Another MoD disc goes missing
A portable drive belonging to EDS holding data on 700,000 Armed Forces personnel and potential recruits has disappeared.
The Ministry of Defence (MoD) has confirmed the contractor EDS has lost a portable drive containing yet more sensitive data on Armed Forces personnel.
The MoD said in a statement that it had learned of the breach on Wednesday and was working with MoD police and EDS to investigate.
The removable hard drive contained names, addresses, passport numbers, dates of birth and driving license details of around 100,000 serving personnel across the Army, Royal Navy and RAF, plus details of their next-of-kin.
It also contained the details of some 600,000 potential services applicants and the names of their referees.
While the nature of use of the data has not been divulged, the MoD said it was "not ruling out" the possibility the drive also contained bank details the bank details of Forces personnel too.
EDS said the loss came to light as a result of a data audit it is carrying out under the terms of the Cabinet Office's Data Handling Review.
The drive was stored in its secure facility in Hook, which meant the data on the drive would not have been encrypted. "There is no evidence that security at the site has been breached," it said.
Get the ITPro. daily newsletter
Receive our latest news, industry updates, featured resources and more. Sign up today to receive our FREE report on AI cyber crime & security - newly updated for 2024.
But this is just the latest in a series of MoD data losses. In July it admitted 658 of its laptops had been stolen over the past four years and 26 portable memory sticks containing classified information had been either stolen or misplaced since January. While in September it came to light that an USB key containing confidential information had been lost in a Newquay nightclub.
Andrew Clarke, international senior vice president of Lumension Security, said: "This latest security blunder involves unencrypted disks that contain extremely sensitive information and at this stage it is not known how long the data has been lost for.
"All data needs to be encrypted to ensure that if it falls into malicious hands it is inaccessible and worthless. It is simply no longer enough to write a computer security policy and expect everyone to follow it to the letter. This is especially true in the case of contractors."
Nick Lowe, Check Point regional director for Northern Europe also pointed out that less than two weeks ago, unencrypted data was stolen from on portable hard disc drives an RAF base. "And now we have possibly the biggest ever data loss from the MoD again from misplaced portable drives," he said.
"Portable discs and data cannot be left unprotected by automatic encryption, because they WILL go missing, be misplaced, or get stolen."
George Fyffe, head of Europe, Middle East and Africa for Application Security added that the irony of an increased focus on auditing within public sector organisations is that the true scale of the problem is being realised. "One thing is for sure, we're only just at the tip of the iceberg," he said.
The Liberal Democrats described the loss as a "disturbing breach of security" and called for an urgent inquiry.
A 25-year veteran enterprise technology expert, Miya Knights applies her deep understanding of technology gained through her journalism career to both her role as a consultant and as director at Retail Technology Magazine, which she helped shape over the past 17 years. Miya was educated at Oxford University, earning a master’s degree in English.
Her role as a journalist has seen her write for many of the leading technology publishers in the UK such as ITPro, TechWeekEurope, CIO UK, Computer Weekly, and also a number of national newspapers including The Times, Independent, and Financial Times.