Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Vulnerabilities / Threats

Data on 3M UK Drivers 'Lost in Iowa'

Misplaced hard drive adds to furor over lost tax data

The British government's IT security woes got deeper today when Transport Secretary Ruth Kelly reported to Parliament that the personal data of some 3 million U.K. drivers has been lost by a contractor in Iowa.

The administration has already been in hot water for most of the month, following the loss of as many as eight CDs containing the personal information of some 25 million taxpayers and family members. (See UK Government in Uproar Following Data Loss.)

In a statement before Parliament earlier today, Chancellor Alistair Darling told British legislators that the government has made little progress in finding the missing CDs, according to reports. Then Transport Secretary Kelly stepped to the microphone.

"In May this year, Pearson Driving Assessments Ltd, a private contractor to the Driving Standards Agency, informed the agency that a hard disk drive had gone missing from its secure facility in Iowa City, Iowa," Kelly said. "The hard disk drive contained the records of just over three million candidates for the driving theory test."

The records contained the driver's name, postal address, phone number, the test fee paid, the test center, a code indicating how the test was paid for, and an email address, Kelly said.

The lost hard drive was "formatted specifically to fit Pearson configuration" and therefore would not be easy for third parties to read, Kelly said. She did not give further details on the configuration, and the department did not say whether the data on the drive was encrypted.

Kelly also confirmed reports of last week which stated that one of her department's offices in Northern Ireland had lost the personal data of more than 6,000 drivers when two disks were lost in the mail.

The disks, which contain the names and addresses of the motorists and the license plate numbers of their 7,685 vehicles, went missing at a sorting center in Coventry, Kelly confirmed.

Have a comment on this story? Please click "Discuss" below. If you'd like to contact Dark Reading's editors directly, send us a message.

Tim Wilson is Editor in Chief and co-founder of Dark Reading.com, UBM Tech's online community for information security professionals. He is responsible for managing the site, assigning and editing content, and writing breaking news stories. Wilson has been recognized as one ... View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
For Cybersecurity to Be Proactive, Terrains Must Be Mapped
Craig Harber, Chief Technology Officer at Fidelis Cybersecurity,  10/8/2019
A Realistic Threat Model for the Masses
Lysa Myers, Security Researcher, ESET,  10/9/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
7 Threats & Disruptive Forces Changing the Face of Cybersecurity
This Dark Reading Tech Digest gives an in-depth look at the biggest emerging threats and disruptive forces that are changing the face of cybersecurity today.
Flash Poll
2019 Online Malware and Threats
2019 Online Malware and Threats
As cyberattacks become more frequent and more sophisticated, enterprise security teams are under unprecedented pressure to respond. Is your organization ready?
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-17593
PUBLISHED: 2019-10-14
JIZHICMS 1.5.1 allows admin.php/Admin/adminadd.html CSRF to add an administrator.
CVE-2019-17594
PUBLISHED: 2019-10-14
There is a heap-based buffer over-read in the _nc_find_entry function in tinfo/comp_hash.c in the terminfo library in ncurses before 6.1-20191012.
CVE-2019-17595
PUBLISHED: 2019-10-14
There is a heap-based buffer over-read in the fmt_entry function in tinfo/comp_hash.c in the terminfo library in ncurses before 6.1-20191012.
CVE-2019-14823
PUBLISHED: 2019-10-14
A flaw was found in the "Leaf and Chain" OCSP policy implementation in JSS' CryptoManager versions after 4.4.6, 4.5.3, 4.6.0, where it implicitly trusted the root certificate of a certificate chain. Applications using this policy may not properly verify the chain and could be vulnerable to...
CVE-2019-17592
PUBLISHED: 2019-10-14
The csv-parse module before 4.4.6 for Node.js is vulnerable to Regular Expression Denial of Service. The __isInt() function contains a malformed regular expression that processes large crafted input very slowly. This is triggered when using the cast option.