Earlier this morning I read an interesting Financial Times article which detailed how stolen IDs were changing hands for around $30 (£20 / 27 Euros) on the dark web.
The main direction taken by the piece was to highlight how British companies, including TalkTalk of course, were struggling to protect their digital assets and, more importantly in my opinion, the personal details of their customers.
Highlighting how 600,000 British customers had their data swiped from UK companies in 2014, Defence and Security Editor Sam Jones cited Symantec research which suggests that 358 million identities were compromised worldwide last year.
Such figures truly are scary and definitely worthy of reporting, especially in conjunction with other news today which suggests the majority of scam victims in this country never recover a penny of their losses –
One of the UK’s biggest banks has said 70% of its customers who fall victim to a scam do not get a single penny back… From January to September this year almost 5,000 of the bank’s customers fell victim to various scams – at a total cost of more than £25m… The bank says the average cost of falling for a scam has gone up by 40% since 2014, to more than £13,000.
– but within the FT article is a startling claim that I, for one, was not previously aware of: the possibility that a key government database, used by HMRC and the Department for Work and Pensions, may have been hacked.
Quoting “senior government officials,” Jones said “tens of thousands” of Brits’ identities were trading on the dark web. Nothing new there of course, but he went on to say that included within that figure were “thousands of detailed profiles stolen from the government’s own computer systems, with all the information necessary to completely seize control of an individual’s digital identity.”
The Government Gateway site has been breached?
When did that happen? When was it disclosed? Was I sleeping?
I don’t recall seeing anything about this at all, and a quick bit of Googling hasn’t revealed any further information either.
Hmmm… seems like a massive scoop and breaking news story in the making, especially given the fact that Jones says the profiles hacked from the site are the “crown jewels” of ID theft (no wonder they’re apparently available for the much higher price of $75 (£59 / 81 Euros) – which is probably not an understatement given the type of information likely to be included in such records.
So that again begs the question: why is this not the news story of today?
Has this breach even occurred, has it slipped under the radar as the security community and media at large go to town on TalkTalk’s incident response plan, or is there an error in the original FT reporting?
I’d be very interested in hearing your thoughts on this – has anyone got any information they’d care to share?