Considering all the databases of personal and sensitive information out there, particularly in the UK, it’s surprising that data security continues to be neglected by even the most well-respected organisations. There have been some terrible examples in the last few years, including government officials leaving immigration files on trains.
Here are some of the most embarrassing data loss incidents in recent years:
- HM Revenue & Customs – Child Support
In October 2007, a civil servant posted a CD containing child benefit records from the North East to the National Audit Office in London. The CD never arrived, and it contained the names, NI numbers, bank account details and addresses of 25 million people who were claiming child support benefits. While the CD was password protected, the data itself was not encrypted, leaving the data extremely vulnerable. The chairman of Revenue of Customs Paul Gray resigned over the incident, as the public and the press were understandably miffed about the level of incompetence.
- Daily Mail
Of course there was no shortage of outrage felt from the Daily Mail quarters about the catastrophic HMRC data loss incident, so how embarrassing it must have been for them in 2008 when a laptop was stolen containing personal details of the organisation’s staff, including bank account details, names and addresses.
- TK Maxx
Some data losses are due to disruptive outside influences, such as computer hackers, but really it is still the organisation with the vulnerable data systems which are to blame for allowing that to happen. In 2007, hackers stole 45.7 million debit and credit card details from TK Maxx, as well as 451,000 name and address records. To get the data, the hackers simply drove around looking for wireless networks, and found the TK Maxx one with insufficient encryption. The hackers can then simply download the data. It is an embarrassingly easy data hack, and was not good for TK Maxx as a brand. Luckily the data related to transactions made between 2003 and 2004, so much of the data was out-of-date.
In 2007 the Driver and Vehicle Licensing Agency had an embarrassing data loss incident stemming from a survey which they carried out. They sent 1,215 surveys which included various pieces of personal informational about the addressee including date of birth, license numbers and motoring offences. When 100 surveys ended up being sent to the wrong address, containing the personal details of someone else, the DVLA blamed human error rather than insufficient data security procedures.
The British SAS, or Special Air Service, is a very secretive organisation. They are a special regiment of highly trained soldiers who are expert in commando techniques, and are often used in secret operations. Data loss seems unthinkable in such a secretive organisation, but recently a laptop containing all the names of the SAS officers and details about top secret training exercises was stolen. To make matters worse, the data wasn’t even encrypted, and the data loss wasn’t noticed until a routine audit identified the laptop as missing.