More personal details lost
 

This time its the MOD who have lost 600,000 people's details who have expressed an interest to join or are already inthe Navy, RAF, Marines. I'd hate for some nutter to have this information, names and addresses of forces personel could be very dangerous in the wrong hands.

http://news.bbc.co.uk/1/hi/uk/7197045.stm

Re: More personal details lost
 

The British Army has 135,000 people in it, so who the hell are the rest (the RAF and Navy are both smaller)? Potential recruits, but even so that's a hell of a lot of people they're being cavalier with.

Re: More personal details lost
 

Why don't these people use hard drive encryption, like SafeGuard?

At Barclays Capital & Wealth, this was standard on laptops.

Re: More personal details lost
 

I think most organisations are now pushing for laptop drive encryption I know we do, and as a result of the Nationwide fiasco had to check all our laptops to ensure that we had it installed and operating correctly. Major piece of work.

You can imagine someone in the saying we're OK, we're the MOD and we'll prosecute anyone who steals from us. There should be some kinda law that states any mobile device with data should be secured.

Re: More personal details lost
 

Saw another one today too:

Personal data found on roundabout

Re: More personal details lost
 

There was one the other day too. NHS patient files from Whipps Cross (my local), Barts and others were found blowing around a street. The hospital use a 3rd party data destruction company. Apparently lots of papers blow out of the trucks on a regular basis as they aren't covered.

Re: More personal details lost
 

Why don't these people wake up and stop leaving their laptops in cars overnight - I mean the whole point of a laptop is that you can carry it with you and car parks in Birmingham aren't exactly renowned for secure storage are they...

Given all the coverage of these events since the CB discs were lost, the truly remarkable thing is that those being entrusted with this sort of sensitive data are still so blase about it all. Institutionalised ineptitude!

Re: More personal details lost
 

Our local neighbour hood watch warns us that "people" watch local hotel car parks for residents arriving (usually business types) take the laptop bag out of the back/front and place it in boot, remove the suitcase and go check in for the night. Few hours later car is broken into and guess what gets stolen.

We get the same message about parks - Women and handbags, they put them in the boot and the same happens.

If you do this, do it BEFORE you get to the place you're going to.

Re: More personal details lost
 

Or ostentatiously remove a large backpack filled with horse manure from the back seat and put it in the boot.

This works better if you have a car like mine that already smells of horse manure.

Re: More personal details lost
 

See, they need to be giving staff higher spec laptops, that way, they'll be encouraged to take them inside to play games or watch DVD's rather than "Oh god it's a heavy bag, sod it I'll leave it in the car"

Re: More personal details lost
 

This is common practice in NHS Trusts :dozey:

Re: More personal details lost
 

i see it on a regular basis where i live,laptops and mobiles sitting in full view just begging to be swiped,the owners imo are lazy sods.:mad:

Re: More personal details lost
 

Not BS then :D

Re: More personal details lost
 

Unfortunately there is no patch for human stupidity.

MOD laptops are routinely encrypted, even where they are carrying low-level information, I can't understand why this one wouldn't have been.

Re: More personal details lost
 

...then take it to Westminster and fling it at the fan in Gordon Brown's office...

Re: More personal details lost
 

Even if it was, why was it left in a car overnight?

---------- Post added at 21:45 ---------- Previous post was at 21:03 ----------

http://news.bbc.co.uk/1/hi/england/devon/7198043.stm

It'll all be ok though because Peter Hain has ordered an immediate enquiry :rolleyes:

Enquiries into sleaze, corruption and incompetence seem to be about our only growth industry these days :mad:

Of course HMG and the companies involved take this sort of thing extremely seriously don't they - just makes you wonder why it keeps happening then!

Re: More personal details lost
 

Why was sensitive data allowed to leave a secure building? Hasn't anyone at the MoD heard about VPN?

Re: More personal details lost
 

Like I said, no patch for human stupidity ;)

---------- Post added at 09:37 ---------- Previous post was at 09:36 ----------

TBH, provided data has been adequately enrypted it shouldn't be an issue where the data is being carried. To all intents and purposes, a properly secured/encrypted laptop should be nothing more than a dull grey paper-weight when turned off.

Besides, given how crap they are at keeping laptops secure would you really want them having VPN access across the Internet from their home computers to your data :D

Re: More personal details lost
 

Yes but one which has been paid for by the tax payer and ought to be looked after.

Re: More personal details lost
 

Agreed, my point went not to the appropriate security of a physical asset purchased from the public purse, but rather to the logical security of the data contained within it following a physical loss.

There's no excuse (or patch, as I've said previously) for the sheer stupidity of leaving that item on plain view in a car.

