Feeds

MoD coughs to laptop triple whammy

'We lost three unencrypted laptops, not one'

Beginner's guide to SSL certificates

Updated: Defence minister Des Browne has admitted that the Ministry of Defence (MoD) has lost not one, but three laptops containing unencrypted information since 2005.

Last week, it emerged that the MoD had lost a laptop containing the personal details of 600,000 people who had expressed an interest in joining the armed services.

The laptop was stolen from a junior Naval officer, who had left the machine in a car parked overnight in Edgbaston, Birmingham. West Midlands police are investigating the theft.

An internal MoD investigation has already uncovered the other two losses.

The latest government humiliation is particularly disturbing because of the obvious security risk. Browne said last night he was well aware of the potential danger, especially for forces serving in Northern Ireland.

The MoD will now write to 3,700 people whose bank details were on the laptop and to the 153,000 people who applied to join the Royal Navy, the Royal Marines, and the Royal Air Force. Their records contained much more information including passport details, National Insurance numbers, driving licence details, and doctors' addresses.

Information Commissioner Richard Thomas said: "The volume of information in this case is significant and I am concerned about the sensitivity of some of the information contained on the laptop and the fact it pertains to military personnel. But this is not just about security. We will need to know why so much information on so many people was held on a laptop and whether any of it had been retained for too long."

Des Browne also announced yet another independent review of MoD data practises to be headed up by Sir Edmund Burton.

Talking to Parliament yesterday, Browne said: "It is not clear to me why recruiting officers routinely carry with them information on such a large number of people or why the database retains this information at all."

Ministers were told of the theft on 11 January, but believed at the time that the data was encrypted. They were told it was not encrypted on 14 January, and later told the Information Commissioner and police. The Association for Payment Clearing Services was also informed.

By 18 January all other MoD laptops were recalled and secured.

The Royal Navy has completed its own internal investigation and is considering what action to take against the junior officer.

The data was not encrypted, in breach of MOD rules, and the failure of procedure and compliance was not found by the government-wide review of security policies we were promised after the loss of 25 million private records by Her Majesty's Revenue and Customs in October.

Des Browne told Parliament yesterday: "The level of encryption used by the Ministry of Defence on its computers is stronger than that used for commercial applications and our IT authorities judge that a significant amount of time, resources, and particular expertise would be needed to access the data in a readable format."

Which would be reassuring if the MoD had in fact encrypted the data.

We asked the MoD what this super, if under-used, form of encryption was. It's promised to get back to us if it can comment without giving away too much information.

The MoD sent us the following statement: "We will not go into detail about our security specifications. Whilst the encryption algorithms used within our approved products may be the same as those used by industry, the implementation of the encryption mechanism within these specific products has been assessed such that its strength is considered suitable for the protection of MoD data. We judge that generally speaking the strength of these mechanisms is higher than typically required for commercial use." ®

Protecting against web application threats using SSL

More from The Register

next story
Hey, Scots. Microsoft's Bing thinks you'll vote NO to independence
World's top Google-finding website calls it for the UK
Phones 4u slips into administration after EE cuts ties with Brit mobe retailer
More than 5,500 jobs could be axed if rescue mission fails
Apple CEO Tim Cook: TV is TERRIBLE and stuck in the 1970s
The iKing thinks telly is far too fiddly and ugly – basically, iTunes
Israeli spies rebel over mass-snooping on innocent Palestinians
'Disciplinary treatment will be sharp and clear' vow spy-chiefs
Huawei ditches new Windows Phone mobe plans, blames poor sales
Giganto mobe firm slams door shut on Microsoft. OH DEAR
Phones 4u website DIES as wounded mobe retailer struggles to stay above water
Founder blames 'ruthless network partners' for implosion
Found inside ISIS terror chap's laptop: CELINE DION tunes
REPORT: Stash of terrorist material found in Syria Dell box
OECD lashes out at tax avoiding globocorps' location-flipping antics
You hear that, Amazon, Google, Microsoft et al?
prev story

Whitepapers

Providing a secure and efficient Helpdesk
A single remote control platform for user support is be key to providing an efficient helpdesk. Retain full control over the way in which screen and keystroke data is transmitted.
Saudi Petroleum chooses Tegile storage solution
A storage solution that addresses company growth and performance for business-critical applications of caseware archive and search along with other key operational systems.
Security and trust: The backbone of doing business over the internet
Explores the current state of website security and the contributions Symantec is making to help organizations protect critical data and build trust with customers.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.