Staff in over 30 local authorities have been the subject of serious ID card database security breaches over the last two and a half years, it has emerged.
The incidents were revealed in January, when the Department of Work and Pensions (DWP) issued an information bulletin to the authorities restating its access policy and penalties in light of the breaches.
Yesterday, the DWP confirmed it had sent the bulletin and that it was related to how it had detected staff accessing its Customer Information System (CIS) with "view-only" rights to its data on all UK citizens with a national insurance number.
These instances had no business justification and were detected from August 2006 onwards, in councils across the UK, including three at Sefton Council and two at Glasgow City Council.
The DWP press office issued a statement that said the fact the breaches were detected proved that CIS security measures were working.
"The bulletin included a reminder for local authority staff of the penalties for inappropriate accessing of customer information," it stated. "This is an indication of how seriously the department and local authorities take data security."
The penalties for unauthorised CIS access, such as viewing personal records or those of others they may know, include possible disciplinary action or prosecution.
Mark Evans, marketing and communications director at IT security specialist Imerja, said the incidents proved there is a real need for staff in every organisation to be better educated about IT security policies.
"The problem remains that, even with restricted access, there are still people who struggle to understand the importance of IT security and will write their login details on Post-It' notes for anyone to see," he said.
"What we don't know in this case is whether any of the detected breaches were malicious or if they were simply people misusing the database by taking shortcuts or even using it as a contacts directory. People don't realise how easy it is to breach IT security protocol."
-
RSAC Conference 2025: The front line of cyber innovationITPro Podcast Ransomware, quantum computing, and an unsurprising focus on AI were highlights of this year's event
-
Anthropic CEO Dario Amodei thinks we're burying our heads in the sand on AI job lossesNews With AI set to hit entry-level jobs especially, some industry execs say clear warning signs are being ignored
-
‘A major step forward’: Keir Starmer’s £187 million tech skills drive welcomed by UK industryNews The ‘TechFirst’ program aims to shore up the UK’s digital skills to meet future AI needs
-
Government’s ‘Humphrey’ AI tool helps local authorities cut costsNews The Minute tool, part of the Humphrey AI assistant, is being trialled at 25 councils
-
Starmer bets big on AI to unlock public sector savingsNews AI adoption could be a major boon for the UK and save taxpayers billions, according to prime minister Keir Starmer.
-
UK government targets ‘startup’ mindset in AI funding overhaulNews Public sector AI funding will be overhauled in the UK in a bid to simplify processes and push more projects into development.
-
UK government signs up Anthropic to improve public servicesNews The UK government has signed a memorandum of understanding with Anthropic to explore how the company's Claude AI assistant could be used to improve access to public services.
-
The UK’s AI ambitions face one major hurdle – finding enough home-grown talentNews Research shows UK enterprises are struggling to fill AI roles, raising concerns over the country's ability to meet expectations in the global AI race.
-
US government urged to overhaul outdated technologyNews A review from the US Government Accountability Office (GAO) has found legacy technology and outdated IT systems are negatively impacting efficiency.
-
Government urged to improve tech procurement practicesNews The National Audit Office highlighted wasted money and a lack of progress on major digital transformation programmes
