Whitehall suffers a data breach every hour
PERSONAL information held by Government departments is being breached at least once an hour, a little-noticed study recently revealed.
The damning report – by the Commons’ Public Accounts Committee (PAC) – found insufficient measures were in place to stop sensitive data being lost, wrongly shared or hacked, potentially leading to ‘significant harm’.
There were an astonishing 8,995 data breaches in the 17 largest Whitehall departments in 2015 – a staggering 24 a day, according to the report.
Some 98 per cent were at HM Revenue and Customs and the Ministry of Justice (MoJ).
Concern is growing over whether other public bodies are vulnerable to the kind of cyber attack that crippled the NHS on Friday. Scotland Yard has 10,000 computers using the outdated Windows XP system, which cyber criminals exploited, leaving thousands with cancelled operations or appointments.
Defence Secretary Sir Michael Fallon was forced to dismiss claims yes- terday that Britain’s four nuclear missile submarines were vulnerable because they used a system based on the old computer programme.
He ruled out concerns over the threat to the operating systems used by the Trident nuclear deterrent.
In February Chancellor Philip Hammond warned that significant cyber attacks were increasing in frequency, with 188 foiled in just three months.
The recent PAC report said poor reporting of low level breaches, such as emails containing personal details being sent to the wrong person, reduces confidence in the ability of ministers ‘to protect the nation from higher threat cyber attacks’.
In some cases, a single breach would involve the disappearance, theft or inappropriate sharing of the personal information of thousands. In January 2015 MoJ officials lost two CDs with sensitive details on highprofile inquiries into police involvement in three controversial deaths.
The threat of cyber attack has been one of the UK’s top four risks to national security since 2010.
Yesterday it was claimed that of the Metropolitan Police’s 27,000 computers, 17,000 have been upgraded to Windows 8.1 – meaning 10,000 are using the old system.
Scotland Yard chiefs have warned staff against opening suspicious emails that might contain the virus demanding a ransom payment to unlock computer systems.
The Metropolitan Police insisted their systems have ‘a number of layers of industry- leading security, which we have been monitoring closely over the past 24 hours’.
Amid concerns that the Trident nuclear deterrent was vulnerable to a ransomware attack, Sir Michael told the BBC’s Andrew Marr Show: ‘ We never comment on the different systems, obviously for reasons of security, that our submarines use.
‘But our Vanguard submarines I can absolutely assure you are safe and operate in isolation when they are out on patrol and I have complete confidence in our nuclear deterrent.’
Officials last night admitted NHS hospitals had been sent a ‘patch’ two weeks ago that protects against the virus – but apparently not all hospitals had updated their systems.
The ‘ Wanna Decryptor’ virus exploits a vulnerability in Microsoft computer systems that was first discovered and developed by the National Security Agency in the US.
The key to exploiting this was later leaked by a hacker group known as Shadow Brokers.
In March, Microsoft developed a ‘patch’ that protects against the hack – but experts said few NHS organisations had downloaded it.
However, the patch would not have protected the many computers in the NHS still running Windows XP.
Roughly one in 20 NHS computers – 4.7 per cent – run on this system.
NHS Digital said many of these cannot be updated because they are running MRI machines and other major pieces of equipment.
They have advised hospitals to take such items off their main internet networks and run them instead on smaller, more isolated systems to defend them from attack.
‘Attacks increasing in frequency’