Home Office laptop and data sold on eBay

The Home Office is today under well-deserved scrutiny after a disc containing confidential data from the government department was discovered hidden under the keyboard of a laptop that had been sold on the internet auction site eBay.

The disc, concealed under the keyboard of the laptop was discovered by a Machester-based PC repair centre when the machine was brought in for a problem to be investigated.

"This seemed like just another repair" said Lee Bevan, the managing director of LeapFrog Computers, the computer repair company that made the discovery.

"The customer said he bought it on eBay and seemed quite innocent. It was only when we opened it up we found the disc with the words Home Office Confidential written on it hidden under the keyboard. We tried to read it, but couldn't as it was encrypted."

The Home Office has launched an inquiry into the incident, and a spokesman for the department confirmed that the data, which along with the laptop have been handed to Greater Manchester Police, is encrypted not merely password protected. This is in stark contrast to many recent data losses and thefts where data has either been completely unprotected or locked with little more than a basic password.

This is the latest in a number of high-profile and embarrassing data losses by government departments and agencies. In addition to the HM Revenue and Customs CD loss that compromised 25 million data records that has dominated the news in recent months, the Ministry of Defence, HNS and Ministry of Justice have all been found to have lost confidential data relating to personnel, the public and matters of state.

Industry commentators have been quick to speak out about this latest failure by the public sector to implement best practice in its data security.

"If it transpires that this is a device that the Home Office disposed of because it was no longer needed, then some serious questions need to be asked," said Philip Wicks, a consultant at IT firm Morse.

"When getting rid of old IT equipment all organisations should be following a strict disposal process. Whether it is being sold off or thrown out, when getting rid of old laptops, PCs or servers organisations should be removing all data from the device regardless of whether it is encrypted or not. This isn't as simple as hitting the delete button to erase the data from the disk drive; this won't necessarily clear the data, it just hides it."

This is not the first time that a government laptop has turned up on eBay. "With the statistics showing that nearly 500 government devices have gone missing since 2001, it was only a matter of time before a confidential disc inadvertently ended up on eBay," said Brian Spector, general manager of the content protection group at Workshare.

"The good news with this latest data breach is that the data was encrypted," added Alan Bentley, vice president of Lumension Security. "However, encryption alone is not infallible - computer hackers are determined individuals and we certainly shouldn't be relying on one line of protection when it comes to our national security."

Email to a friend

Print this page

Social Bookmark this article: What is this?

Digg

Delicious

Reddit

StumbleUpon

Slashdot

Google

Facebook