This includes bank details for 7 million families, national insurance numbers and so on. The information was sent, by unrecorded delivery, through the post. This is information worth millions, if not billions, in the wrong hands.
The records include parents' and children's names, addresses, dates of birth, child benefit and national insurance numbers and in some cases, bank or building society details.
And then they wonder why I don't trust this government, or any government, with all of my personal information on a centralised ID database?
On the bright side, the discs are 'password protected'. That's all right then, dictionary brute force attacks have almost never been shown to work....
In other news, last week the Information Commissioner’s Office asked the UK to criminalise severe data breaches. Good job for the powers that be that this hasn't happened yet!
Even if this was the mistake of some underling, the fact that the systems were so lapse that this information could be burned to CD is a massive problem.
Update: The banks are advising that people don't need to phone them and say 'give me a new bank account number'. They would say that, it's a lot of work - but on the precautionary principle, there is no reason not to do this. In fact, if my bank said there was no need, I would respond by saying 'if you won't give me a new account number, I'll move my account'.
Update 2: Don't accept 'ID card database would be safe as it's protected by biometrics' - this is so much tosh, the biometric info is just another record in the database.
Update 3: No2ID now has this story