Feeds

MoD prays RAF disk thieves aren't data savvy

50,000 RAF IDs on unencrypted disks

Top 5 reasons to deploy VMware with Tegile

Personal details of potentially all current and ex-RAF personnel and dependents were stored on three USB-connected storage drives which went missing from a Ministry of Defence establishment at Innsworth, Gloucestershire.

Both the MoD police and Gloucester Police are investigating a presumed theft. A statement from the MoD said: "The theft of these hard drives from a secure location, where they were subject to physical protection standards consistent with the Data Handling Review, is being treated with great seriousness.

"There is no indication that the theft was motivated by a desire to obtain the data, nor that the data has been exploited maliciously in any way; but personal information on anyone serving or who has served in recent years in the RAF, Regular or Reservist, may have been compromised."

The station used to be a non-flying RAF base, called Innsworth Camp, housing a number of administrative functions. All records for all RAF men and women were kept at the base and the site was the headquarters of the RAF Personnel and Training Command. The RAF left the site in March this year, but left behind some MoD functions such as the Services Personnel and Veterans Agency (SPVA), and it was taken over by the 43 (Wessex) Brigade of the Army.

The site has 39 WW2-style wooden framed huts, a single 1970’s hangar and a 17-hectare sports field. According to a Wikipedia entry, the old RAF Command HQ and most other buildings are now empty and being looked after under a care and maintenance program. There are a few hundred staff working at the SPVA and other offices on the site, which is available to film-makers. The overall site security level is not 'that' high.

The three A5 book-sized hard disk drives holding the unencrypted data were stored, it is understood, in a locked cupboard in the SPVA office. Two of the drives contained personnel details such as MoD email addresses, appraisal results, and bank details. The third did not contain any personal details. Access to the room in question is via two successive manned security doors. Visitors need a pass and an escort to pass between the two doors. It's understood that there is no perimeter security for the site.

Laurence Robertson, the MP for Tewkesbury, said: "It is totally unsatisfactory ... It does seem a bit like somebody inside knows something about it. For someone to walk in off the street, know where to find a certain file and walk in and take it, seems a bit strange ... There needs to be a full investigation." That they might have been able to walk in off the street is not the least strange aspect of the affair.

An implication is that the control of perimeter access to the site may have been compromised by the changeover from RAF to Army base supervision, particularly as much of the base is empty and has no perimeter access control. Another implication is that a site visitor whose details were recorded is responsible for the theft.

Current and ex-RAF personnel can call a helpline on 0800 085 3600 to find out more. ®

Security for virtualized datacentres

More from The Register

next story
'Kim Kardashian snaps naked selfies with a BLACKBERRY'. *Twitterati gasps*
More alleged private, nude celeb pics appear online
Home Depot ignored staff warnings of security fail laundry list
'Just use cash', former security staffer warns friends
Hackers pop Brazil newspaper to root home routers
Step One: try default passwords. Step Two: Repeat Step One until success
UK.gov lobs another fistful of change at SME infosec nightmares
Senior Lib Dem in 'trying to be relevant' shocker. It's only taxpayers' money, after all
Who.is does the Harlem Shake
Blame it on LOLing XSS terroristas
Snowden, Dotcom, throw bombs into NZ election campaign
Claim of tapped undersea cable refuted by Kiwi PM as Kim claims extradition plot
Freenode IRC users told to change passwords after securo-breach
Miscreants probably got in, you guys know the drill by now
THREE QUARTERS of Android mobes open to web page spy bug
Metasploit module gobbles KitKat SOP slop
BitTorrent's peer-to-peer chat app Bleep goes live as public alpha
A good day for privacy as invisble.im also reveals its approach to untraceable chats
prev story

Whitepapers

Providing a secure and efficient Helpdesk
A single remote control platform for user support is be key to providing an efficient helpdesk. Retain full control over the way in which screen and keystroke data is transmitted.
A strategic approach to identity relationship management
ForgeRock commissioned Forrester to evaluate companies’ IAM practices and requirements when it comes to customer-facing scenarios versus employee-facing ones.
Saudi Petroleum chooses Tegile storage solution
A storage solution that addresses company growth and performance for business-critical applications of caseware archive and search along with other key operational systems.
WIN a very cool portable ZX Spectrum
Win a one-off portable Spectrum built by legendary hardware hacker Ben Heck
The next step in data security
With recent increased privacy concerns and computers becoming more powerful, the chance of hackers being able to crack smaller-sized RSA keys increases.