UPDATED: Data thefts and losses in the UK - Timeline
IT PRO charts the on-going problem of large public and private sector bodies failing to safeguard sensitive business and consumer data.
16 November 2006: Laptops containing details of the Metropolitan Police's payroll are stolen from LogicaCMG, the company responsible for the Met's pay and pension services. The Police work with credit reference agencies, payments association APACS and fraud prevention service CIFAS to take action to protect staff from identity theft.
17 January 2007: Hundreds of documents containing sensitive personal data found dumped on a roundabout in Exeter. The data contained benefit claims, passport photos and mortgage payments.
14 February 2007: Building Society Nationwide is fined nearly 1million by the Financial Services Authority (FSA) after a laptop containing customer account details is stolen from an employee's home.
1 June 2007: A laptop is stolen that contains the payroll information of over 500 employees at the Eden Project. The employee looking after it worked for payroll company Mooreplay. The bank details, national insurance numbers and salary details of around 500 staff were at risk.
6-7 August 2007: A server is stolen from the head offices of Forensic Telecommunications Ltd (FTS), containing administrative and forensic data. FTS is a company that provides police with telephone evidence in connection with their investigations.
24 August 2007: The online recruitment firm Monster discloses details of a breach which had resulted in the details of 1.3 million job seekers being stolen. Monster takes five days to tell users of the situation, which was caused by hackers breaking into the site's password protected CV library.
21 September 2007:A staff member from Her Majesty's Revenue and Customs (HMRC) discovers that a laptop has been stolen from the boot of their car containing password protected and encrypted data relating to 400 people. The laptop contained details of the savings customers of investment firms. HMRC admitted the loss was entirely its fault, while security vendors question why the data was on a portable device and printed out to begin with.
Get the ITPro. daily newsletter
Receive our latest news, industry updates, featured resources and more. Sign up today to receive our FREE report on AI cyber crime & security - newly updated for 2024.
5 November 2007: IT PRO reported that HMRC lost a CD containing the details of 15,000 Standard Life pension customers. The CD has gone missing in transit from Newcastle to Edinburgh while being carried by an external courier. The information was sufficient to be used by fraudsters to steal customers' identities.
20 November 2007: It emerged that HMRC lost two disks in transit containing the personal and banking details of 25 million people receiving child benefit. The disks held information including names, addresses, dates of birth, national insurance numbers as well as bank and building society numbers. The loss resulted in the resignation of Paul Gray, Head of HMRC. It is the UK's worst security breach and one of the world's biggest ID protection failures. The CDs have never been found.
17 December 2007: Transport Secretary Ruth Kelly tells parliament that details including names and addresses of three million learner test drivers were stolen from the DVLA. This was due to a hard disk being stolen from a US data storage facility in Iowa.
23 December 2007: Nine NHS trusts admit losing the personal details of patients. The breaches are thought to involve the loss of more than 160,000 names and addresses of children.
9 January 2008: A laptop containing the details of 600,000 military personnel is stolen from a car in Birmingham. These details contain passport, national insurance and driver's licence numbers as well as the bank details of 3,500 people. Details do not emerge until 19 January.
14 January 2008: Two laptops containing the unencrypted details of 389 local patients are stolen from a hospital in Brent.
23 January 2008: Ministry of Justice confirms that four CDs containing personal details of witnesses and victims have gone missing.
6 February 2008: NHS IT group admits that around 4000 smartcards, used to access NHS computer systems, have gone missing. Not all were misplaced, with at least 142 stolen.
22 February 2008: Skipton Financial Services are found responsible by the ICO of breaching the Data Protection Act by losing an unencrypted laptop containing the details of 14,000 customers.