RSS Alerts

Related Links

Related Stories

  • Keeping sensitive information secure when staff is leaving
    Career loyalty is an endangered creature. Unlike our predecessors, today’s workforce is unlikely to stay committed to a job for five years, let alone their entire lives. But with such a fluid stream of employees keeping human resources busy, and countless eyes being cast over company data, Rob Stringer investigates how sensitive information can stay faithful to its organisation, even if its staff don’t...
  • Top Secret Iraq and al-Qaeda documents left on train
    Top-secret documents, containing information on al-Qaeda and Iraq, were found on the seat of a commuter train, according to BBC news reports released today.
  • Espionage in sport
    Where there’s money, there’s cybercrime, and sport is no exception. Stephen Pritchard examines the pitfalls and vulnerabilities that the sporting industry faces in securing its vital information
  • A blueprint for secure intellectual property
    Protecting intellectual property (IP) is imperative for any business. Providing a unique business model will encourage revenue, and keeping selected information from ambitious soon to be ex-employees should help to stave off the competition. Add a recession to the mix, complete with unscrupulous tactics, legal grey areas and an increase in redundancies, and the brewing threats might just boil over. Rob Stringer looks into the not-so-secret formula for keeping intellectual property secure
  • Social networking - a risk to information security?
    As the popularity of social networking sites continues to mount, it becomes increasingly important to consider the information security risks posed in the context of a wider data loss prevention and reputation management strategy. Cath Everett reports

News

RAF data loss included sensitive vetting data

27 May 2009

The Ministry of Defence (MoD) has omitted information that the theft of hard drives in September 2008 with data on RAF personnel also included highly sensitive RAF vetting records.

According to the BBC programme Who’s Watching You?, some 500 files with details of affairs, debt and drug use were lost in the theft of hard drives with data on tens of thousands of personnel from RAF Innsworth in Gloucester, UK, last September. At the time, the MoD failed to inform the public that the files contained sensitive, personal, vetting data, which could leave current and former service personnel, and the MoD, open to blackmail.

An internal MoD memo on the data loss incidence shown to the programme revealed that the lost RAF vetting files included “details of criminal convictions, investigations, precise details of debt, medical conditions, drug abuse, use of prostitutes, extra-marital affairs including the names of third parties”.

Such information could provide “excellent material for foreign intelligence services and blackmailers”, according to an unnamed wing commander quoted by the BBC.

The MoD said it had spoken to those affected by the data loss and that “there is no evidence to suggest that the information held on the hard drive… has been targeted by criminal or hostile elements.”

Portable devices always a risk

Paul Davie, founder and chief operating officer at Oxford-based database control company Secerno, told Infosecurity: “It is highly likely that whoever stole these USB disks did so without realising the value of the data they stole. The disks were simply a commodity item, probably worth less than £100 each – good for storing the kids’ pictures on the laptop at home. This being the case, they were probably reformatted and sold on with no real loss of data. Except...

“... it is hard not to be completely paranoid about the loss of sensitive military-related data. The implications are huge, obviously. Even if the disks are one day recovered – and that now seems unlikely after so long – the data on them has to be viewed compromised. All of the sensitive data on those disks has to be assumed to be in the hands of the wrong people – enabling potential blackmail and identity theft. It has a profound impact on the people whose data was stolen and on everyone they now deal with. I find the cost to the MoD of dealing with this aspect of the loss unimaginable.”

Davie said it is highly unlikely that this was an external theft as the hard drives were kept in a ‘secure area’ on a RAF base, although he also questions why any RAF personnel would “risk their careers to steal three low-cost hard drives”.

“The BBC reported last year that the MoD lost 121 USB sticks and more than 650 laptops over the period 2004-2008. Short of putting tracking devices in each one, this will continue to happen unless a ‘secure area’ really means a bank-style vault with appropriate security sign-out and monitoring procedures”, Davie said.
“The data was so incredibly valuable – so you would think it had to have been encrypted. Yet the sad fact is that it probably was not. Encryption of sensitive data at rest should be a minimum precaution, but it is a measure more respected in principle than practice

“It comes down to this – the casual theft or accidental loss of small devices is inevitable. Appropriate security measures around the data on them are therefore essential”, Davie concluded.

 

This article is featured in:
Data Loss

 

Comment on this article

You must be registered and logged in to leave a comment about this article.

Copyright © 2010
Elsevier Ltd. All rights reserved.
Terms & Conditions | Privacy | Website Design Working with water