2007 UK Child Benefit data scandal

The loss of United Kingdom child benefit data was a data breach incident in October 2007, when two computer discs owned by Her Majesty's Revenue and Customs containing data relating to child benefit went missing. The incident was announced by the Chancellor of the Exchequer, Alistair Darling, on 20 November 2007. The two discs contained the personal details of all families in the United Kingdom claiming child benefit, of which takeup in the UK is near 100%.

The discs were sent by junior staff at HM Revenue and Customs (HMRC) based at Waterview Park in Washington, Tyne and Wear, to the National Audit Office (NAO), as unrecorded internal mail via TNT N.V. on October 18. On October 24 the NAO complained to the HMRC that they had not received the data. On November 8, senior officials in HMRC were informed of the loss, with Chancellor of the Exchequer, Alistair Darling being informed on November 10. On November 20, Darling announced:

The lost data was thought to concern approximately 25 million people in the UK (nearly half of the country's population). The personal data on the missing discs was reported to include names, addresses and dates of birth of children, together with the National Insurance numbers and bank details of their parents.

The "password protection" in question is that provided by WinZip version 8. This is a weak, proprietary scheme (unnamed encryption and hash algorithms) with well-known attacks. Anyone competent in computing would be able to break this protection by downloading readily-available tools. WinZip version 9 introduced AES encryption (with unnamed hash algorithms), which would have been secure and only breakable by correctly knowing the passphrase.

...
Wikipedia