MINISTERS were last night under growing pressure over the loss of 25 million missing child benefit records.
Prime Minister Gordon Brown told MPs that he “profoundly regretted and apologised” for the loss of the data that might have affected more than 300,000 families in the North-East – though he said the fiasco would not de-rail plans for ID cards.
And a review of data security across the Government was promised as police continued to hunt two computer discs containing the information that disappeared when sent from an HM Revenue and Customs office (HMRC) in Washington to the National Audit Office in London.
The Prime Minister said procedures had been breached on three separate points stipulating protected information should be accessed only by authorised staff, should not be removed without permission and should be encrypted when being sent.
“There is no evidence of fraudulent activity taking place,” said Mr Brown during a stormy Prime Minister’s Questions after Chancellor Alistair Darling had blamed the loss on a “junior official”.
But pressure continued to mount with ministers facing questions on the seniority of the official, as well as the security of the missing discs. The Public and Commercial Services union said the term “junior official” could cover administrative staff to someone graded just below a senior civil servant.
The union added the official was one of its members, although the HMRC refused to provide any details about the worker due to the “ongoing investigation”.
Last night, a North-East computer security expert expressed concern that criminals could hack into the discs that might only be protected by a weak password rather than encrypted. Prof Peter Ryan, from Newcastle University, said: “This seems to suggest that if this falls into the wrong hands, all hell could break loose. There is very little obstacle to extracting information.”
He said it was “bizarre” such information had been downloaded into hard form and sent out. The fiasco was indicative of major problems with the Government’s attitude to data and identity cards could make people less secure, he added.
Tory leader David Cameron said there had been “systemic failings” and the Government had failed in its first duty to protect the public.
Edward Leigh, Tory chairman of the Public Accounts Committee, said the National Audit Office originally asked only for basic details about child benefit recipients – omitting information on bank accounts – but “high level” officials said it would be “too burdensome” for HMRC to separate this data. Mr Leigh later said he had been given a copy of a briefing note written by NAO head Sir John Bourn for the Chancellor, showing the NAO asked for data in a “desensitised” form in March.
But it was claimed an unnamed HMRC senior business manager wrote an email back – copying in a senior colleague at assistant director level – saying the request would be rejected as it would require an extra payment to data services provider EDS.
Both HMRC and the NAO said they were unaware of any dispute.