A security failure at the BBC has allowed fraudsters to access thousands of people’s personal details.
The failing drags the Corporation into the on-going row over how large organisations store private information about individuals. Last night a senior MP called the incident "very serious" and demanded that the BBC take action to tighten its security. A spokesman for the Corporation confirmed that members of the public had been affected after their details were hijacked from a list of people who had signed up to receive information about next month’s BBC Electric Proms music festival. The spam e-email offered the sex drugs at "US$1.49 per pill" but such advertisements are often a front for identity fraudsters attempting to glean financial information from their victims. John Whittingdale, chairman of the all-party Commons Culture Committee, called on the BBC to take urgent steps to protect personal details from event the security lapse being repeated. "This is a very serious incident and I would expect them to take urgent action," said the Conservative MP. "The BBC’s reputation is based on integrity and trust, and that means it is important to protect people from harmful e-mail content. "The idea that the BBC, albeit inadvertently, could be used to distribute potentially harmful e-mails which could lead to ID theft is something that I expect them to take very seriously indeed." Jeremy Hunt, the shadow culture secretary, said the incident was the latest in a long line of mistakes with personal data. "It seems that once again a public body has become sloppy with the personal details it holds on thousands of individuals," he said. "The BBC must ensure that it has the appropriate level of computer security so that private information cannot get into the wrong hands again." Danny Harrison, an identity fraud analyst from the company CPP Group, said simple steps could have been taken to protect the BBC’s customers. "I have never heard of this happening to a reputable organisation before," he said. "Technology to prevent this is relatively straightforward. The BBC should have had firewalls in place to protect the data and they should have been checked constantly. "There is a lot that can be done to protect information such as mailing lists and if information is transferred it should be done on a secure network or with very high-end, secure encryption." A BBC spokeswoman said: "As a result of an administrative error, spam mail received by the BBC was accidentally sent out to subscribers of the Electric Proms mailing list. "We apologise for this mistake and have contacted everyone on the list to explain the situation. We wish to assure all subscribers that no details have been passed on to third party companies and all the data held on our systems is completely secure." The forwarded e-mail did not include any computer viruses, she added. However, many spam messages sent by criminals are known to include automatic hyperlinks to websites which allow malicious computer programs to access files stored on a PC. The Electric Proms event, which is now in its third year, is a companion to the traditional classical music Proms but features rock and pop acts in a series of concerts at venues in north London and Liverpool, which are also broadcast on BBC2 and Radios One and Two. This year’s headline acts include Burt Bacharach, the singer-songwriter, Keane, the rock group, and a special event marking the 30th anniversary of Saturday Night Fever, with Robin Gibb. BBC, I was not expecting such out of you people 😛