There is an unconfirmed rumour that the hacking group LulzSec has managed to steal millions of records from the 2011 UK Official Census and has threatened to release them into the public domain once they have been ‘categoriszed and formatted’. Unusually this has not been mentioned on it’s Twitter account as they normally do which leaves the action open to speculation.
In a release made on Twitter, they tweeted “Our next step is to categorize and format leaked items we acquire and release them in #AntiSec “payloads” on our website and The Pirate Bay”. It has also stated that it “blissfully obtained records of every single citizen who gave their records to the security-illiterateUK government for the 2011 census”.
The blog known as Pastebin has however said that it will keep the records secure
which would appear to say that people would not have to worry about their
private census records until, as the group says, they are formatted and
categorized. There are no timescales offered just now of when they will offer
the records for public viewing however.
It is suggested they will release all the records on ThePirateBay, a downloading website where anyone who has the correct link to them and bittorrent software will be able to download the records and search on them as well. It is my understanding that the information available will include not just names and addresses, presumably ‘formatted’ by matching them to the electoral roll, but also adding on the information on employment, religious beliefs and lifestyles.
One extremely disturbing aspect of this, if it goes ahead on ThePirateBay is that almost everyone using bittorrent software with default settings will automatically be sharing this data as it is downloaded from another bittorent site. Therefore everyone who downloads it will also be illegally sharing the information and therefore just as guilty as the original hacker who shared it in the first place.
The Office of National Statistics have stated they were not aware of the issue but they are investigating the claims having been alerted to the potential problem. They are saying there is no evidence of a security breach at this time but are working with their security advisers and contractors to establish whether there is any substance to the claim.
Whilst this may be a false alarm it goes to show just how information should be held more securely than ever as LulzSec has already been blamed for the recent hacking into the UK’s
Serious Organised Crime Agency (SOCA) database as well as the US Senate and CIA systems.
If this is true then the UK Government will need to account for why it has happened to yet more personal information it has allegedly held ‘securely’ and the Information Commissioner will have to investigate this as an extremely serious breach not only of The Data Protection Act 1998 but also with regard to how information is stored by government agencies.