LEWIS PR uncovers huge loss of laptops by MoD staff

Sensitive data goes missing in £600,000 blow to taxpayers

Thursday, July 22nd, 2010

Three hundred and forty laptops have been lost by or stolen from Ministry of Defence staff in the past two years at a cost of £620,000 to the taxpayer, according to Freedom of Information figures released to LEWIS PR.

A further 593 CDs, DVDs and floppy disks, 215 USB memory sticks, 96 hard-disk drives and 13 mobile phones also went missing, many containing sensitive data which was not encrypted and could have been accessed by criminals.

A total of 120 laptops, at a cost of £1,800 each, were stolen and 220 lost and only 25 were recovered. Less than half – 157 – had data which had been encrypted.

Similarly, only 164 of the 593 CDs, DVDs and floppy disks, were recovered. Only 40 were encrypted and only 52 of the 215 missing memory sticks were protected.

The findings show that a total of 1,257 hi-tech items disappeared from the Ministry of Defence but a staggering 983 were not encrypted. Only nine staff were disciplined over the losses.

Freedom of Information statistics obtained by LEWIS PR from a further 10 governmental departments also revealed other major losses of hardware by civil servants between June 2008 and June 2010.

Among the big losers were:

• The Department for Transport: 38 laptops, 39 PDAs, 21 mobile phones and 2 memory sticks reported lost or stolen at a cost of £49,318. Two members of staff were disciplined.

• The Department for Work and Pensions: 71 laptops, 48 mobile phones, 27 BlackBerrys reported lost or stolen. No valuation was available but working on an average cost of £600 per laptop and £50 per mobile phone, the estimated loss would be £46,350, Five members of staff were disciplined.

• The Department for Business, Innovation and Skills: 11 laptops and 13 BlackBerrys reported lost or stolen at an approximate cost of £17,000.

• The Department for Education: 11 laptops, 34 BlackBerrys, one PDA and 4 memory sticks reported lost or stolen at a cost of £12,701.92. One member of staff was disciplined.

• The Department for Communities and Local Government: 10 laptops, 10 BlackBerrys, two mobile phones were lost or stolen at a cost of £12,260.

• The Department for International Development: 18 laptops and four mobile phones were lost or stolen at a cost of £5,724.

• Department of Energy and Climate Change: Four laptops and seven BlackBerrys vanished at a cost of £5,454. No member of staff was disciplined and no equipment recovered.

• The Cabinet Office: Seven laptops, five mobiles and one BlackBerry at a cost of £4,856. No member of staff was disciplined and no equipment recovered.

• The Foreign Office: Six laptops reported lost or stolen. No valuation was given but working on an average cost of £600 per laptop the estimated loss would be £3,600. No member of staff was disciplined and no equipment was recovered.

In total, the 11 departments questioned reported the loss of 518 laptops, 131 BlackBerrys /iPhones, 104 mobile devices and 932 memory devices. Added together this represented an estimated loss to the taxpayer of £777,854.29.

Eb Adeyeri, Digital PR Director, LEWIS PR commented: “While it’s worrying that there is still so much data going missing through lost devices, what’s even more alarming is that so few of the devices were encrypted. We live in an age where so much of our lives exist online and across a multitude of social networks and the implications of information falling into the wrong hands today is now more dangerous than even a couple of years ago. Surely it’s incumbent on Government departments to take the issue of computer security far more seriously and at the very least ensure all devices are adequately encrypted.”

    Quotes

    Sean Sullivan, security advisor at leading software security company F-Secure, said: “It’s scandalous that such a large amount of equipment and data has gone missing. There seems to be a cavalier approach to the storage and protection of data. Who knows what damage could be done to the UK if this material gets into the wrong hands? At a time when national security is paramount, it’s vital that far more is done to encrypt sensitive data and staff are held to account. This loss represents a devastating disregard for the taxpayer’s security and pocket.”

    Keith Crosley, director of data loss prevention company Proofpoint, said: While the value of the lost and stolen equipment is staggering, the potential losses of private information about and belonging to UK citizens, classified government information and other non-public information could easily be several times greater. That only 20% of the devices lost from the MOD were protected by encryption is shocking. Organisations of all types need to be aware that, after leaks via email, lost and stolen mobile devices are one of the top sources of data breaches. Proofpoint research shows that, just in the past year, nearly one quarter of large organisations investigated such a breach.”

    Dave Everitt, general manager, Absolute Software, said: “There are so many examples of bad practice here, within the very organisations that should be setting the example for everyone else, it’s shocking. The sheer number of devices that were lost or stolen from the MoD is evidence that for all the hackers and computer viruses in the world, simple human error is still the biggest security threat to our national security.”

    “Of the 340 laptops lost by the MoD, only 25 were returned. Encryption use was low, but even if it is deployed, codes can be broken by those in the know. The technology already exists on most laptops to track stolen hardware and recover it – it’s normally just a case of enabling this. If a laptop or mobile can’t be tracked, Government departments should at least ensure they can remotely destroy the information held on it – rendering the laptop and its contents entirely useless.”

    Bjoern Rupp, CEO, GSMK CryptoPhone said: “It beggars belief that the department charged with protecting the nation’s security is losing phones which lack even the most basic forms of encryption technology. Even more worrying is that this chronic lack of security seems to be endemic across all government departments, putting our national security at risk. The government should immediately enforce a mandatory encryption policy across all mobile devices to prevent vital information and data falling into the wrong hands.”

    About LEWIS PR

    LEWIS PR is a global communications agency. In addition to traditional media and analyst relations, LEWIS specializes in social media, digital marketing and creative services. It works with companies to implement integrated communications programs on an international scale. LEWIS works with leading and emerging brands across multiple sectors, including automotive, consumer, government, healthcare, insurance, legal, non-profit, technology and telecom. LEWIS has 28 offices across the US, EMEA and Asia Pacific, with regional headquarters in London, San Francisco and Singapore.

    Leave a Reply