UPDATED: Data thefts and losses in the UK - Timeline

IT PRO charts the on-going problem of large public and private sector bodies failing to safeguard sensitive business and consumer data.

16 November 2006: Laptops containing details of the Metropolitan Police's payroll are stolen from LogicaCMG, the company responsible for the Met's pay and pension services. The Police work with credit reference agencies, payments association APACS and fraud prevention service CIFAS to take action to protect staff from identity theft.

17 January 2007: Hundreds of documents containing sensitive personal data found dumped on a roundabout in Exeter. The data contained benefit claims, passport photos and mortgage payments.

14 February 2007: Building Society Nationwide is fined nearly 1million by the Financial Services Authority (FSA) after a laptop containing customer account details is stolen from an employee's home.

1 June 2007: A laptop is stolen that contains the payroll information of over 500 employees at the Eden Project. The employee looking after it worked for payroll company Mooreplay. The bank details, national insurance numbers and salary details of around 500 staff were at risk.

6-7 August 2007: A server is stolen from the head offices of Forensic Telecommunications Ltd (FTS), containing administrative and forensic data. FTS is a company that provides police with telephone evidence in connection with their investigations.

24 August 2007: The online recruitment firm Monster discloses details of a breach which had resulted in the details of 1.3 million job seekers being stolen. Monster takes five days to tell users of the situation, which was caused by hackers breaking into the site's password protected CV library.

21 September 2007:A staff member from Her Majesty's Revenue and Customs (HMRC) discovers that a laptop has been stolen from the boot of their car containing password protected and encrypted data relating to 400 people. The laptop contained details of the savings customers of investment firms. HMRC admitted the loss was entirely its fault, while security vendors question why the data was on a portable device and printed out to begin with.

5 November 2007: IT PRO reported that HMRC lost a CD containing the details of 15,000 Standard Life pension customers. The CD has gone missing in transit from Newcastle to Edinburgh while being carried by an external courier. The information was sufficient to be used by fraudsters to steal customers' identities.

20 November 2007: It emerged that HMRC lost two disks in transit containing the personal and banking details of 25 million people receiving child benefit. The disks held information including names, addresses, dates of birth, national insurance numbers as well as bank and building society numbers. The loss resulted in the resignation of Paul Gray, Head of HMRC. It is the UK's worst security breach and one of the world's biggest ID protection failures. The CDs have never been found.

17 December 2007: Transport Secretary Ruth Kelly tells parliament that details including names and addresses of three million learner test drivers were stolen from the DVLA. This was due to a hard disk being stolen from a US data storage facility in Iowa.

23 December 2007: Nine NHS trusts admit losing the personal details of patients. The breaches are thought to involve the loss of more than 160,000 names and addresses of children.

9 January 2008: A laptop containing the details of 600,000 military personnel is stolen from a car in Birmingham. These details contain passport, national insurance and driver's licence numbers as well as the bank details of 3,500 people. Details do not emerge until 19 January.

14 January 2008: Two laptops containing the unencrypted details of 389 local patients are stolen from a hospital in Brent.

23 January 2008: Ministry of Justice confirms that four CDs containing personal details of witnesses and victims have gone missing.

6 February 2008: NHS IT group admits that around 4000 smartcards, used to access NHS computer systems, have gone missing. Not all were misplaced, with at least 142 stolen.

22 February 2008: Skipton Financial Services are found responsible by the ICO of breaching the Data Protection Act by losing an unencrypted laptop containing the details of 14,000 customers.

Featured Resources

Become a digital service provider

How to transform your business from network core to edge

Download now

Optimal business results with the cloud

Evaluating the best approaches to hybrid cloud adoption

Download now

Virtualisation that enables choices, not compromises

Harness the virtualisation technology that's right for your hybrid infrastructure

Download now

Email security threat report 2020

Four key trends from spear fishing to credentials theft

Download now

Recommended

How LogPoint uses MITRE ATT&CK
Whitepaper

How LogPoint uses MITRE ATT&CK

15 Jan 2021
Weekly threat roundup: Microsoft Defender, Adobe, Mimecast
vulnerability

Weekly threat roundup: Microsoft Defender, Adobe, Mimecast

14 Jan 2021
Mimecast admits hackers accessed users’ Microsoft accounts
Security

Mimecast admits hackers accessed users’ Microsoft accounts

13 Jan 2021
What is public key infrastructure (PKI)?
Security

What is public key infrastructure (PKI)?

12 Jan 2021

Most Popular

How to recover deleted emails in Gmail
email delivery

How to recover deleted emails in Gmail

6 Jan 2021
The fate of Parler exposes the reality of deregulated social media
Policy & legislation

The fate of Parler exposes the reality of deregulated social media

14 Jan 2021
Should IT departments to call time on WhatsApp?
communications

Should IT departments to call time on WhatsApp?

15 Jan 2021