The personal information on thousands of criminals in England and Wales has been lost on a USB drive.
Although the data had been encrypted in a database, it was not encrypted when moved to the mobile storage device.
The unencrypted details were lost by a private firm, PA Consulting, during what it termed “processing.”
The data includes information on about 10,000 prolific offenders, as well as the names, birth dates and some release information of all 84,000 prisoners in England and Wales -- and a further 33,000 records from the police national computer.
PA Consulting held the data as part of a contract to work on a database of "prolific and priority offenders" called JTrack. A spokesman for the company declined to comment on the data loss.
“On the face of it, this appears to be a very serious breach," Frances Anderson, a partner at UK law firm Cobbetts, said. "Not just because of its massive scale, but due to the extremely sensitive nature of the information.”
The dangers of allowing employees to use USB drives in confidential data environments have been widely publicised for some time, with many organisations going so far as to glue USB ports shut to prevent their use.
David Smith, deputy commissioner for the Information Commissioner's Office, said the news was “deeply worrying."
"The data loss by a Home Office contractor demonstrates that personal information can be a toxic liability if it is not handled properly and reinforces the need for data protection to be taken seriously at all levels,” he said.
See original article on scmagazineus.com
Every prisoner in UK victim of data breach
By Mark Mayne on Aug 25, 2008 9:59AM