All 84,000 prisoner details lost on unencrypted memory stick

A USB stick containing around 130,000 prisoner and ex-offender details goes missing from private contractor PA Consulting.

The personal details of all 84,000 prisoners in England and Wales were lost by a contractor working for the Home Office on an unencrypted USB stick.

Private consulting firm PA Consulting lost the stick, which contained the names and dates of birth of every prison inmate, and in some cases their prison release dates. It also had the details of 43,000 more serious ex-offenders.

A full investigation was being conducted by the Home Office and Police, with the Information Commissioner's Office (ICO) also informed, with David Smith, ICO Deputy Commissioner, calling the incident "deeply worrying."

CCTV and the premises were checked but the stick was not found. PA Consulting said that it was collaborating with the Home Office on the incident, but offered no comment.

The Home Office said that it had encrypted the data before passing it onto the firm, but the lost memory stick itself was not encrypted and could therefore be accessed by anybody who found the device.

The fear is that if the details fall into the wrong hands it could leave prisoners with previous convictions in danger of retribution by the victim, and could leave the Government open to being sued.

A recent report by the European Network and Information Security Agency (ENISA) stated that USB sticks represented a big risk as they lacked security controls and were usually not covered by corporate security policies.

Greg Day, security analyst for security vendor McAfee, said that the loss showed that many businesses were still struggling to bring their own security procedures in line with new data loss legislation.

He said that PA Consulting could face legal action thanks to these amendments, if it was found guilty of "intentionally or recklessly disclosing information."

He said: "The latest loss of information illustrates again that these issues need to be addressed sooner rather than later, in order to avoid further embarrassments and to protect those people whose details may be at risk.

"Had the data on the memory stick been encrypted, its loss would have posed no risk. As a result of insufficient security procedures, this information could provide valuable information to those who may misuse it."

Featured Resources

Four cyber security essentials that your board of directors wants to know

The insights to help you deliver what they need

Download now

Data: A resource much too valuable to leave unprotected

Protect your data to protect your company

Download now

Improving cyber security for remote working

13 recommendations for security from any location

Download now

Why CEOS should care about the move to SAP S/4HANA

And how they can accelerate business value

Download now

Recommended

DeviceSHIELD combats rising cyber attacks and online fraud amid COVID-19
Security

DeviceSHIELD combats rising cyber attacks and online fraud amid COVID-19

24 Nov 2020
350,000 Spotify users hacked in credential stuffing attack
Security

350,000 Spotify users hacked in credential stuffing attack

24 Nov 2020
WAPDropper malware hooks you up to premium telecoms services
Security

WAPDropper malware hooks you up to premium telecoms services

24 Nov 2020
VMware sounds alarm over zero-day flaws in multiple products
Security

VMware sounds alarm over zero-day flaws in multiple products

24 Nov 2020

Most Popular

macOS Big Sur is bricking some older MacBooks
operating systems

macOS Big Sur is bricking some older MacBooks

16 Nov 2020
46 million Animal Jam accounts leaked after comms software breach
Security

46 million Animal Jam accounts leaked after comms software breach

13 Nov 2020
How computing has revolutionised Formula 1
Sponsored

How computing has revolutionised Formula 1

11 Nov 2020