Online applications for some
visas have been suspended amid claims a security loophole left personal data
vulnerable to identity thieves.
Channel 4 News said IT systems covering
were affected and said up to 50,000 Indian travellers could have been exposed
to having personal details stolen.
Home addresses, dates of birth and passport numbers were all
said to be accessible for more than a year creating what the Tories dubbed a
“treasure trove for international terrorists”.
Data privacy watchdog the Information Commissioner demanded
a “full explanation” from the Foreign Office over the apparent breach
- which the programme said was first pointed out a year ago.
“The Information Commissioner's Office takes security
breaches very seriously. We will expect a full explanation from the Foreign
& Commonwealth Office to establish what and how this incident has
happened,” it told the programme.
The Foreign Office told Channel 4 the IT system was not
connected to the Government's own secure information system which is used to
process the applications.
Problems with the site were first reported to the firm and
the High Commissioner by Indian visa applicant Sanjib Mitra in April 2006 when
he found he could access other people's personal data.
Channel 4 was alerted after he discovered last week that it
was still possible, it said.
Shadow immigration minister Damian Green said: “It's
appalling and almost the most appalling thing is that it's not at all
surprising.
“This happens again and again and this probably is the
most serious because this will have been a treasure trove for international
terrorists, precisely the sort of people the Government keeps telling us its
new electronic systems and biometric visas and so on will keep out.”
There is such a striking similarity to the MTAS system
fiasco with this and other database hacks, that suspicions must be raised,
possibly to collusion in design and build, and bearing in mind that India,
Russia and Nigeria are top of the list in the global ID theft world, whether
there is any truth to the rumours that government is being deliberate in
releasing
Cards.
The questions that immediately need answering are:
- Who
built the system. - Who
tested the system. - Was
the system successfully security tested, including Penn testing. - Who
signed it off and put it into service. - Is
there any connection with MTAS (personnel, management, designers etc). - Have
- Have
there been any checks to see who is in the
with Visa’s issued during the period. - Have
they checked with the authorities in
to see whether there is any duplication. i.e. person in the
but also in - Who
was initially informed, and what did they do about it. - Who
is ultimately responsible for the systems. - Following
the first reporting, who was responsible for ensuring the loophole was
closed. - Although
the system was accessible for a year, how many previous years applications
were visible during that period. - How
many applications were successful from all data stored on that system, not
just for the year that it was visible. - How
is the data sent to the Government's own secure information system which
is used to process the applications if it is not connected as stated by
the FO. - Has
the Foreign Office undertaken a risk analysis and has this been published. - Who
in the Home Office is responsible for ensuring that no duplicate persons
are in the
If ever there was a case to end the ID cards programme, this
is coming pretty damn close to it.
When documents are issued overseas legitimately, UK ID cards
would protect us how?
Say No to ID cards, Say No to the Database state.
