United Kingdom government security breaches

From Wikipedia, the free encyclopedia
Jump to: navigation, search

This page is a time-line of published security lapses committed by governmental entities in the UK, including data security breaches. This article does not attempt to capture security vulnerabilities.





  • December 2004 - An undercover journalist reportedly entered restricted areas and walked unchecked and unnoticed around passenger aircraft due to take off from London Heathrow airport. The journalist also entered British Airways offices and other out-of-bounds areas at the London airport which housed confidential security documents.
  • April 2007 - Medical Training Application Service (MTAS) was an on-line application system for the selection of junior doctors, and allocating them to jobs in the UK. Personal details (including phone numbers, home addresses and sexual orientation) of junior doctors became publicly available for several hours to anyone with the right URL. It was also reported that applicants had been able to see each other's files by changing two digits in the personalised web address given to each individual, and the MTAS system was eventually suspended.
  • July 2007 - Newcastle City Council admitted that personal data and payment card details of up to 54,000 local residents had been downloaded from an insecure server to an IP address outside the country. The stolen data included names, addresses and card details from transactions between February 2006 and April 2007, mainly for payment of council tax, business rates, parking fines or council housing rent.
  • October 2007 - A laptop containing sensitive financial details of up to 400 customers of several financial institutions was stolen from the car of an Her Majesty's Revenue and Customs employee the earlier month The laptop was protected by "a complex password and top level encryption". The theft also involved a printout of some names and financial details.
  • November 2007 - Two discs containing information on 25 million British Citizens disappeared after being sent through the courier used by Her Majesty's Revenue and Customs office. A junior bureaucrat sent the discs in the post from Her Majesty's Revenue and Customs to the National Audit Office in London. The discs were believed to contain names, addresses, dates of birth, national insurance numbers and in some cases banking details for 25 million adults and children.