Free Newsletter
Register for our Free Newsletters
Access Control
Deutsche Zone (German Zone)
Education, Training and Professional Services
Government Programmes
Guarding, Equipment and Enforcement
Industrial Computing Security
IT Security
Physical Security
View All
Other Carouselweb publications
Carousel Web
Defense File
New Materials
Pro Health Zone
Pro Manufacturing Zone
Pro Security Zone
Web Lec
ProSecurityZone Sponsor
ProSecurityZone Sponsor
ProSecurityZone Sponsor
ProSecurityZone Sponsor
ProSecurityZone Sponsor
ProSecurityZone Sponsor

Data on thousands of UK criminals lost from memory stick

McAfee : 25 August, 2008  (Technical Article)
PA Consulting loses Home Office data relating to UK prison community held on USB memory device
The Home Office has highlighted that a memory stick, containing personal details of criminals in the UK and Ireland, has been lost. The data, which includes the details of around 10,000 prolific offenders, as well as information on all 84,000 prisoners in England and Wales, is not encrypted and is therefore not protected from being accessed by anyone who finds the device. Furthermore, the data lost includes information on around 30,000 people with six or more convictions in the last 12 months, including their names, addresses, dates of birth and release dates.

The Home Office was notified by PA Consulting on Monday that the device was missing and despite scouring CCTV footage and searching its premises, it was confirmed that it had not been found again.

A comment from McAfee is below, and if you would like to discuss any of the following issues relating to this data loss, I would be happy to arrange for you to speak with an expert from McAfee:

* Loss of business information and the demand for stolen data.
* Encryption.
* Amendments to the data loss law and what they mean to businesses and consumers.
* Cyber crime.
* The disconnect between people, business processes and technology.

Greg Day, Security Analyst for McAfee commented:

"One of the challenges for businesses moving data around is the lack of security of mobile devices, notably removable storage devices such as USB memory sticks. A recent paper from ENISA, published in June 2008, stated that USB devices present considerable risk as they usually lack security controls and are rarely covered by corporate security policies. With such gadgets being widely used in business today, companies need to be able to protect and account for the data stored on them, as they can easily be lost or left behind.

This latest data loss incident clearly highlights the challenge for businesses when sharing sensitive information with third parties, whether that data is being transferred electronically by email or carried around on storage devices such as USB sticks. Today, many organisations are still struggling to get a handle on their own data security practices, but as this example has again highlighted, they need to rise to the challenges relating to the sharing of information with third parties and understand their responsibilities resulting from such practices.

It seems that a number of businesses are still catching up with their security procedures in order to bring themselves in-line with data protection legislation. Recent amendments to data loss law, stating that anyone who 'intentionally or recklessly discloses information' can face legal action, makes this even more pressing for UK businesses. This latest loss of information illustrates again that these issues need to be addressed sooner rather than later, in order to avoid any further embarrassments and to protect those people whose details may be at risk. Had the data on the memory stick been encrypted, its loss would have posed no risk. As a result of insufficient security procedures, this information could provide valuable information to those who may misuse it.'

Bookmark and Share
Home I Editor's Blog I News by Zone I News by Date I News by Category I Special Reports I Directory I Events I Advertise I Submit Your News I About Us I Guides
   © 2012
Netgains Logo