Stolen council laptop sparks identity theft concerns
Bank and National Insurance details of 16,000 Worcestershire County Council staff on stolen laptop.
Thousands of local government employees were left at the risk of identity fraud after a laptop containing bank and national insurance details of over 16,000 Worcestershire County Council staff was stolen.
The laptop was stolen from an employee of the council's IT supplier Serco in a street robbery over the weekend. The laptop contained the personal details of 16,239 employees and ex-employees of the local authority.
The council has now alerted affected staff in a letter detailing the incident and has opened a hotline number for staff to call to get more information on how to protect themselves from fraud.
Jackie Alderson, head of communications at Worcestershire County Council told local newspaper the Worcester News that the theft was of "enormous concern" to the council.
"We are still urging people to ring our helpline, which is staffed by fully-trained finance staff, if they have any concerns," she said. "We are telling them all to be extra vigilant when it comes to looking at their bank accounts."
Employees of the council were said to be livid that someone should be carrying sensitive information on a laptop away from council premises.
"I am furious that my personal details were on a portable laptop - what were they doing on there, and what was the individual in possession of the laptop going to do with them anyway?" One employee told the newspaper after receiving the letter.
Get the ITPro. daily newsletter
Receive our latest news, industry updates, featured resources and more. Sign up today to receive our FREE report on AI cyber crime & security - newly updated for 2024.
Experts said that laptops are by far the easiest method for thieves to completely bypass an organisation's information protection policy.
"It's not only employees' laptops that are at risk - third party contractor devices can also be brimming with sensitive data," said Jamie Cowper, marketing manager at data encryption firm PGP.
He said delays in informing staff about the theft is also an indication of Britain's escalating culture of data complacency.
"We need to consider the adoption of US-style data breach disclosure laws, where companies are compelled to inform affected parties as soon as something like this happens, rather than crossing their fingers and hoping that nobody finds out."
Rene Millman is a freelance writer and broadcaster who covers cybersecurity, AI, IoT, and the cloud. He also works as a contributing analyst at GigaOm and has previously worked as an analyst for Gartner covering the infrastructure market. He has made numerous television appearances to give his views and expertise on technology trends and companies that affect and shape our lives. You can follow Rene Millman on Twitter.