Yet more confidential UK government files may have been mislaid by public servants. However, in a sign that Whitehall may be raising its game slightly, this time the data was encrypted - and the copies originally lost have been recovered.

The Guardian reports today (http://www.guardian.co.uk/technology/2008/feb/28/politics.ebay?gusrc=rss&feed=networkfront) that a small IT-repair firm near Bolton received a laptop on Tuesday from a customer who said it had been bought on eBay. When the laptop was opened up by an engineer, an optical disk marked "Home Office" and "Confidential" was discovered under the keyboard.

Lee Bevan of Leapfrog computers told the Graun: "This seemed like just another IT repair... the customer said he had bought it on eBay and seemed quite innocent. It was just an ordinary laptop and it was only when we opened up the keyboard that we found the disk - it had the words Home Office and Confidential written on it.

"The disk appeared to be hidden deliberately underneath the keyboard. We put the disk in the drive to see what it was, but it was encrypted.

"As soon as I saw it belonged to the Home Office I placed it in the company safe and called the police. Luckily, it has ended up in the right hands. The police were here most of the day examining the laptop and the disk."

According to the Home Office, both the optical disk and the laptop hard drive were encrypted, though it was not confirmed that the laptop was definitely government property. It is not yet known how the machine and disk had wound up on eBay.

The Home Office said the fact the data was encrypted "safeguarded" it, which is broadly true. Assuming properly-implemented modern encryption, it would be practically impossible to read the files on a laptop or disk without possession of the relevant keys.

However, in certain unusual circumstances a savvy attacker can lift the keys from computer memory. More plausibly, keys are often written down and carried about together with laptops, are easily guessed, or otherwise discovered.

The possibility also exists of the encrypted government files having been copied, which is much easier than decrypting them - although not as trivially easy as copying normal unprotected files.

Another thing to bear in mind, of course, is that all the data may have already been lost in other massive governmant data blunders of recent times; which would make this incident rather irrelevant. It may be that someone pinched a Home Office laptop and thought "chuh, another laptop and disk with everyone's personal data. I've got the whole UK on file already, I'll just sell the gear on eBay". ®

Related stories

How much does a data breach cost UK companies? (25 February 2008)
http://www.theregister.co.uk/2008/02/25/data_breach_real_cost/
HMRC data debacle used to bait phishing lure (22 February 2008)
http://www.theregister.co.uk/2008/02/22/hmrc_phishing_attack/
5,000 NHS records vanish with latest lost laptop (15 February 2008)
http://www.theregister.co.uk/2008/02/15/more_nhs_data_losses/
Consumers warned on data loss compensation packs (12 February 2008)
http://www.theregister.co.uk/2008/02/12/data_loss_compensation_warning/
Don't expect privacy law overhaul in the wake of HMRC (28 January 2008)
http://www.theregister.co.uk/2008/01/28/privacy_law/
Civil servants still sticking unencrypted data in the post (23 January 2008)
http://www.theregister.co.uk/2008/01/23/court_info_sent_in_post/
MoD laptop losses expose government data indifference (22 January 2008)
http://www.theregister.co.uk/2008/01/22/mod_laptop_lack_policy/
MoD coughs to laptop triple whammy (22 January 2008)
http://www.theregister.co.uk/2008/01/22/mod_gives_away_data/
Join the army, get your ID pinched - MoD laptop goes AWOL (20 January 2008)
http://www.theregister.co.uk/2008/01/20/mod_recruits_laptop_theft/
Boro council in child data theft flap (17 January 2008)
http://www.theregister.co.uk/2008/01/17/boro_laptop_theft_flap/
Clarkson's 'steal my ID' stunt backfires (7 January 2008)
http://www.theregister.co.uk/2008/01/07/clarkson_bank_prank_backfires/
2007 worst ever year for data protection (7 January 2008)
http://www.theregister.co.uk/2008/01/07/lib_dems_data_losses/
Nato secrets USB stick lost in Swedish library (4 January 2008)
http://www.theregister.co.uk/2008/01/04/another_stick_with_military_secrets_found/
Tories offer NHS IT rescue plan after major patient data losses (24 December 2007)
http://www.theregister.co.uk/2007/12/24/nhs_trust_data_losses/
Data breach officials could be sent to the big house (18 December 2007)
http://www.theregister.co.uk/2007/12/18/hmrc_crim_penalties/
Darling plays wait and see on HMRC disc loss (17 December 2007)
http://www.theregister.co.uk/2007/12/17/darling_hmrc_reforms/
Police give up on lost CDs (14 December 2007)
http://www.theregister.co.uk/2007/12/14/police_stop_cd_search/
Brown quizzed on gov IT failures (13 December 2007)
http://www.theregister.co.uk/2007/12/13/brown_quizzed_it/
UK.gov data review calls for... data (12 December 2007)
http://www.theregister.co.uk/2007/12/12/data_review_feedback/
UK.gov loses driver ID data (11 December 2007)
http://www.theregister.co.uk/2007/12/11/driver_data_discs_disaster/
Citizens Advice coughs to laptop loss (11 December 2007)
http://www.theregister.co.uk/2007/12/11/citizens_advice_laptop_theft/
Brown knew data loss was disaster waiting to happen (10 December 2007)
http://www.theregister.co.uk/2007/12/10/brown_knew_disc_loss_likely/
DVLA coughs to data slip (7 December 2007)
http://www.theregister.co.uk/2007/12/07/dvla_data_error/
HMRC coughs to more data losses (6 December 2007)
http://www.theregister.co.uk/2007/12/06/hmrc_systemic_failures/
Data breach costs soar (29 November 2007)
http://www.theregister.co.uk/2007/11/29/data_breach_cost_survey/
Civil service apologises for HMRC data loss (26 November 2007)
http://www.theregister.co.uk/2007/11/26/hmrc_data_loss_letter/
Running queries on the HMRC database fiasco (25 November 2007)
http://www.theregister.co.uk/2007/11/25/tech_view_of_data_blunder/
Datapocalypse Now (22 November 2007)
http://www.theregister.co.uk/2007/11/22/hmrc_roundup/
HMRC data loss could be tip of iceberg (22 November 2007)
http://www.theregister.co.uk/2007/11/22/police_expand_hmrc_probe/
Senior officials now in frame for HMRC data fiasco (22 November 2007)
http://www.theregister.co.uk/2007/11/22/darling_disaster_good_id_cards/
Darling's Data giveaway - what the readers say (21 November 2007)
http://www.theregister.co.uk/2007/11/21/reader_comments_on_hmrc/
How HMRC gave away the UK's national identity (20 November 2007)
http://www.theregister.co.uk/2007/11/20/hmrc_huge_data_loss/
Darling admits Revenue loss of 25 million personal records (20 November 2007)
http://www.theregister.co.uk/2007/11/20/hmrc_loses_lots_data/
Inland Revenue boss quits over 'major ops failure' (20 November 2007)
http://www.theregister.co.uk/2007/11/20/hmrc_boss_quits/
Reckless loss of laptop data? ICO calls for stiff fines (16 November 2007)
http://www.theregister.co.uk/2007/11/16/doctors_fined_for_losing_data/