Personal details of 100,000 members of the British Armed Forces have been lost

10 October 2008
A computer hard drive containing the personal details of approximately 100,000 members of the Armed Forces has disappeared. The information includes bank details, dates of birth, passport numbers, addresses and telephone numbers.

The disk was being held by EDS, one of the UK Government's main contractors, and an investigation is under way.

Andrew Clarke, senior vice president, International, Lumension Security comments: “This latest security blunder involves unencrypted disks that contain extremely sensitive information and at this stage it is not known how long the data has been lost for. Whether data was lost by the Government or a contractor, without implementing the necessary security procedures to protect data in transit, data leakage will continue, exposing thousands of innocent people to identity theft.

“This incident demonstrates that decisive and effective measures still need to be taken to protect against data leakage. Although taking control of data leakage is no mean feat, any organisation holding sensitive data needs to take responsibility for establishing and enforcing device control policies that assign permissions to individuals and devices. Moreover, all data needs to be encrypted to ensure that if it falls into malicious hands it is inaccessible and worthless. It is simply no longer enough to write a computer security policy and expect everyone to follow it to the letter. This is especially true in the case of contractors - monitoring your information and knowing where it is at all times becomes much more complex when multiple parties are involved in the process.

“The proliferation of data loss occurrences due to the inappropriate or sometimes criminal use of removable media devices has reached alarming levels, with no sign of abating. The only way to eliminate data loss from removable devices is to take control of the flow of inbound and outbound data from your endpoints and encrypt the data during transmission. These solutions exist today; policy needs to enforce their usage. The Government released a report into Data Handling Procedures in June 2008 addressing this issue and we are seeing isolated moves to proactive implementation of policy, such as NHS boards across Scotland injecting funding into the improvement of IT security. But, we can only ask when will all organisations start taking this escalating data loss seriously and act preventatively?"

print versionPrint version | email this to a friendEmail to a friend | view other articles View other articles

Latest IT, computer and network security articles

 FireEye Closes $50 Million Funding Round

 Shield Guarding sets sights on major growth

 LogRhythm chosen by Maclay Murray & Spens LLP for comprehensive data security

 Comprehensive EndUser Protection to address BYOD challenge launched by Sophos

 Tyco- world’s largest pure-play fire protection and security solutions company acquires First City Care

 Arbor Networks Updates Industry-Leading Peakflow® SP Platform

 2013 Predictions countdown from Infosecurity Europe

 Toshiba Announces Advanced Encryption and Cryptographic-Erase for New Enterprise SSD and Mobile HDD Models

 Venafi says latest TURKTRUST CA attack is a rerun of the infamous DigiNotar incident of 2011

 Business Impact of 2013 IT Trends examined by ISACA

...[view more IT, computer and network security articles]...

 

Security websites for specific products:

Security websites for specific markets:

IT Security links


directory of IT, computer and network security suppliers
Search directory Register your company
IT, computer and network security books:

SEARCH NEWS
DIRECTORY
Google