[Dataloss] DWP sending sensitive data with passwords
security curmudgeon
jericho at attrition.org
Wed May 14 08:13:54 UTC 2008
---------- Forwarded message ----------
From: InfoSec News <alerts at infosecnews.org>
http://www.computing.co.uk/computing/news/2216315/dwp-sending-sensitive-passwords
By Tom Young
Computing
09 May 2008
Government staff in the Department of Work and Pensions (DWP) have been
sending out sensitive data in packages containing passwords that provide
access to the information.
An internal email to DWP staff outlining the poor security practices was
leaked to influential political blog Dizzy Thinks.
"Staff are... forwarding the data and password on together, which defeats
the purpose of the security measure entirely," the email reads.
After HM Revenue and Customs lost the details of 25 million families last
year, civil servants were told all information sent between departments
had to be password protected with passwords sent separately.
[..]
More information about the Dataloss
mailing list