The government was forced to admit the most fundamental breach of faith between the state and citizen yesterday when it disclosed that the personal records of 25 million individuals, including their dates of birth, addresses, bank accounts and national insurance numbers had been lost in the post, opening up the threat of mass identity fraud and theft from personal bank accounts.
MPs gasped when the chancellor, Alistair Darling, told the Commons that discs containing personal details from 7.25 million families claiming child benefit had been lost. They went missing in the internal post after a junior official at HM Revenue & Customs in Washington, Tyne and Wear, breached all government security rules by sending them by courier to the National Audit Office in London.
A frantic, secret police-led search over the past week has been unable to locate the discs, containing information on half the British population, sent by unrecorded post. All banks and building societies have been alerted and the public has been told to be vigilant of raids on their bank accounts.
Treasury ministers were desperately hoping to stave off bank panic today, fearing account holders will rush to change their accounts either in person or on the internet, leading to a second banking crisis akin to the run on Northern Rock.
Last night the information commissioner, Richard Thomas, conducting a broad inquiry on government data privacy, told the Guardian he was demanding more powers to enter government offices without warning for spot-checks.
He said he wanted new criminal penalties for reckless disregard of procedures. He also disclosed that only last week he had sought assurances from the Home Office on limiting information to be stored on ID cards.
"This could not be more serious and has to be a serious wake-up call to the whole of government. We have been warning about these dangers for more than a year.
"The frightening aspect of this episode is that it just does not matter what laws, rules, procedures and regulations are in place, if there is no proper enforcement of those rules. That is why we in our office must have the power to mount spot checks, so managers of data know the consequences if they do not follow the rules...
"I simply do not know why so much information was disclosed or why it was transmitted by post twice."
The shadow chancellor, George Osborne, described the security breach as "catastrophic", urging Gordon Brown to drop his search for a vision and "just get a grip". He said: "Public confidence in the government and its ability to protect information has been destroyed."
Osborne insisted that the blunders were the "nail in the coffin" of ID cards. "The idea that they want to store masses of information on the identity of every individual in the land, and they cannot keep hold of even this information means ID cards are dead."
Addressing the Commons, Darling, already on the rack due to the £25bn loan to Northern Rock, apologised to the nation, but refused to resign, saying there had been no policy failure.
He admitted it was possible the government or some other agency may be liable for any losses that occur, but stressed there was no evidence the discs had fallen into criminal hands.
However, the Revenue & Customs chief, Sir Paul Gray, who is generally well regarded in Whitehall, has resigned. "This is not the way I would have planned my departure," he said. He had apparently been concerned for months about security lapses inside his department.
The Metropolitan police has already been brought in to investigate the losses, as well as the Independent Police Complaints Commission. An independent government inquiry will also be carried out by the chair of PricewaterhouseCoopers, Kieran Poynter.
Darling admitted it was an "extremely serious failure on the part of HMRC to protect sensitive personal data entrusted to it in breach of its own guidelines".
News had been circulating at Westminster for hours that a major security breach had occurred but MPs were taken by surprise when Darling revealed the full scale of the breach: "The missing information contains details of all child benefit recipients: records for 25 million individuals and 7.25 million families."
The chancellor blamed mistakes by junior officials at HMRC, who he said had ignored security procedures when they sent information to the National Audit Office.
"Two password protected discs containing a full copy of HMRC's entire data in relation to the payment of child benefit were sent to the NAO by HMRC's internal post system operated by the courier TNT. The package was not recorded or registered. It appears the data has failed to reach the addressee in the NAO."
It was not the first time that the information had been provided to the NAO. Details of every family with children under the age of 16 were sent to the spending watchdog in March and then returned.
But a second request led to a further dispatch via TNT in October and on that occasion the discs with the data went missing. A third dispatch was subsequently sent by registered post successfully.
The NAO pointed out that the information it had requested from Revenue & Customs was never meant to include personal addresses, bank information or details of the parents involved. The NAO said it had asked for the child benefit database because it wanted to conduct and run its own independent sample survey.
The HMRC official who sent the CDs did not tell senior officials about the loss because he assumed the package was delayed, the HMRC said. The official believed the package was held up by the postal strike or the NAO's office move and "hoped that it would turn up".
An HMRC spokeswoman said: "The junior HMRC official involved should have notified their senior officials but did not." The data went missing on October 18 but the loss was not reported to senior HMRC management until November 8, three weeks later.
Darling said he was informed on November 10, and told Brown within 30 minutes. He explained that the delay in telling parliament was partly due to banks requesting time to monitor potentially suspicious activity.
Main points
· The data on the discs include name, address, date of birth, national insurance number, and in some cases, bank account details, of 7.25 million families who are recipients of child benefits
· Alistair Darling, the chancellor, told MPs of an "extremely serious failure on the part of HMRC to protect sensitive personal data entrusted to it in breach of its own guidelines"
· The Metropolitan Police called in to investigate how they went missing in transit from benefit HQ in Newcastle to the National Audit Office in London
· Darling urged people to check their bank account for any "unusual activity". He stressed the public would be protected against any fraud by the banking code
· The HMRC has set up a child benefit helpline on 0845 302 1444 for customers who want more details