Re: More personal details lost
 

I think it's worse than stupidity - I think there's widespread institutionalised disregard for public assets (including information).

Re: More personal details lost
 

Certainly the number of incidents that are currently coming to light would seem to suggest that, I wouldn't be one to suggest that it's the norm though.

Re: More personal details lost
 

Sadly I really think it might be more the norm than you think. I reckon incidents of stupidity like this happen all the time and only a tiny few ever result in a loss - those are the ones we hear about.

Re: More personal details lost
 

You're probably right, because the headline:

"MoD Loses Fully Encrypted, 6 Year-Old, Laptop. Personal Details Perfectly Safe."


Isn't going to sell many papers.

Personally, the loss of the laptop is almost inconsequential. Yes, it's a few hundred pounds out of the public purse, but you could recover that by fining some of the big businesses that run millions of pounds over budget on Government contracts - now that would make the headlines wouldn't it (although, as usual, probably in a negative sense):

"Thousands of Jobs at Risk as Government Penalises UK Industry."

Anyway, it's not the asset that's the issue here, it's the information that it contained.

Re: More personal details lost
 

That's true of course - but where an attitude of sloppiness is allowed to prevail it's only a matter of time before something goes badly wrong. MRSA and the like have been allowed to take hold of our hospitals due to sloppy cleaning and basic hygiene practices and at what cost?

Re: More personal details lost
 

Sensitive data should not be carried on a laptop (or CDs or DVDs) without adequate security measures in place. What is the justification for doing so?

The VPN access should be restricted to an authorised piece of hardware.

Re: More personal details lost
 

Did you read the bit where I said 'provided it's adequately encrypted'? If it is then that data isn't at risk. At that point, any justification only needs to be strong enough to outweigh the inherent risks invoved. If the laptop uses encryotion that fully protects the data then your risk is simply to the loss of the asset (if you ingnore the miniscule possibility that the encryption could be broken). Given the ever increasing need for people to work at locations other than their own, and the poor interconnections that I would imagine exist between disperate Government sites at a multitude of locations, the use of a laptop for mobile working actually becomes a sensible option as it enables important work (the defence of the nation for example) to continue unabated.

It's only idiots like this that lose, or have stolen from their car, their laptop that even cause this to become a public issue. By the way, we all seem to be working under the assumption that the details on that laptop are now in the hands of the 'bad guys', have the MoD said whether there was any encryption protecting the data yet?



And what would that piece of hardware be?

Re: More personal details lost
 

If they can't be trusted to keep an eye on a laptop, how can they be trusted to ensure that appropriate encryption was in place?

Exactly. Would you trust a monkey with a hand grenade, even though the pin was securely in place when you handed it to him?

I think we ought to assume that. Or is "don't worry, a chav stole it" meant to pacify the situation?

Erm... a laptop?

Suppose this guy's job was to telephone potential recruits into the armed forces. He wouldn't need all 600,000 names on his laptop, would he? He could VPN to a secure server and get one telephone number at a time.

It isn't rocket science...

Re: More personal details lost
 

But..... if the laptop is properly encrypted then the details that were on the laptop won't be in anybody's hands. That was my point, hence the specification that it was the 'details' that were in their hands (and not the laptop) and the question I asked about the encryption (which you cleverly chose to edit out of the quote you made).

And that laptop would be secured how? What happens if someone breaks into his home? How do you know that you can trust someone to have an unmonitored lapto in their home for extended periods of time? What if someone in their family compromises it (unlimited access, unlimited time) and subverts the VPN?

Even if they're using VPN there is still some processing occuring on the device, what about that information? How would you protect that?

Re: More personal details lost
 

Sorry, didn't mean to misquote you. I accept that proper encryption means the data is secure, but I guess I don't trust these guys.

The scenarios you describe are possible, but less likely than having a laptop stolen. Also, the server could be programmed to release only a certain number of names and addresses on any given day, to stop unauthorised downloads of the entire database.

I'd like to know why anyone would need 600,000 names and addresses on a laptop in a car. :shrug:

Re: More personal details lost
 

I don't think we'll ever know the answers to that :(

Re: More personal details lost
 

:LOL:

And they want to make us have ID cards. Fat chance now i think.

Re: More personal details lost
 

As with so much this 'government' presides over it appears to be worse than at first thought:

http://news.bbc.co.uk/1/hi/uk_politics/7199658.stm

This time it's that well known part timer Des Browne who's reassuring us about just how seriously they take this sort of thing :rolleyes: Oh and yes, you guessed it.... the data was unencrypted and he's ordering a review!!!!!!

Re: More personal details lost
 

You don't say!