Skip to main content

Cyber-Ark warns firms of the need to stop transferring their data by CD-ROM

Cyber-Ark, a company specializing in protecting and moving sensitive data for companies and their customers, has highlighted the need for companies to stop transferring sensitive data by “pony express technology” following the loss of a CD-ROM containing details of around 15,000 Standard Life pension holders.

The data on the CD-ROM - which was lost in transit by an external courier on behalf of HM Revenue and Customs - is believed to include names, National Insurance numbers and pension plan reference numbers.

"This is more than enough information for fraudsters to steal someone's identity," said Calum Macleod, European managing director with Cyber-Ark, who added that it is the second time that data has been lost in the last month from the HMRC.

"Last month there was the theft of an HMRC employee's laptop containing the personal data of around 400 people from the boot of a car, and you would think that people would learn from their mistakes" he said.

"HMRC has gone on record as saying that it takes the security of customer information seriously and has improved the arrangements for moving sensitive information, but that's no good for Standard Life pensioners, many of whom will now be worried sick about what has happened," he added,

Macleod went on to say that, more than anything, this latest incident should come as a warning to all organisations, whether public or private sector, to encrypt their data, both on and off the computer system.

"Sending unencrypted data via CD-ROM, even by courier, is a ridiculous risk for HMRC to have taken. It makes the IT security system that the government agency employs little more than a laughing stock. Not only that but it really is high-time that the government spent a bit of effort ensuring they set an example rather than simply pontificating to everyone else about what they should do," he said.

Désiré Athow
Contributor

Désiré has been musing and writing about technology during a career spanning four decades. He dabbled in website building and web hosting when DHTML and frames were en vogue and started writing about the impact of technology on society just before the start of the Y2K hysteria at the turn of the last millennium. Following an eight-year stint at ITProPortal.com where he discovered the joys of global tech-fests, Désiré now heads up TechRadar Pro. Previously he was a freelance technology journalist at Incisive Media, Breakthrough Publishing and Vnunet, and Business Magazine. He also launched and hosted the first Tech Radio Show on Radio Plus.