Three hard drives stolen from RAF
In yet another government data breach, three hard drives containing personnel information were stolen from a military base.
The personal data of serving and former staff of the Royal Air Force (RAF) has been stolen, according to the Ministry of Defence (MoD).
The computer hard drives were stored at the Service Personnel and Veterans Agency at RAF Innsworth in Gloucestershire.
Two of the drives contained sensitive personal data, while the third drive did not contain any personal data, according to the MoD. Details of up to 50,000 past and present personnel are at risk.
The individual documents were classified as no higher than "restricted."
In a statement, the MoD said: "The theft of these hard drives from a secure location, where they were subject to physical protection standards consistent with the Data Handling Review, is being treated with great seriousness."
Security analysts were quick to slam the use of portable drives. "You can't get much higher security than an RAF base, but even armed guards are not enough to protect data on portable hard drives," said Nick Lowe, Check Point's spokesperson.
Andrew Clarke, of Lumension Security, cautioned that the drives may have been stolen to order. "In this case, the USB portable hard disk drives will not have fit easily into the pocket of the thief. Considering that USB hard drives are the size of small shoe boxes, it is likely that the thief will have had a reason for being inside the organisation," he said.
Get the ITPro. daily newsletter
Receive our latest news, industry updates, featured resources and more. Sign up today to receive our FREE report on AI cyber crime & security - newly updated for 2024.
This is only the latest in security breaches for the British government. Just last week, a courier lost a disk holding records on over 11,000 teachers. This all comes less than a year after one of the largest data breaches in history, where the HMRC lost data on 25 million people.
A recent survey showed that 89 per cent of Brits want data breaches to be a criminal offence. This makes sense, as less than half of all companies inform their customers of their data breaches.