Saturday 25 April 2009

MoD laptop stolen from McDonalds

Laptop, Science Photo Library
MoD staff are banned from taking unencrypted laptops out of offices

The Ministry of Defence says a laptop has been stolen from a member of the military as he was eating in McDonalds.

The computer was taken from under the Army captain's chair, near the MoD's Whitehall headquarters on 1 April, according to the Sun newspaper.

The MoD said the data on the laptop was not sensitive, and was fully encrypted.

It comes after a laptop holding details of 600,000 people who applied to join the armed forces was stolen from a car in Edgbaston, Birmingham, in January.

A Ministry of Defence spokesman said that police were investigating the theft.

It comes after the government tightened the rules on employees taking computers out of work.

Whitehall staff are now banned from taking unencrypted laptops or drives containing personal data outside secured office premises.

Source - BBC News

Monday 20 April 2009

Blears PC loss - officials blamed

Hazel Blears
The break-in took place at Hazel Blears Salford office on 14 June

Information on a computer stolen from Communities Secretary Hazel Blears' office had been sent in breach of data security rules, it has emerged.

The Communities and Local Government department admitted its officials had "not fully" complied with guidance on handling sensitive data.

Its top civil servant Peter Housden said "no damage had been done" as the documents were not secret.

Manchester Police are investigating the theft from Ms Blears' Salford office.

The computer contained a combination of constituency and government information relating to defence and extremism.

I have instructed my officials that departmental procedures are now strengthened to ensure this does not happen again
Peter Housden
Communities and Local Government

Mr Housden said in a statement: "It is clear that papers have been sent to Hazel Blears in a way that is not fully consistent with the departmental guidance.

"Thankfully no damage has been done since the documents sent to her were not classified as secret or top secret. And in any event the computer was password protected.

"I have instructed my officials that departmental procedures, guidance, and the awareness and accessibility of that guidance, are now strengthened to ensure this does not happen again.

"I take full responsibility for ensuring this is done."

Confidential document

Department sources suggested that no officials were likely to lose their job over the breach, but did not rule out disciplinary action.

This is the latest in a series of security breaches that have embarrassed the government. Last week a senior Cabinet Office official was suspended for leaving top secret documents on a train.

Another file of documents, including one restricted one, was found on another train last week as well.

The news that a government minister may have been directly responsible for the loss of data relating to extremism is extremely alarming
Dominic Grieve
Shadow home secretary

After Gordon Brown was informed of the theft from Ms Blears' office, he told cabinet ministers to ask their civil servants to remind staff of the importance of enforcing procedures on the treatment of sensitive information.

Shadow home secretary Dominic Grieve called for Parliament to be told "exactly how and why this has occurred".

"The news that a government minister may have been directly responsible for the loss of data relating to extremism is extremely alarming," he said.

The stolen computer is understood to have contained one confidential document relating to the housing market from March this year, as well as other restricted documents.

But the documents did not contain any information that could compromise national security.

They also contained information that shows Cabinet members disagree over the government's proposed planning laws.

'Alarm'

Restricted government documents should not be held on a personal computer.

A government spokesman said the machine contained material from the Department for Communities and Local Government and details relating to her constituency work.

He insisted no personal details were among the departmental information.

"There was a break-in at the constituency office of Hazel Blears on the afternoon of Saturday, 14 June. Hazel was not there at the time, " the spokesman said.

"The thief broke in through a window, triggering the building's security alarm. A PC was stolen. Nothing else was taken.

"We understand the building's security staff arrived within minutes.

"The PC was primarily used for Hazel's constituency business and contained some details of her constituency work."

The spokesman said "none of the departmental material included sensitive personal data about the public or would be of use to criminals".

He added: "The PC did not contain any secret or top secret information and the contents of the PC are protected and clearly this is now subject to a routine police investigation."

Source - BBC News

Friday 10 April 2009

Six laptops stolen from hospital

Six laptops containing information about 20,000 patients have been stolen from a south London hospital.

The computers were taken from a locked cabinet in a secure room at St George's Hospital in Tooting, in June.

Patient information kept on the laptops includes brief medical notes, names, dates of birth and postcodes.

The hospital accepts the data should not have been stored on portable computers and has written to every patient to apologise.

Police have launched an investigation and the St George's Healthcare NHS Trust has begun an internal inquiry into the theft.

'Determined thief

The trust said the data was only stored on laptops as a temporary measure because of a problem with the computer network.

It added all the information on the laptops was password protected and personal information, such as postcodes, were hidden - although the patient's name and hospital number was shown.

The data has not been lost and the theft will not affect any treatments or appointments, the trust said.

Chief Executive David Astley said: "We offer all our patients our sincere apologies for putting their confidential information at risk, although we could not anticipate a determined thief who was prepared to force open a filing cabinet and locked drawers to get to the laptops.

"We believe the data will almost certainly be wiped by the thief so he can get a quick sale.

"Nonetheless, we owe it to our patients to protect their personal information and we have reminded our staff not to store this kind of data on laptops in the future."

He said a helpline has been set up which has been included in the letters to the affected patients.

Source - BBC News

Wednesday 1 April 2009

Pension data was on stolen laptop

A laptop and CD
Deloitte says the laptop was stolen in a public place

A laptop containing personal details of at least 100,000 pension scheme members has been stolen from an employee of the accountancy firm Deloitte.

The computer held data including names, National Insurance numbers and salaries of Network Rail and British Transport Police pension scheme members.

Deloitte said there was a "very low risk" of the details being accessed.

The theft, last month, came to light as the Ministry of Defence confirmed data on 100,000 personnel had been lost.

Deloitte said it had notified police of the theft, which occurred in a public place, and informed its clients - including BSkyB - which had contacted all affected scheme members.

No addresses or bank account details were stored on the machine, Deloitte said.

In a statement, the company said the laptop was protected by a number of security measures, including start-up and operating system passwords and data encryption.

It said the theft had happened despite employees being issued with guidelines to pay close attention to their laptops in public places.

Security controls

"We believe that the likelihood of unauthorised access to the data held on this laptop is remote due to the opportunistic nature of the theft and the security controls," the statement read.

A spokesman for Deloitte said the firm did not want to say where the theft took place, because it wanted to reduce the chance of the thieves realising what they had taken.

James Jones, education manager with the credit reference agency Experian, said the data on the laptop would not be very useful to anyone trying to commit identity fraud.

"Your National Insurance number is no use at all for identity fraud," he said.

"The building blocks in the UK of identity are name, date of birth and address - with that information you can probably crack everything else."

Those affected by this laptop theft would have to suffer other data losses to be at risk, he added.

The Ministry of Defence (MoD) had earlier confirmed that a hard drive containing more than 1.5m pieces of information, including details of 600,000 potential recruits, was recorded as missing during an audit.

It was being held by the MoD's main IT contractor, EDS, and may also have held bank and driving licence details, passport numbers, addresses, dates of birth and telephone numbers.