All 84,000 prisoner details lost on unencrypted memory stick
By Asavin Wattanajantra,
The personal details of all 84,000 prisoners in England and Wales were lost by a contractor working for the Home Office – on an unencrypted USB stick.
Private consulting firm PA Consulting lost the stick, which contained the names and dates of birth of every prison inmate, and in some cases their prison release dates. It also had the details of 43,000 more serious ex-offenders.
A full investigation was being conducted by the Home Office and Police, with the Information Commissioner’s Office (ICO) also informed, with David Smith, ICO Deputy Commissioner, calling the incident “deeply worrying.”
CCTV and the premises were checked but the stick was not found. PA Consulting said that it was collaborating with the Home Office on the incident, but offered no comment.
The Home Office said that it had encrypted the data before passing it onto the firm, but the lost memory stick itself was not encrypted and could therefore be accessed by anybody who found the device.
The fear is that if the details fall into the wrong hands it could leave prisoners with previous convictions in danger of retribution by the victim, and could leave the Government open to being sued.
A recent report by the European Network and Information Security Agency (ENISA) stated that USB sticks represented a big risk as they lacked security controls and were usually not covered by corporate security policies.
Greg Day, security analyst for security vendor McAfee, said that the loss showed that many businesses were still struggling to bring their own security procedures in line with new data loss legislation.
He said that PA Consulting could face legal action thanks to these amendments, if it was found guilty of “intentionally or recklessly disclosing information.”
He said: “The latest loss of information illustrates again that these issues need to be addressed sooner rather than later, in order to avoid further embarrassments and to protect those people whose details may be at risk.
“Had the data on the memory stick been encrypted, its loss would have posed no risk. As a result of insufficient security procedures, this information could provide valuable information to those who may misuse it.”
Related Tags
advertisement
Latest Security Features
How to be a successful online fraudster
Ever wanted to know how easy it is to be an identity thief and earn a fortune? IT PRO reveals all…
- What you need to know about ID cards
- Lessons to learn from a year of data breaches
- Q&A: DNS inventor Paul Mockapetris
- Is the password ill-equipped for the modern world?
- Why is backing up given short shrift?
- Defending Europe against cyber attack
- The present and future of IT security
- I’m an IT manager, get me out of here!
- IT around the world: Russia
Latest Security Reviews
Fortinet FortiGate-3810A
Rating: 
- Clearswift MIMEsweeper Web Appliance ENW
- NetASQ U6000 UTM appliance
- AVG Internet Security SBS Edition 8.0
- Finjan Vital Security Web Appliance NG-6000S
- LogLogic MX2010
- Exclusive: WatchGuard Firebox Core X750e
- Sophos ES4000 Security Appliance
- Microsoft Forefront Security for Exchange and SharePoint
- EXCLUSIVE: Juniper Networks SSG 550 UTM appliance
advertisement
Latest News Videos in Security
Video: Eugene Kaspersky outlines security threats
PlayIT PRO speaks to Eugene Kaspersky, chief executive and founder of Kaspersky Lab.
White papers
Want more background on today's hottest IT trends?
Visit IT PRO's white paper library for more on virtualisation, encryption and other topics.
Register for IT PRO
You'll get exclusive member benefits including free white papers, downloads, Webinars and weekly newsletters full of the latest IT PRO news, reviews, insight and expertise.
Social Bookmark this article: What is this?