The Government Gateway was shutdown after a memory stick containing user names and passwords for the wed site that gives access to everything from tax returns to parking tickets, was found in a pub car park.
Ministers ordered an emergency shutdown of the Atos Origin-run site and ordered inquiry into this latest data security debacle.
The Department for Work and Pensions said the memory stick contained user names and passwords for testing an old version of the system and may not hold details of members of the public.
"We have moved immediately to make sure there is no conceivable risk to users of the Government Gateway, and are convinced the integrity has not been compromised,” a DWP representative told the Press Association.
"On the basis of an initial examination of the contents of the memory stick, it is our experts' opinion that the contents would not allow anyone to breach the very strong security safeguards protecting the website."
However, “strong security safeguards” have, time and again, proved inadequate to the task of securing personal data in both the public and private sector.
Commenting on this latest incident, Atos Origin said that an employee had removed the memory stick from the company's premises in "direct breach" of its operating procedures.
The government’s Information Commissioner last week said 277 incidents of data breaches had been reported to his office this year.
Eighty of those breaches concerned the private sector, 75 within the NHS and other health bodies, 28 reported by central government, 26 by local authorities, and 47 by the rest of the public sector.
Registration is free, and gives you full access to our extensive white paper library, case studies & analysis, downloads & speciality areas, and more.
But Thomas also noted that the amount of data breaches that have been reported to the ICO is might "still be well short of the total".
In the past year, the ICO has taken enforcement action regarding data losses against HM Revenue & Customs, the Ministry of Defence, the Department of Health, the Foreign and Commonwealth Office, Virgin Media, Skipton Financial Services, Carphone Warehouse, TalkTalk and Orange.
Related articles:
In this case no data was lost...however removable | Published: 19:12 GMT, 05 November 2008
It seems that this story is being blown out of all proportions - the Government has confirmed that the data stick was encrypted, meaning there is no data loss. Whoever was responsible for ensuring the USB stick was encrypted should be congratulated. The suggestion that removable media should be banned is somewhat out of kilter with business requirements. The main issue is for organisations to have control over which employees or contractors can use USB sticks, whether or not the data is sensitive and to ensure that all sensitive data is encrypted. And of course, that controls are in place as to who and where it can be decrypted. Data loss can be eliminated if Government departments take control of removable devices and govern the flow of inbound and outbound data to and from mobile devices, ensuring data is encrypted during transmission.