U.K. justice agency lost 45,000 personal records in past fiscal year
hat tip ~ sott.net
http://www.computerworld.com/…
Leo King
Computer World
Mon, 18 Aug 2008 18:02 EDT
The U.K. Ministry of Justice has lost the personal data of about 45,000 people in a string of IT and physical security breaches during the national government’s past fiscal year, according to an annual report issued by the agency.
Data was lost in at least nine separate incidents, the ministry disclosed. Most of the affected people weren’t notified, and police were told about only six of the nine breaches, the agency said in the report.
In addition, the Ministry of Justice suggested that there could be more breaches that have yet to be disclosed publicly. Some breaches “may be excluded” from the list in cases where disclosing them would in and of itself cause harm to the public, it said.
In the largest reported incident, which took place in June of last year, the names, addresses and some bank-account data of 27,000 workers at suppliers to the ministry were exposed through the “unauthorised disclosure of inadequately protected electronic storage devices,” the British agency said. Neither the people affected nor the police were informed, the Ministry of Justice added.
On another occasion last November, paper records containing the names, addresses and birth dates of 3,648 alleged criminals were lost from outside government buildings, according to the agency. Again, no one was notified.
Two months later, data on 14,000 people who had paid fines after the due dates was compromised because of an “inadequately protected laptop” that was located within government premises, the ministry said. In that incident, it added, the police were notified, but the affected residents were not.
The six remaining incidents all affected smaller numbers of people. Two involved laptops, one resulted from the loss of electronic storage devices, and three stemmed from the loss of paper records, the Ministry of Justice said. The agency notified police about five of those events, but it only told the residents whose information was compromised about three of the breaches.
In a statement, the ministry said that no “major breaches” had occurred and that it takes data protection “extremely seriously.”
“Whilst any loss of data is regrettable, all MOJ incidents have been reported and the necessary action taken,” the agency said in the statement. The ministry added that it has set up a data protection assurance program for the government’s current fiscal year “to address information risks and inspire public trust and confidence.”
The news of the breaches comes only months after the U.K.’s Cabinet Office imposed tough data security sanctions on government agencies and pledged to report regularly on their handling of sensitive information.
Last week, the Home Office revealed that it had lost the records of 3,000 seasonal agricultural workers on two unencrypted CDs. And in a similar incident last November, HM Revenue and Customs lost unencrypted disks containing the data of 25 million families in the U.K.
