'Home Office' disc wedged in laptop sold on eBay

Powered by SC Magazine
 

A laptop containing what could be sensitive Home Office data has been sold on eBay.

The laptop was bought by an unsuspecting consumer who subsequently took the equipment to be fixed by Leapfrog computer repairs in Greater Manchester. It was only as the laptop casing was opened that a disc was discovered wedged beneath the keyboard.

“It is a real mystery as to why the disc was jammed there, although it was obviously put there deliberately," said Lee Bevan, Leapfrog's managing director.

“The only way a disc can get inside the system would be through the CD Rom but this is a sealed unit,” Bevan added.

The disc had the words "Home Office" and "Confidential" written on it. But Leapfrog was not able to verify the authenticity as the contents were encrypted. If the disc is proven to be from the Home Office, it would be another major public sector IT security embarrassment.

IT experts said that encryption on the disc shows the public sector is learning from previous mistakes, but warned that the Home Office remains vulnerable to data leaks.

“Unfortunately accidents like this are not going to stop happening so we can only hope that other government departments follow the Home Office's lead and adopt full disc encryption,” said Brian Spector, general manager for content protection firm Workshare, adding “With the statistics showing that nearly 500 government devices have gone missing since 2001, it was only a matter of time before a confidential disc inadvertently ended up on eBay.”

Alan Bentley, Lumension Security European vice president, pointed out encryption alone is not infallible. “Computer hackers are determined individuals with the potential to crack one layer of security,” Bentley said. “And, we certainly shouldn’t be relying on one line of protection when it comes to our national security.”

Bentley said safeguarding sensitive data needs to begin at the network level. “By monitoring and only allowing known good devices and authorised individuals to connect to a network and download data is essential.”

He added the key is to reducing data breach risk is to have data access control and encryption working hand-in-hand, as well as giving individuals who have rights to download data from the network stringent security checks.

The encrypted IT equipment is now in the hands of the Greater Manchester Police, who are investigating the incident.

itweek.co.uk @ 2010 Incisive Media


'Home Office' disc wedged in laptop sold on eBay
 
 
 
Top Stories
Toll Group to go Google
Poaches Woolworths project manager.
 
How News Corp's CIO tackled skills in his race to the cloud
What to do when your team’s talents are no longer needed.
 
Photos: How Thodey transformed Telstra
From turbulent Trujillo to Australia's leading telco.
 
 
Sign up to receive iTnews email bulletins
   FOLLOW US...
Latest Comments
Polls
Who do you trust most to protect your private data?







   |   View results
Your bank
  35%
 
Your insurance company
  5%
 
A technology company (Google, Facebook et al)
  8%
 
Your telco, ISP or utility
  8%
 
A retailer (Coles, Woolworths et al)
  4%
 
A Federal Government agency (ATO, Centrelink etc)
  18%
 
An Australian law enforcement agency (AFP, ASIO et al)
  15%
 
A State Government agency (Health dept, etc)
  7%
TOTAL VOTES: 3933

Vote
Do you support the abolition of the Office of the Information Commissioner?

   |   View results
I support shutting down the OAIC.
  27%
 
I DON'T support shutting the OAIC.
  73%
TOTAL VOTES: 1336

Vote