Cyber-Ark, a company specializing in protecting and moving sensitive data for companies and their customers, has highlighted the need for companies to stop transferring sensitive data by “pony express technology” following the loss of a CD-ROM containing details of around 15,000 Standard Life pension holders.
The data on the CD-ROM - which was lost in transit by an external courier on behalf of HM Revenue and Customs - is believed to include names, National Insurance numbers and pension plan reference numbers.
"This is more than enough information for fraudsters to steal someone's identity," said Calum Macleod, European managing director with Cyber-Ark, who added that it is the second time that data has been lost in the last month from the HMRC.
"Last month there was the theft of an HMRC employee's laptop containing the personal data of around 400 people from the boot of a car, and you would think that people would learn from their mistakes" he said.
"HMRC has gone on record as saying that it takes the security of customer information seriously and has improved the arrangements for moving sensitive information, but that's no good for Standard Life pensioners, many of whom will now be worried sick about what has happened," he added,
Macleod went on to say that, more than anything, this latest incident should come as a warning to all organisations, whether public or private sector, to encrypt their data, both on and off the computer system.
"Sending unencrypted data via CD-ROM, even by courier, is a ridiculous risk for HMRC to have taken. It makes the IT security system that the government agency employs little more than a laughing stock. Not only that but it really is high-time that the government spent a bit of effort ensuring they set an example rather than simply pontificating to everyone else about what they should do," he said.