Theyve done it again!
This from the times online this morning -

The Ministry of Defence has begun an investigation into its worst information security breach after a portable hard drive with details of about 100,000 servicemen and women and 800,000 applicants to join the Armed Services was found to be missing on Wednesday.
Sensitive details of the family members of personnel were also among the data stored, including bank details and passport numbers.
The portable hard drive — which is believed not to have been encrypted — was used by EDS, the MoD’s main IT contractor, to test computer equipment. It could have been missing for several days.
“The matter is being investigated by MoD police,” an MoD spokeswoman said last night. “We were informed by EDS that it was unable to account for a portable hard drive used in connection with the administration of Armed Forces personnel data. This came to light during a priority audit EDS is conducting to comply with the Cabinet Office data handling review.”

:mad:

It stretches credulity that these 'losses' are not termed 'politically motivated'.

Has the 'system' always lost data, or are we just being told of each occurrence?

This level of breaches of personal security are unprecedented . . . or are they?

It makes me very angry because I meticulously shred all rubbish bearing any personal details that goes out to the dustmen, then 'our' government oversee losses of sensitive information on this scale.

First rule of Health and Safety etc etc, but we really DO need reliable institutions.

12 years ago the same type of contractor, probably EDS even then, simply abandoned a server that had the images from the Strike Secret system. OK, they abandoned it in a secure room but it was unlabelled and no one looked for it.

Heard this on the radio this morning. Words fail me... :(

Yet another compelling reason why the ID card and other personal data projects need to be scrapped.

I wouldn't trust this lot to run a bath, never mind a country.

I know I'm dull but is this recently announced loss in addition to the Innsworth breach?

Can you all keep it down for a while, I'm busy reading through Beagle's bank account details on this cheap hard drive I just bought. Hmmm he is not as well to do as I would have thought.:}

How must it feel if you were doing some form of guard duty, on a sensitive weapon, or piece of kit overnight (or more likely away overseas), and knowing that some "baddy" may have access to your home address where your kith and kin are sleeping supposedly soundly:ugh:

This may be a stupid question, but could someone actually be criminally liable if anything untoward happens to anyone through the loss (and subsequent finding) of this information. I doubt that they would, given we have a government who are happy to return ministers who have needed to be previously sacked due to "poor performance"

Sorry to post such obvious (to many) things, but this is a rumour site and hopefully the odd politico is looking in too.

It is being reported that MOD has had 658 laptops stolen and 26 memory sticks "stolen or mislaid" in the last 4 years.

Why has this only now come into the public domain? Is there any member of the Armed Forces whose personal details have NOT been compromised?

I am taking out an Experian credit check annual subscription and intend sending the bill to the MOD. Perhaps everyone else should do the same.

Still fuming from the Innsworth debacle.

Ed

I know I'm dull but is this recently announced loss in addition to the Innsworth breach?

This is a new breach! No doubt there'll be another one along soon.

Is there any news on the Innsworth breach, or will this slowly be forgotten? I'd like to know if either/both affect me and, if so, what MOD/Govt is going to do about it.

Is there any member of the Armed Forces whose personal details have NOT been compromised?

Not forgetting those former and would-be members. Both mine and Miss Artiste's details have been outed in the earlier breeches, and I left in the 80s and she has yet to join :ugh:.

To save anyone the hassle I think I'll just post them up for sale on Ebay - why should some other f**k*r get the money when I can sell my own and keep the proceeds?

That file containing apology letters will sure be getting thick :{

so will the use of second class stamps ............no need to rush in giving us details after all :mad:

That file containing apology letters will sure be getting thick :{

Apparently the file has gone missing.

This wouldn't have happened 10, or even 5 years ago. The availability of cheap, poratble high capacity storage media has resulted in a much more lax attitude to data security. Added to which, many of the contractors involved will not have the same security mindset as a member of the Forces or a career Civil Servant.

Obviously, you can get a lot more info on a 160Gb poratble hard drive than you could ever get on a 1mb floppy, but people tended to take more care of those, and USB memory sticks are so common these days. (I have one that has an 8Gb capacity) so the numbers invoved are much higher - easier to drop the whole database onto the storage to test off site than to take a proper, redacted set of test data.

USB memory sticks are so common these days. (I have one that has an 8Gb capacity)

Not just memory sticks. My digital camera has an 4 Gb card, easy to slip it into a USB carrier and you have a 4 Gb stick.

What they haven't sorted yet is the potential for emailing data.

Rather than risk losing your USB stick, CD, floppy or laptop, just email it home. Ansolutely secure, not. Once at home you can lose the data with impunity. Only if it resurfaces and there is a recoverable audit trail will it be found.:sad:

The sooner that a law is passed to protect information, especially sensitive information the better. That is to say punished criminally with real consequences if data is misused by anyone in the chain. Secure transportation of any disks/USB sticks that must be moved and full accountability of stewardship from start to finish. Also compartmentalisation of data, so that various pieces of the jigsaw are kept separately and only joined together on the express ok of a senior manager/civil-serpent.

