The Rural Payments Agency (RPA) has reportedly lost confidential data belonging to anyone who has ever claimed a single farm payment.
According to a report by Farmers Weekly, the bank accounts of every farmer in England have been at risk after the data was lost in May. The department for environment, food and rural affairs (DEFRA) was alerted to the issue immediately and said the risk posed to farmers was very low.
However Farmers Weekly claimed that the agency only discovered the problem in September. It also said that at no time has the agency or DEFRA attempted to inform farmers about the breach.
Whistleblowers claimed that 39 backup tapes containing confidential details went missing after they were transferred from RPA offices in Reading to Newcastle. DEFRA has admitted that tapes went missing, but told Farmers Weekly that the data was not lost in transit and was instead misplaced within the data centre.
The tapes were last accounted for in June 2008, but it was not until May this year that IBM realised the data was missing and informed DEFRA. Sources claimed that DEFRA tried to cover up the error and it was only realised by the RPA in September when annual data checks were carried out.
According to the whistleblowers, the error occurred after backup tapes containing confidential details were sent between IBM and another IT consultant, Accenture.
A spokesperson for DEFRA said that a thorough search was conducted to find the missing material and concluded that some tapes were misfiled and placed ‘on the wrong shelf'.
DEFRA also admitted its data was not encrypted. When Farmers Weekly put the whistleblowers' accusations to DEFRA and the RPA, it issued the following statement: “Since these incidents, procedures have been further tightened to prevent a recurrence. IBM has instigated a thorough review of their procedures to manage removable storage media, such as these tapes, as well as tightening access control requirements.
“The tapes are held in a secure IBM data centre and only IBM and Accenture technicians have access to them. Both IBM and Accenture were asked to review their security arrangements as a result of this incident.”