Feeds

Security flap as Scottish council loses USB key

Red faces after local paper returns lost memory stick

Providing a secure and efficient Helpdesk

Pay details of scores of workers of Perth and Kinross Council has been found on a memory stick left in the street. The security lapse could have exposed workers to ID theft, the Perth Advertiser reports.

The breach emerged after a USB key containing 59 documents, many from the council's Environmental Services Department, were recovered near a bike shelter close to the council building at Pullar House. The retired man who found the memory device handed it over to the local paper.

Data on the key included 25 spreadsheets some of which included details of council workers' pay, National Insurance contributions, and overtime hours. It also contained health and safety reports, performance reviews, and budget information.

Information on workers ranging from HGV drivers to cemetery workers was exposed by the breach.

Inquiries by the Perth Advertiser established that the loss of the device had gone unnoticed, or at least unreported to police. A spokesman for the council thanked the paper for the recovery of the lost memory device, which he described as "an unfortunate accident".

The man who reported the loss described it as careless. "I would have thought it would be unwise for council employees to be going around with a pen drive in such a way that it could be so easily lost. I thought more care would be taken over such information.

"If I was a council worker, I would be furious," he added.

A spokesman at the council explained that council workers sometimes take work home with them on USB sticks. "Officers in this situation are all aware of the need for care and it would seem that this was an unfortunate accident.

"The device contained some historical information but much of the documentation was on the device in order to assist the owner in preparing some draft material for the new Business Management Improvement Plan," he added.

The council criticised the man who found the key for not returning it directly to the council. "The failure by the finder of the USB device to return it to the council constitutes theft and the council would like to thank the PA for its return," he said. ®

Bootnote

Thanks to reader Kevin Kenny for the tip-off.

Choosing a cloud hosting partner with confidence

More from The Register

next story
SMASH the Bash bug! Apple and Red Hat scramble for patch batches
'Applying multiple security updates is extremely difficult'
Shellshock: 'Larger scale attack' on its way, warn securo-bods
Not just web servers under threat - though TENS of THOUSANDS have been hit
Apple's new iPhone 6 vulnerable to last year's TouchID fingerprint hack
But unsophisticated thieves need not attempt this trick
Hackers thrash Bash Shellshock bug: World races to cover hole
Update your gear now to avoid early attacks hitting the web
Oracle SHELLSHOCKER - data titan lists unpatchables
Database kingpin lists 32 products that can't be patched (yet) as GNU fixes second vuln
Who.is does the Harlem Shake
Blame it on LOLing XSS terroristas
Researchers tell black hats: 'YOU'RE SOOO PREDICTABLE'
Want to register that domain? We're way ahead of you.
Stunned by Shellshock Bash bug? Patch all you can – or be punished
UK data watchdog rolls up its sleeves, polishes truncheon
prev story

Whitepapers

A strategic approach to identity relationship management
ForgeRock commissioned Forrester to evaluate companies’ IAM practices and requirements when it comes to customer-facing scenarios versus employee-facing ones.
Storage capacity and performance optimization at Mizuno USA
Mizuno USA turn to Tegile storage technology to solve both their SAN and backup issues.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Beginner's guide to SSL certificates
De-mystify the technology involved and give you the information you need to make the best decision when considering your online security options.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.