It is obvious that the people in charge of the many data-bases are incompetent to varying degrees and need to adhere to rock solid protocols. For this not to happen NOW will only exacerbate the damage already caused and surely to come.



SHJ

Intriguing that this happens just as EDS are informed of job cuts (see other thread). Coincidence?

Beginning to get fed up with the fact that the bad guys may know more about me than my OJAR writer! :mad:

Why don't they cut out the middle men and just post the information on t'interweb? At least we could check it...

It wouldn't have happened in my day as office/home computers barely existed and lugging an armful of files out of the office was a bit more obvious than sliding a SD card into one's pocket or banging off an e-mail. Bring back the abacus, I say.

Well, that's it then. They've had their chance.

This isn't the first incident, it isn't even the third incident. They can take as many chances as they like, I for one, shall not be.

When I'm next in work I will be clearing as many of my details: flying hours, operations, preferences, qualifications, armed forces railcard, posting preferences, next of kin details, med cats etc off JPA as I can.

I'm not a luddite (though I do dislike JPA) but after being told to 'embrace' the change all its done is left me vastly open to ID theft. Oh, and before anyone counters with, "You cannot know that for certain;" I would retort with, "That's exactly my point!"

No one - especially the MOD and EDS knows where my personal data is!

This is no longer about enhancing the admin system, but rather MY and my family's personal security.

From now on the Boss can have all those details written out a couple of months before to help him with my SJAR before shredding it afterwards. My Will and Next of kin details can be kept on paper in a locked filing cabinet (with the keys locked in a safe) on the Sqn.

Sod them - they can't be trusted.

SVK, good idea.

I was once put on the emergenct reinforcement list and told to hand my passport into PSF. No, I said, I paid for it, my passport, I keep it. You wnat it, you pay for it!

Soon as I get in I shall be doing a little kleenex job.

My letter states:

'they include general service information relating to yourself' thanks, such as what?

'no evidence to suggest that your details are being used for criminal purposes' YET and how would they know? Are they browsing my bank accounts? Who bought all those shares before they crashed :}

At least '. . . risk assessment . . . risk of identity fraaud is low.'

Tosser. I thought his dad was a cnut as well.

Why is there still nothing on the official RAF site about who to contact about this?

:mad:

As I left last year, the MOD have no record of who I am, so couldn't tell me if I was affected by the Innsworth data theft.

If the reports I've seen are correct, this most recent loss only affects currently serving personnel and those that applied to join recently.

Suddenly I glad that they no longer know who I am!

N Joe

Joe, be realistic. The present loss concerns 100 000 present members of the Services - ie the whole of the Navy and the whole of the Air Force and then some or the whole of the Army.

It also includes 800 000 applicants or the equivalent of 4% of the entire British labour force (of all ages). That certainly means it is not just those that applied recently.

From MoD site.

Ministry of Defence | Defence News | Defence Policy and Business | MOD issues update on missing EDS hard disk (http://www.mod.uk/DefenceInternet/DefenceNews/DefencePolicyAndBusiness/ModIssuesUpdateOnMissingEdsHardDisk.htm)

As an ex-member of HM forces, I am not too concerned with the loss of the personal reports (6442 in my day) which usually started with something like “He does not get as much value for money from the barber as he used to”, but I am concerned that no one has contacted me about lost data which could include details of where I live. I am led to believe that there is now a minister for veterans; he has not been round to see me either!
I note that the advert at the bottom of this page is for memory sticks; is that just a coincidence or targeted advertising?

Your link did not work. I think that the page concerned has been lost too:E

No, it's still here. If anyone else is having difficulties accessing MoD's latest fairy story, the whole spiel is below (a direct copy of the webpage).




The access keys for this site are:
ALT plus A links to this site's Accessibility Statement. (http://www.mod.uk/DefenceInternet/Accessibility)
ALT plus H links to the Defence home page (http://www.mod.uk/DefenceInternet/Home).
ALT plus C skips to an index of the contents of this page (http://www.mod.uk/DefenceInternet/Templates/NewsArticle.aspx?NRMODE=Published&NRNODEGUID=%7bE15D1B36-A33A-4543-B713-748546B722B6%7d&NRORIGINALURL=%2fDefenceInternet%2fDefenceNews%2fDefencePoli cyAndBusiness%2fModIssuesUpdateOnMissingEdsHardDisk%2ehtm&NRCACHEHINT=Guest#page-contents).
ALT plus N skips to the navigation on each page (http://www.mod.uk/DefenceInternet/Templates/NewsArticle.aspx?NRMODE=Published&NRNODEGUID=%7bE15D1B36-A33A-4543-B713-748546B722B6%7d&NRORIGINALURL=%2fDefenceInternet%2fDefenceNews%2fDefencePoli cyAndBusiness%2fModIssuesUpdateOnMissingEdsHardDisk%2ehtm&NRCACHEHINT=Guest#navigation).
ALT plus T jumps to the top of the page (http://www.mod.uk/DefenceInternet/Templates/NewsArticle.aspx?NRMODE=Published&NRNODEGUID=%7bE15D1B36-A33A-4543-B713-748546B722B6%7d&NRORIGINALURL=%2fDefenceInternet%2fDefenceNews%2fDefencePoli cyAndBusiness%2fModIssuesUpdateOnMissingEdsHardDisk%2ehtm&NRCACHEHINT=Guest#page).Additional accessibility information for Defence can be found in the Defence Accessibility Statement. (http://www.mod.uk/DefenceInternet/Accessibility)

