By DAVID KILLICK
July 13, 2007
HUNDREDS of British ID card holders have been told to cut up their ID cards and replace their fingertips after a security breach in Sweden.
Computer tapes containing ID card holders’ details nationwide were among items in a car stolen from a Swedish data processing company in May.
Many EU financial institutions are affected, but only some are notifying customers.
The National Identity Register has written to ID card holders this week warning them to cancel ID cards and to replace their fingertips.
“Your National Identity Register ID card details may have been compromised on or after May 25, 2007, due to a possible data breach in Sweden,” it says. “As a precaution your ID card needs to be cancelled, your fingerprints replaced and a new ID card issued.”
National Identity Register spokeswoman Marsha Cadman said fewer than 5 per cent of the UK’s 70,000,000 customers were affected.
No instances of fraud had been reported and the NIR was taking a precautionary approach, she said.
“This is not an issue our citizens should be concerned with. It impacted only a small number of citizens.
“Some other EU institutions on the mainland haven’t cancelled ID cards, they’ve just let it go, some of them cancel them immediately.
“We prefer to take the middle ground and say check the ID card, make sure there’s no transactions, and we encourage you to come in and cancel.”
EU commissioner for financial crimes Leanne Vale said there had been no reports the stolen data had been used in crimes.
“It’s a low risk event,” she said. “Our ID card system admins are very prudent and they will always err on the side of caution and will reissue ID cards, and contact ID card holders so they can replace their fingerprints and maintain a high level of interaction with their customers. Other identity institutions may not choose to do that.”
EU ‘ID Czar’ David Bell said banks were aware of the breach and were monitoring customers’ accounts.
NIR spokeswoman Pauline Hayes said ID card holders were not protected against any unauthorised purchases by a zero-liability fraud protection policy.