's online
filing system, including the flexibility of the system, but one of the
main concerns was over security. Such a system has to be able to
guarantee the absolute security of confidential information and we
didn't feel the IR's system could do that. The government has
encouraged people to file online and what we hope is that this breach
in security will goad the government into doing whatever is necessary
to assure the security and confidentiality that taxpayers require,"  
Peett said.



-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomo () attrition org with 'unsubscribe isn'
in the BODY of the mail.