HMRC investigates laptop theft

gallery

Her Majesty's Revenue and Customs (HMRC) has admitted a laptop was stolen from the boot of a car last month.

The theft came to light as a result of the fact that it contained details of people who had been savings customers of investment firms. A print-out also containing customer details was also stolen.

The theft was from the car of an HRMC staff member who was using the investment firms' customer information as part of a routine tax audit. When the theft was discovered on 21 September, HMRC contacted the affected firms who, in turn, have since contacted their customers.

An apologetic HMRC said the theft was "entirely" the department's fault. A spokesman also told IT PRO the data on the laptop was protected by both complex password and high-level encryption software.

He added: "We very much regret the loss of some customer data provided to us by a number of financial institutions. The incident has been reported to the police and we are carrying out an urgent internal enquiry."

Security vendors, however, have questioned why the data was on a portable device and printed out in the first place.

Philip Wicks, security consultant for business and technology consultancy, Morse said: "It looks like the HMRC have put in place numerous types of protection that has ensured the data on this laptop can't be used by fraudsters.

"However, this incident once again highlights the need for organisations to think long and hard about the data they allow employees to take off site on laptops and mobile devices. Organisations should have policies and procedures in place that dictate what information can and can't be taken off the premises."

Tom de Jongh, product manager at mobile device encryption specialist Safeboot said: "I sympathise with all those who's data was on the print-out - to take such a sensitive document out of the HMRC office environment is not advisable."

But he added: "It is good to see that organisations are finally starting to think and are taking steps to remove the 'human factor' when it comes to data security.

"Although the laptop was left in what seemed a secure location, the fact is that whenever a piece of equipment leaves the corporate environment that business is putting its faith in the employee to look after it. What I call the' human factor' comes into play and with the best will in the world, the employee cannot guarantee that he or she will not fall victim of a crime.

"More companies need to follow this example and take a holistic view of their organisation's assets, and assess the 'human factor' before its too late."

Email to a friend

Print this page