UK Ministry of Defence laptop stolen with personal details of 600,000 Armed Forces applicants

(21/01/2008)

The Ministry of Defence has confirmed that a laptop containing the unencrypted personal details of 600,000 Armed Forces applicants has been stolen from a Royal Navy officer. The laptop may have contained information such as passport, driving licence and family details, as well as National Insurance numbers, doctors’ addresses and NHS numbers of people who have either expressed interest in, or joined the Royal Navy, Royal Marines and the Royal Air Force. It is believed that 3500 people’s bank details were also included on the database and it is not currently known how the laptop was protected.

Jamie Cowper, Director of Marketing EMEA at PGP Corporation, has made the following comments: “With HMRC still fresh in the mind of both the public and the Government, you have to question how such a catastrophe could be allowed to happen again. Though the Government has been keen to demonstrate the need to address this growing problem, it is clear that a culture of complacency still exists within the public sector when it comes to defending our data.

Whilst pledges have been made to bolster the ICO’s powers and beef up legislation – what the Government needs to do now is look for an immediate solution – i.e. encryption. This is the only way to ensure that data remains secure no matter what happens to the device it is stored on.”

Check Point says that this shows that lessons have still to be learned from the child benefit data loss from HM Revenue and Customs last year. Nick Lowe, Check Point’s regional director for Northern Europe says: “What will it take for organisations to understand the risks? The HMRC data leak happened two months prior to this theft, but apparently the personal data on the laptop still wasn’t encrypted – despite the easy availability of encryption software.

“When we surveyed UK companies in November 2007, only 48% had data encryption software, yet 65% said they would not change their IT spending priorities. It seems that some companies are still saying “it can’t happen here”. This laptop theft shows that it can happen, all too easily.”

Check Point’s November 2007 survey asked senior IT staff in public & private UK companies if the Child Benefit data leak at HM Revenue & Customs would change their IT spending priorities.

65% of IT managers and senior IT staff in UK companies said it would not. Yet less than half of respondents (48%) said their organisation had an encryption solution to protect sensitive data. 40% of the sample said their company did not have encryption, and 12% did not know if encryption was in place.

Phil O’Neill, director and general manager, Kensington Europe, said: “High-profile data theft cases have become rife in recent months. And putting sensitive information such as children’s addresses and customers’ bank details at risk isn’t just bad PR for the organisations involved. When Nationwide lost a laptop containing 11 million customers’ details, it was fined £980,000.

“It seems that, even though people know laptops can be easily stolen or lost, small businesses in the UK believe that having a password is enough to keep data safe. Unfortunately, this will not stop a determined thief from hacking into the computer. The best way to make sure that sensitive data does not fall into the wrong hands is to ensure that the device itself cannot be stolen.

“It is increasingly clear that companies are neglecting the most obvious threats to their security. Businesses invest millions in network security, yet they disregard the danger of physical theft. This is tantamount to investing in a sophisticated home alarm system but forgetting to lock the front door.

“Companies can cheaply and easily ensure the safety of onsite computers by locking them to a fixed object with a specially designed lock. Using such a lock acts as a deterrent and can reduce insurance costs – and helps to reassure employees that their personal details are safe, even if they’re held at a contractor’s site.”

Related topics:  Computer and PC Security   Data management and data security   Encryption 

Print version | Email to a friend | Related articles

Data breaches: Trends, costs and best practices gives you all the latest information on securing personal and corporate data, key recommendations for immediate action to improve data security, and how to respond to data breaches.

Other Security news and resources