The spectre of identity theft looms for 25-million Britons whose personal information was lost in the post by HM Revenue & Customs (HMRC).
The data, which records information on all 7,5-million British families with children under the age of 16, includes information like parents' and children's names, dates of birth, addresses, National Insurance numbers and, where relevant, the details of the bank or building society account into which Child Benefit is paid.
"For the individuals affected, ID theft can be potentially financially crippling," says Graham Cluley, senior technology consultant at Sophos. "Once criminals have your personal information they can take out bank accounts, loans, and credit cards in your name, attempt to break into your bank account and ruin your credit rating, and generally look to inflict as much financial damage as they can, in as short a time as possible."
The latest incident is not the only time that HM Revenue & Customs has allowed data on British citizens to potentially fall into the wrong hands. In September, a laptop containing personal information on thousands of investors was stolen from the car boot of an HMRC official. Last month, in a separate incident, a courier being used by HMRC lost a CD containing details of 15 000 Standard Life customers.
Sophos experts note that a database containing personal information about a large number of people is highly attractive to identity thieves.
"If this data fell into the wrong hands it could be sold off piecemeal to organized identity theft gangs over the internet for a handsome profit. Within minutes information can be duplicated and passed around the world for criminals to exploit," says Cluley.
"Hackers have set up auction sites on the shadier areas of the internet for hawking their stolen wares to interested parties. Everyone will be desperately hoping that if a criminal has intercepted the CDs that they do not realise the value of what they have stolen, and the data will not be exploited."
The scale of the HMRC's data loss, and the fact that it happened at the heart of government, means many individuals may worry about what data they share with such legitimate institutions in future. In fact, a Sophos survey found that 33% of people believe that the public sector does a worse job of securing their confidential information than private firms.
"Having your identity stolen isn't always as obvious as when something else gets stolen," Cluley adds. "It's not like when the Mona Lisa is pinched and there's a gap on the wall.
"Unauthorised people can have personal information about you without you realizing – and it's only when evidence emerges that they have been stealing money or goods in your name that you may know that something illegal has occurred."