Feeds

MoD coughs to laptop triple whammy

'We lost three unencrypted laptops, not one'

Gartner critical capabilities for enterprise endpoint backup

Updated: Defence minister Des Browne has admitted that the Ministry of Defence (MoD) has lost not one, but three laptops containing unencrypted information since 2005.

Last week, it emerged that the MoD had lost a laptop containing the personal details of 600,000 people who had expressed an interest in joining the armed services.

The laptop was stolen from a junior Naval officer, who had left the machine in a car parked overnight in Edgbaston, Birmingham. West Midlands police are investigating the theft.

An internal MoD investigation has already uncovered the other two losses.

The latest government humiliation is particularly disturbing because of the obvious security risk. Browne said last night he was well aware of the potential danger, especially for forces serving in Northern Ireland.

The MoD will now write to 3,700 people whose bank details were on the laptop and to the 153,000 people who applied to join the Royal Navy, the Royal Marines, and the Royal Air Force. Their records contained much more information including passport details, National Insurance numbers, driving licence details, and doctors' addresses.

Information Commissioner Richard Thomas said: "The volume of information in this case is significant and I am concerned about the sensitivity of some of the information contained on the laptop and the fact it pertains to military personnel. But this is not just about security. We will need to know why so much information on so many people was held on a laptop and whether any of it had been retained for too long."

Des Browne also announced yet another independent review of MoD data practises to be headed up by Sir Edmund Burton.

Talking to Parliament yesterday, Browne said: "It is not clear to me why recruiting officers routinely carry with them information on such a large number of people or why the database retains this information at all."

Ministers were told of the theft on 11 January, but believed at the time that the data was encrypted. They were told it was not encrypted on 14 January, and later told the Information Commissioner and police. The Association for Payment Clearing Services was also informed.

By 18 January all other MoD laptops were recalled and secured.

The Royal Navy has completed its own internal investigation and is considering what action to take against the junior officer.

The data was not encrypted, in breach of MOD rules, and the failure of procedure and compliance was not found by the government-wide review of security policies we were promised after the loss of 25 million private records by Her Majesty's Revenue and Customs in October.

Des Browne told Parliament yesterday: "The level of encryption used by the Ministry of Defence on its computers is stronger than that used for commercial applications and our IT authorities judge that a significant amount of time, resources, and particular expertise would be needed to access the data in a readable format."

Which would be reassuring if the MoD had in fact encrypted the data.

We asked the MoD what this super, if under-used, form of encryption was. It's promised to get back to us if it can comment without giving away too much information.

The MoD sent us the following statement: "We will not go into detail about our security specifications. Whilst the encryption algorithms used within our approved products may be the same as those used by industry, the implementation of the encryption mechanism within these specific products has been assessed such that its strength is considered suitable for the protection of MoD data. We judge that generally speaking the strength of these mechanisms is higher than typically required for commercial use." ®

Gartner critical capabilities for enterprise endpoint backup

More from The Register

next story
'Stop dissing Google or quit': OK, I quit, says Code Club co-founder
And now a message from our sponsors: 'STFU or else'
Ex US cybersecurity czar guilty in child sex abuse website case
Health and Human Services IT security chief headed online to share vile images
Don't even THINK about copyright violation, says Indian state
Pre-emptive arrest for pirates in Karnataka
The police are WRONG: Watching YouTube videos is NOT illegal
And our man Corfield is pretty bloody cross about it
Felony charges? Harsh! Alleged Anon hackers plead guilty to misdemeanours
US judge questions harsh sentence sought by prosecutors
Oz biz regulator discovers shared servers in EPIC FACEPALM
'Not aware' that one IP can hold more than one Website
Apple tried to get a ban on Galaxy, judge said: NO, NO, NO
Judge Koh refuses Samsung ban for the third time
prev story

Whitepapers

Top 10 endpoint backup mistakes
Avoid the ten endpoint backup mistakes to ensure that your critical corporate data is protected and end user productivity is improved.
Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Backing up distributed data
Eliminating the redundant use of bandwidth and storage capacity and application consolidation in the modern data center.
The essential guide to IT transformation
ServiceNow discusses three IT transformations that can help CIOs automate IT services to transform IT and the enterprise
Next gen security for virtualised datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.