In three of the cases workers were able to access data they had
no authority to use and in the fourth a worker who did have
authority to access data used it inappropriately. The fifth case
involves a worker accessing the Prison Service sentencing database,
said a Home Office spokesman.
"Disciplinary action was taken that resulted in the dismissal of
three of those people. A fourth resigned before the process of a
charge of gross misconduct could be completed. Another was an
employee at a private sector partner, who has been dismissed," said
the spokesman.
The security breach has raised questions for some about the
security of any database attached to identity cards, a major plank
of current Government policy. "Plainly, centralising all of our
identity data into one centralised register in the Home Office's
control is going to expose our information to risk of abuse from
staff," said Phil Booth, national co-ordinator of NO2ID, an
anti-identity card pressure group.
"Many of the risks that attach are not so often about hacking
from the outside but from the inside job, but this is something
that the Home Office has completely and flatly denied throughout
the process and said 'we'll have security protocols in place and
procedures to stop this'," said Booth. "They've claimed this for
other databases as well and yet we have highly publicised cases
such as the chap at the DVLA who was passing information to [animal
rights groups] not just a few times but over 13 months."
The Home Office spokesman said that remaining staff at the IPS
have been warned about unauthorised access. "The IPS takes its
security very, very seriously and has reminded staff that any
breaches will involve a charge of gross misconduct which will
result in dismissal and that any offender will be liable to
prosecution," he said.
The Home Office could not confirm at time of going to press
whether or not any further legal action or a prosecution will
follow the dismissals.
The information came to light following a parliamentary question
from the Liberal Democrat Party. NO2ID says that it is compiling
information on further potential for security breaches within the
Home Office.
"NO2ID has been approached by a contractor at one of the
companies tendering for the database for the ID card system who
described to us how quite regularly he was able to break protocol
and gain access to supposedly highly secure databases of another
wing of the Home Office while on a job," said Booth.
The Home Office said that it could not comment without further
details on the identity of the contracting company and the
databases in question. Booth said that the group would not make
those details public until later this week.
