Many people may have a false sense of security that the Government are able to protect us and our data. Over the years, this belief has decreased massively given there are growing trends of data breaches, with hacks and leaks scarily becoming the norm.
This is exemplified in the Government’s digital service website – www.data.gov.uk – who recently fell victim to a security breach. A spokeswoman said that a database containing usernames and email addresses was discovered on a system which was accessible to the public. This was only discovered during a routine security review.
So, if the government can’t protect themselves, how can we expect them to protect us?!
After becoming aware of the breach, the digital service is making all users change their passwords as a precautionary measure. This may be too late to be implementing as a ‘precautionary’ measure though, given that the damage has already been done.
Not that it should make any difference, but according to the Government, only email addresses, usernames and hashed passwords were breached. Names and physical addresses weren’t leaked.
Email addresses, usernames, and hashed passwords are still valuable data to cyber-criminals, however!
They could still use them to access other accounts as many individuals tend to reuse passwords across multiple online accounts.
So, the risks are still there…
Notification
The Government digital service are aware of their wrongdoing and notified the Information Commissioner’s Office (ICO) of the breach. A spokeswoman told the BBC that the breach had only affected data.gov.uk accounts, meaning users with separate accounts for other government websites weren’t affected.
The Government digital service sent notification of the breach from this email address –
data.gov.uk.support@notifications.service.gov.uk – to warn users to change their passwords. The email stated that “the names, emails and hashed passwords in the file belong to users who registered on data.gov.uk on or before 20th June 2015.”
Further warnings have been given by the Government department, urging users to be diligent if they receive an email from someone claiming to be from the Cabinet office. It’s important that you check the authenticity of an email recipient before handing over personal information.
Reassurances
The spokeswoman tried to give her reassurances by stating that, because hashed passwords were used i.e. the passwords were scrambled, this formation makes the information less useful. However, as we mentioned above, this doesn’t completely eliminate the risks to people affected by the breach.
A spokeswoman also stated:
“…there is no evidence of misuse of anyone’s credentials and users have been asked to reset their passwords purely as a precautionary measure.”
Weaknesses of the system
Spencer Young, RVP EMEA at Imperva, highlights the importance of a strong password:
“Passwords continue to be an ‘Achilles Heel’ in the fight against cybercrime as improper user behaviour such as weak passwords or use of the same password across different sites – continues.”