UP TO 25 million people are at risk of identity fraud after the Government revealed that two computer discs with details of every family in the country receiving Child Benefit had gone missing.
After the most catastrophic Government security failure ever, the sensitive information still missing from HM Revenue and Customs (HMRC) includes dates of birth, National Insurance numbers and bank account details.
Child benefit is available to every family with a child under 16. The blunder leaves 7.25 million families exposed.
The chairman of HMRC, Paul Gray, yesterday took initial responsibility and resigned. However, the revelation heaped further pressure on beleaguered Chancellor Alistair Darling who had to explain to the Commons the extraordinary security failings in an agency which operates under the wing of the Treasury.
One expert told the Yorkshire Post the Government had potentially given identity thieves "a personal package to commit fraud". The data went missing weeks ago on October 18 and Mr Darling was informed on November 10.
The Chancellor, already under pressure from the fiasco surrounding the collapse of the Northern Rock bank, told shocked MPs yesterday that the discs containing the Government's entire Child Benefit database had been lost. An HMRC official simply put the package in the internal mail to be couriered by TNT to the National Audit Office – without its being registered or recorded. Watch the Chancellor's speech
The information on the discs was password-protected but not encrypted.
Astonished security experts said the password system could be broken by hackers "within minutes" with software downloadable from the internet.
The Metropolitan Police are now leading the hunt for the discs and trying to discover how they went astray in transit from benefit headquarters in Newcastle to the National Audit Office (NAO) in London.
Mr Darling said a junior official breached all security procedures by transferring the discs via couriers TNT to the NAO, but stressed there was no evidence that they had fallen into criminal hands. He insisted the public would be protected against any fraud by the Banking Code.
The HMRC official who sent the CDs did not tell senior officials about the loss because they assumed the package was delayed.
A spokeswoman said the official believed the package was held up by the postal strike or the NAO's office move, "hoped that it would turn up", and so kept quiet.
The loss is, however, strikingly similar to an earlier incident in which a CD containing details on around 15,000 Standard Life pensions customers, including their names, National Insurance numbers, dates of birth and other personal details, was lost by the Inland Revenue.
The latest missing discs were not reported to senior HMRC management until November 8. Mr Darling said on November 14 he ordered Mr Gray to call in the police. The banks were informed late last week.
An independent inquiry into security procedures will be carried out and the Independent Police Complaints Commission, which has oversight of HMRC, is also investigating.
A TNT spokesman confirmed the firm had a contract to deliver mail for HMRC as well as other Government bodies but said because the item was not sent by recorded delivery it could not be established for certain that it was posted.
Tory Shadow Chancellor George Osborne said: "The Chancellor has serious questions to answer, and faces the huge task of restoring the public's confidence in his Department."
A spokeswoman for Prime Minister Gordon Brown said he retained "full confidence" in Mr Darling, who she said had not offered his resignation.
Information Commissioner Richard Thomas, who was informed last week, said it was an extremely serious and disturbing security breach.
He said: "The alarm bells must now ring in every organisation about the risks of not protecting people's personal information properly.
"As I highlighted earlier this year, it is imperative that organisations earn public trust and confidence by addressing security and other data protection safeguards with the utmost vigour."
The Tories said the breach should be the final blow for the ambitions of the Government to create a national ID card.
Listen to our political correspondent's view on the potential political fallout, in BusinessTalk, the weekly audio programme from the Yorkshire Post
They all want you to move over Darling
Massive security breach is new low for Prime Minister
Loss is just the latest in a series of delivery mishaps
Families warned to beware of ID thieves
Banks wait but cash call may come
Now Big Brother has a file on you
The missing discs: Q&A