RSS Alerts

Related Links

Related Stories

  • A breach a day will keep the patients away - information security in the health sector
    The NHS web is made up of different management structures, different information security needs, and different budgets. Cath Everett looks for a medicine that will cure information security worries across the healthcare board
  • Keeping sensitive information secure when staff is leaving
    Career loyalty is an endangered creature. Unlike our predecessors, today’s workforce is unlikely to stay committed to a job for five years, let alone their entire lives. But with such a fluid stream of employees keeping human resources busy, and countless eyes being cast over company data, Rob Stringer investigates how sensitive information can stay faithful to its organisation, even if its staff don’t...
  • Doctors encourage patients to opt-out after NHS data losses
    A letter for patients to use to opt-out of the English NHS’s nascent central database of medical records, written by doctors and medical privacy campaigners, has reached more than 200 000 downloads. Meanwhile, nine NHS trusts have admitted data breaches, in the wake of HM Revenue and Customs’ loss of 25 million people’s data.
  • UK government loses data on 25m Britons
    The UK government has lost personal data on every child in the country, as well as national insurance numbers and bank account details of parents and carers claiming child benefit, on two password-protected CDs sent through an internal mail service.
  • IT strategy @ UK.gov
    The UK government needs to improve its ability to deliver effective IT-based systems at reasonable cost. But the proposed solution could change utterly the relationship between the state and the citizen, reports Ian Grant.

News

Unencrypted laptop with 109 000 records on pension schemes members stolen

03 June 2009

An unencrypted laptop containing details on 109 000 pension schemes members with UK pension funds service provider, The Pensions Trust, has been stolen from a third-party office in Marlow, Buckinghamshire.

The laptop theft is believed to have been targeted, and was carried out at The Pensions Trust’s software provider, NorthgateArinso’s offices. NorthgateArinso, a global human resources software and services provider, says the laptop was stored in a locked room and that the machine itself had password protection. The lost data, however, which includes names, addresses, national insurance numbers, and bank details for those already receiving their pension, was not encrypted.

The schemes affected are:
  • Social Housing
  • SSHA
  • Independent Schools
  • Flexible Retirement Plan
  • Growth Plan (Series 1, 2 & 3)
  • Unified Ethical Plan

Lynda Howe, chair of Verify Trustees, said in a Pensions Trust statement: “NorthgateArinso has expressed their regret that this theft has occurred and investigations are ongoing. I can confirm that The Pensions Trust has now withdrawn access to personal member data from NorthgateArinso and have also instructed them to delete any existing personal member data they hold. We are hopeful that this incident will not have any impact on members but, as a precaution, we have arranged for them to be protected by CIFAS [UK’s Fraud Prevention Service] and have set up a members’ helpline.

Texas-based endpoint data protection provider Credant Technologies criticises The Pensions Trust for not protecting its data better.

“The fact that the Trust is a not-for-profit organisation does not mean that it can bypass any of the stringent IT security safeguards or require similar controls to be implemented by its contracting companies”, said Michael Callahan, vice president of Credant.

The laptop and its data were used by NorthgateArinso in its staff training.

“It is to be hoped that the firm will now review its procedures on using live data in training situations, and also start beefing up its IT security procedures, including applying a policy of encrypting all private data, whether at rest or in transit”, Callahan added.

The Pensions Trust says on its website that its most important task is to provide individual members “a high quality service that they can rely on.”

The laptop, which was reported stolen at the end of March, contained details of members belonging to six of The Pensions Trust’s 39 pension schemes. According to a NorthgateArison statement, there is no evidence so far that the data has been used or accessed.

 

This article is featured in:
Data Loss Encryption

 

Comment on this article

You must be registered and logged in to leave a comment about this article.

Copyright © 2010
Elsevier Ltd. All rights reserved.
Terms & Conditions | Privacy | Website Design Working with water