Customize Consent Preferences

We use cookies to help you navigate efficiently and perform certain functions. You will find detailed information about all cookies under each consent category below.

The cookies that are categorized as "Necessary" are stored on your browser as they are essential for enabling the basic functionalities of the site.

We also use third-party cookies that help us analyze how you use this website, store your preferences, and provide the content and advertisements that are relevant to you. These cookies will only be stored in your browser with your prior consent.

You can choose to enable or disable some or all of these cookies but disabling some of them may affect your browsing experience.

Currently Active

Necessary cookies are required to enable the basic features of this site, such as providing secure log-in or adjusting your consent preferences. These cookies do not store any personally identifiable data.

Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics such as the number of visitors, bounce rate, traffic source, etc.

Advertisement cookies are used to provide visitors with customized advertisements based on the pages you visited previously and to analyze the effectiveness of the ad campaigns.

Concern over Security Flaws on Government Websites

Apply for a DBS Check

According to an investigation by leading technology publication New Scientist, a large number of government websites have serious security issues which could put you at risk. The government operates over 3000 different websites under the gov.uk domain name, covering everything from central government departments to smaller district council websites. A team of security experts looked at the government websites and found that 524 have serious flaws which could allow hackers to get into the website and “hijack” it.


Digital Delivery

In the past few years, the government has been shifting many previously paper-based systems online. Disclosure and Barring checks, tax credits, Universal Credit, car tax, passports – all are now online. One of the few government websites which was not found to have security holes was HMRC, which deals with all issues around tax and national insurance.

The security experts who looked at the government systems used a scale of 1 to 10, with 10 being the most vulnerable to attack, to classify government websites. The average vulnerability across the system was 7.5, meaning the website is particularly vulnerable to attack by hackers. Many of the vulnerabilities are related to cookies, the little pieces of information which browsers keep about users. It was found that if hackers could collect the cookie information, they would be able to log into come government portals without knowing the user name or password of the individual concerned.


Criminal Records Bureau Website

One of the government sites which was found to have most vulnerabilities was the Criminal Records Bureau website. This website is now defunct, as the process for criminal records checks is now operated by the Disclosure and Barring Service (DBS). The CRB site redirects users to the DBS website, but has been found to have serious security flaws. The very real risk is that if a hacker manages to breach the security of the former CRB website, they are then free to divert users to another website, take payments and gather all sorts of personal information including details of criminal convictions.


Remember the NHS Hack?

The government doesn’t seem to have learned the lessons of the 2017 attach by WannaCry, which attacked computers in the NHS. Microsoft had identified the vulnerabilities in the system and issued a patch to fix it, but thousands of computers hadn’t been updated. Testing of computers in government departments is down to managers in each department. The problem is that until a website comes under attack, it can be difficult to assess just how vulnerable it is.


Concern for Users

Although there is concern over some NHS websites, there is nothing to suggest that using them is risky, or that people entering their data online should be concerned. However, the general rules about safe internet use should be followed even when on government websites. Always use a secure password which uses a combination of letters, numbers and special characters. Never use just one password across a range of sites, and make sure you have up to date anti-virus software on your laptop, tablet or phone.