United Kingdom–More than a month after Her Majesty’s Revenue and Customs (HMRC) admitted to losing a laptop containing data on 400 of its customers, HMRC admits to the loss yet again of two CDs containing a database of 25 million names, bank account details, and other confidential data of child benefit recipients, setting off what can be considered the biggest data breach for the UK yet. The CDs were sent through courier service. This was apparently the fourth time the CDs containing the database were sent through courier to HMRC from the National Audit Office, and vice versa.

HMRC owned up to the loss only last November 20 when in fact a month had already gone by since the actual event happened (October 18). These series of events have led to the resignation of HMRC Chairman Paul Gray.

The two password-protected disks were apparently sent unregistered through the TNT postal system, but was never received by its intended recipient. Chancellor Alistair Darling called for an immediate search, soon followed by a large-scale investigation by UK’s Metropolitan Police Service and Independent Police Complaints Commission (IPCC).

The disks reportedly appeared on eBay according to The Register with the bid starting at ₤0.99 and with profits allegedly going to UK Charity, Sue Ryder Care.

The Register posted the eBay description of the controversial items and, apparently, the CDs may have landed -more or less- in good hands judging by these admonitions:

I haven’t read the data myself. The database appears to have approximately 25 milion records in it, but is password protected, so it is impossible to read it and it’s definitely impossible to extract any bank account data from it.

Any information that you might discover (should you be lucky enough to win the auction for these useful items and read the database thereon) must be kept in the strictest confidence.

The last part of the eBay description just about takes the cake:

PLEASE NOTE: Government departments should contact me by email before bidding, since they will have to be vetted for competence before entrusting such items to them.

Competence indeed.

Sources: