Bar: Data Theft

December 21, 2008 — 585

The Bar Council has been the victim of data theft, in this case it is literally a case of theft of a computers containing the data.

The theft occurred on 12th December 2008, in the Holburn Office of the Bar Council.

Despite the usual protestations of the data controllers, who were the victims of the data theft, the data does not appear to have been secured with Encryption

The data contains information about Barristers names and home addresses, which will probably be of some concern for barristers involved in prosecuting criminals, as that data is now in the hands of criminals (though they may not know that, or have the wherewithal to even access the data), but that will not provide much comfort to the Barristers involved!

 

 

 

 

 

 

Posted in Data Loss, Data Theft. Tags: , , . No Comments »

Scottish Borders Counci: Data Loss/Give Away

November 8, 2008 — 585

The latest data loss this month is more of a give away than a typical loss.  The Scottish Borders Council sent out a newsletter and at the same time sent out all of the private landlords email addresses it had to everyone on the newsletter distribution list.

Its a probably a case of using the CC field rather than the BCC field, which means whoever set up the newsletter system filled in the wrong fields. A simple enough mistake to happen, and understandable – who hasn’t hit “reply all” when they meant “reply”?

But, these councils are the ones who want access to our a medical records, phone records, and  internet history (through RIPA). They also want to be able to increase their use of ANPR, to monitor our every movement from emails to driving to work. These are the same people who think we should ban the use of words like “via” and  “Christmas”, but introduce forms in multiple languages, celebrate the festival of Eid – but don’t see any contradiction. They then follow our children home to make sure they are attending the right school.

People make mistakes, and only those who are absolutely without fault should have the sort of power the councils now seek. Its a trivial example, and there are plenty more, but it just shows, once again, that they are not 100% reliable, and anyone who is not 100% reliable should not have access to the data and powers they seek.

Tags: , ,
Posted in Data Loss. Tags: , , . No Comments »

T-Mobile MD Resigns Over Data Loss

November 7, 2008 — 585

T-Mobile, whose parent company is Deutsche Telekom, has resigned over the loss of 17 million records.

Deutsche Telekom, who original did not report the incident, publically, for two years, have since taken strong steps to resolve the issue. Firstly, they appoint a board member who is responsible for data privacy, and now the MD has resigned. This does show very strong leadership, unlike in the UK when million of personal records are lost by the government on on a monthly basis and the Government just shrug their shoulders, and mumble about it never happening again, and new procedures in place, etc.

Tags: ,
Posted in Data Loss. Tags: , . No Comments »

Data Loss: Government DWP

November 2, 2008 — 585

Its only the 2nd of the month, but already there is a reported data loss from the government. This time it is from the Department of Work and Pensions.

On this occasion it is not personal details that have been lost but user names and passwords, that allow access to a government site which contains information such as tax returns. So, in many respects it worse than usual.

The details were on a USB drive that was found in a car park.

The Department for Work and Pensions has come out with the same,  tired old lines, stating that there is “No conceivable risk” . As  the user names and passwords are ‘out of date’. While the passwords may be out of data this loss does pose numerous questions and problems, and further exposes government security weaknesses:

How long have the passwords been out of date, a day or a year? Why is this data on a USB drive? How did the USB drive leave the department? Are the current user names and passwords also on USB drives? Why is it so easy for this for this information to be extracted and passed around easily? What else has been stolen?  We know what has been lost, but what has been stolen?

The government claimed that all of the data on the USB drive was encrypted but, if that was the case, then how was the USB drive identified as belonging to the Department of Work and Pensions?

Passwords are stored on most systems in an encrypted format, e.g Windows does not store you actual password but an encrypted version of it, but this encryption is easily cracked. What level of encryption was used? Has it since been changed, because this security has now been compromised?

This single incident again shows the sham that is government security.

 

 

Tags:
Posted in Data Loss. Tags: , . No Comments »

NHS: Medical Records are on the move again

October 28, 2008 — 585

The medical records in the UK seem to be constantly moving around.

One day its the government planning on passing the data to private companies, another its the police getting access to medical records for anti-terrorism purposes.

We also know that these medical records are often misused as well.

But now figures have been released that show over 300 million records have been transfered from the government to academic organizations (as there are only 60 million people in the UK, the figure must assume multiple records per person, and include individual visits to doctors and hospitals). These records are identifiable.

The NHS routinely lose data as it is, with four out of five NHS trusts having lost patient data, but the probability of data loss and misuse has now radically increased. It should be remembered that Universities are not immune from data loss and and data misuse.

With grey market companies specializing in selling personal data, for as little as £100 per item, the question is not who has access to you medical records but who does not?

 

 

 

 

 

 

Tags: ,
Posted in Data Loss, Data Misuse. Tags: , , . No Comments »

Police: Data Loss

October 27, 2008 — 585

The police, this time the Lancashire Police, have lost some more data. This time it is a laptop, containing witness statements and the like.

The laptop, which was, of course, not encrypted, was stolen from a car. To make matters worse the laptop was in the possesion of an off duty police officers when it was stolen. Once again government staff are taking home data, and are being supplied laptops that are not encrypted.

The damage does not look too much in this case, so its not likely to change anything, but what would?

Source

 

 

 

Tags: ,
Posted in Data Loss. Tags: , . No Comments »

Data Loss: Deloitte 2 ?

October 15, 2008 — 585

Some of the press are reporting that Deloitte has suffered another data loss, this time for Vodafone, on top of the data lost from BSKYB – which  was reported last week.

This is not strictly accurate; a single laptop was stolen and this contained information from multiple companies: Vodafone, BSKYB,  and Network Rail. i.e there was a single loss not multiple losses.

The difference between this loss and government losses is that the data was secured by strong encryption with strong passwords, and therefore the risk to the data is minimal.

So unsourced “quotes” from concerned victims like this:It’s pretty disgusting that that information could be left out for anyone to get their hands on. My personal details could be used to open a bank account or a credit card, that’s my greatest concern.” are not entirely helpful.

 

 

 

 

 

 

 

 

 

 

 

 

 

Tags: , ,
Posted in Data Loss. Tags: , . No Comments »

Virgin – Encryption Enforced

October 11, 2008 — 585

Following the loss of data by Virgin in June the ICO has taken enforcement action against Virgin Media.

The ICO has ordered Virgin to encrypt all of mobile devices:

Virgin Media is required, with immediate effect, to encrypt all portable or mobile devices that store and transmit personal information. Further, the company is to ensure that any service provider processing personal information on its behalf must also use encryption software and this requirement has to be clearly stated in all contracts

Source

If only the UK government would be forced to behave in such a manner.

Tags: , , ,
Posted in Data Loss, Data Protection Act. Tags: , , . No Comments »

Data Loss: Deloitte?

October 11, 2008 — 585

In the latest round of data loss its been reported that BSKYB data has been lost by Deloitte.

The data contained information about BSKYB’s staff and their pension plans.

Deloitte, who was in possession of the data, presumably because they are BSKYB’s accountants, had stored the information on a laptop. The laptop was then stolen  in what was described as an “opportunistic theft”.

The difference between this data loss and the numerous government losses is that Deloitte take all of the standard security measures you would expect, strong passwords and strong encryption.

So, has Deloitte lost the data? No, they have just had a laptop stolen.

 

 

Posted in Data Loss. Tags: , . No Comments »

Data Loss: MoD (Army)

October 10, 2008 — 585

Data Loss, again. This time the MoD has now lost the details of around 1.5 million people, including 600,00 potential recruits. Some of the records will be generic, but other records include date of birth, bank records, address, etc.

This is after the RAF data loss, and previous MoD data Loss, and the MoD admitting the loss of hundreds of laptops. into the MoD data loss, with recommendations on how to stop it.

This latest loss occured because…the MoD contractor, EDS, lost the data. Which sounds very familiar to the Home Office data loss,  which PA Consulting lost.

But the real concern should always be not what is lost, but what is stolen, and the government has no way of knowing what is “stolen”, which is far worse.

Posted in Data Loss. Tags: . No Comments »
« Older posts