Feeds

MoJ admits data breaches affecting 45,000

Long arm of the law has butter fingers

Secure remote control for conventional and virtual desktops

The Ministry of Justice has reported eight data breach incidents affecting around 45,000 people.

The incident affecting the most people, reported in the ministry's 2007-08 resource accounts (pdf), took place in June 2007. Discs containing 27,000 supplier records, including supplier names, addresses and in some cases bank details, were in the possession of a contractor to the ministry.

No notification steps were taken as a result. The document says that "the data was not lost or stolen but some examples were shown to a representative of a newspaper," adding that all the data was subsequently recovered or destroyed.

The ministry reported this and eight other incidents to the Information Commissioner's Office during the last financial year. Three involved the loss of laptops, one in January containing data on 14,000 fine defaulters. The data included names, dates of birth, addresses, offences and in a fifth of cases national insurance numbers. The laptop, described as inadequately protected, was lost within secured government premises.

Another incident in September 2007 involved a laptop lost outside government offices, and affected only 13 people – but they were applicants for judicial office, and the data lost included their suitability for that office. The individuals were notified, as well as the police.

Four of the incidents involved the loss of paper documents, with one incident in November 2007 involving data on 3,648 people including their alleged offences. One other incident involved the loss of storage devices.

In its resource accounts (pdf), the Department for Work and Pensions revealed three data losses, all of names, addresses and national insurance numbers, affecting in total more than 16,800 people.

The incident affecting most people took place in December 2007. It involved the unauthorised disclosure of data on 9,000 people and saw the department notify law enforcement agencies.

In December, the DWP confirmed that two discs containing details of thousands of benefit claimants had been mistakenly retained by a contractor. These reportedly contained 9,000 people's data.

However, at time of writing the department was not able to provide any further information on the December breach or the two others, one in July 2007 which potentially affected 7,800 people, and one in January when papers with data on 45 people were lost.

Meanwhile, the resource accounts (pdf) of the security and intelligence agencies will carry out work to improve their information security.

"This area will continue to demand significant senior management attention," cabinet secretary Sir Gus O'Donnell writes, in his capacity as accounting officer for the agencies in the public version of the accounts. "The agencies plan more internal reviews to support further measures for enhancing the effectiveness of their data security frameworks."

The document, a cut-down version of the full secret report, also says that the agencies formally reported "no protected personal data-related incidents" in the last financial year, and that in previous years, the agencies had focused on reporting incidents relating to national security.

This article was originally published at Kablenet.

Kablenet's GC weekly is a free email newsletter covering the latest news and analysis of public sector technology. To register click here.

The essential guide to IT transformation

More from The Register

next story
Hello, police, El Reg here. Are we a bunch of terrorists now?
Do Brits risk arrest for watching beheading video nasty? We asked the fuzz
Snowden on NSA's MonsterMind TERROR: It may trigger cyberwar
Plus: Syria's internet going down? That was a US cock-up
UK government accused of hiding TRUTH about Universal Credit fiasco
'Reset rating keeps secrets on one-dole-to-rule-them-all plan', say MPs
Caught red-handed: UK cops, PCSOs, specials behaving badly… on social media
No Mr Fuzz, don't ask a crime victim to be your pal on Facebook
e-Borders fiasco: Brits stung for £224m after US IT giant sues UK govt
Defeat to Raytheon branded 'catastrophic result'
Yes, but what are your plans if a DRAGON attacks?
Local UK gov outs most ridiculous FoI requests...
EU justice chief blasts Google on 'right to be forgotten'
Don't pretend it's a freedom of speech issue – interim commish
Felony charges? Harsh! Alleged Anon hackers plead guilty to misdemeanours
US judge questions harsh sentence sought by prosecutors
This'll end well: US govt says car-to-car jibber-jabber will SAVE lives
Department of Transportation starts cogs turning for another wireless comms standard
Munich considers dumping Linux for ... GULP ... Windows!
Give a penguinista a hug, the Outlook's not good for open source's poster child
prev story

Whitepapers

Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Top 10 endpoint backup mistakes
Avoid the ten endpoint backup mistakes to ensure that your critical corporate data is protected and end user productivity is improved.
Top 8 considerations to enable and simplify mobility
In this whitepaper learn how to successfully add mobile capabilities simply and cost effectively.
Rethinking backup and recovery in the modern data center
Combining intelligence, operational analytics, and automation to enable efficient, data-driven IT organizations using the HP ABR approach.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.