MOD home (http://www.mod.uk/DefenceInternet/Home/)
defence for... (http://www.mod.uk/DefenceInternet/DefenceFor/)
about defence (http://www.mod.uk/DefenceInternet/AboutDefence/)
defence news (http://www.mod.uk/DefenceInternet/DefenceNews/)
A - Z index (http://www.mod.uk/DefenceInternet/AZIndex/)
contact us (http://www.mod.uk/DefenceInternet/ContactUs/)
help (http://www.mod.uk/DefenceInternet/Help/) Search Term:Search defence:

Search Scope:

http://stat.onestat.com/stat.aspx?tagver=2&sid=232240&url=http%3A//www.mod.uk/defenceinternet/defencenews/defencepolicyandbusiness/modissuesupdateonmissingedsharddisk.htm&ti=Ministry%20of%20Defence%20%7C%20Defence%20News%20%7C%20De fence%20Policy%20and%20Business%20%7C%20MOD%20issues%20updat e%20on%20missing%20EDS%20hard%20disk&section=CONTENTSECTION&custom=&cma=&cmt=&cmm=&cmp=&cmg=&cmad=editable%20region&rf=http%3A//www.pprune.org/military-aircrew/346476-more-data-losses-2.html&tz=-60&ch=20&js=1&ul=en-GB&ol=http%3A//www.mod.uk/DefenceInternet/DefenceNews/DefencePolicyAndBusiness/ModIssuesUpdateOnMissingEdsHardDisk.htm&sr=1024x768&cd=32&jo=Yes http://stat.onestat.com/stat.aspx?tagver=2&sid=232240&js=No& (http://www.onestat.com) http://statse.webtrendslive.com/dcsnb2uz410000kjwderwgiuz_6p5i/njs.gif?dcsuri=/nojavascript&WT.js=No&WT.tv=8.0.2 Defence
News Article

MOD issues update on missing EDS hard disk

A Defence Policy and Business (http://www.mod.uk/DefenceInternet/DefenceNews/DefencePolicyAndBusiness/) news article

10 Oct 08

The Ministry of Defence has released an update on a missing EDS hard disk, as follows, on the evening of 10 October 2008:


http://www.mod.uk/DefenceInternet/Templates/GenerateThumbnail.aspx?imageURL=/NR/rdonlyres/B4F6766E-8A5B-469B-878F-4D22F14963BD/0/announceMODsombre.jpg&maxSize=210 (http://www.mod.uk/DefenceInternet/Templates/LargeImageTemplate.aspx?img=/NR/rdonlyres/B4F6766E-8A5B-469B-878F-4D22F14963BD/0/announceMODsombre.jpg&alt=MOD%20Announcement) Ministry of Defence

EDS, an MOD IT contractor, has reported that it can not identify the whereabouts of a portable hard disk drive. The device had been used with the TAFMIS recruitment system and may, in the worst case, contain details relating to individuals who have either expressed an interest or applied to join the Armed Forces.
An investigation is being conducted by the MOD Police and EDS, and it is still hoped that the item can be located at another secure site. There is no indication that the data, if indeed it has fallen into unauthorised hands, has been exploited maliciously in any way; but it is possible that personal information on anyone serving or who has served in recent years in the Armed Forces may have been compromised. But we would emphasise that our assessment of the risk of misuse of this data is low, given the circumstances of this incident.
The information held will not be the same for every individual. In some cases, for casual enquiries, the record will be no more than a name and contact details. But, for those who progressed as far as submitting an application to join the Forces, more extensive personal data may be held, including passport details, National Insurance numbers, drivers’ licence details, family details, doctors’ addresses and National Health Service numbers.
With regard to those individuals for whom financial details may have been held on the database, the MOD is taking action, through APACS (the Association for Payment Clearing Services), to inform banks so that relevant accounts can be flagged for scrutiny against unauthorised access.
Anyone concerned that they may have been on the database can get in touch via email – [email protected] – or via a helpline (0800 121 6213). For those phoning from overseas, the number is +44 (0) 207 353 9111. This will be available from 1000 to 1600 on Saturday 11 and Sunday 12 October, and 0900 to1700 during the normal working week thereafter.















Defence News (http://www.mod.uk/DefenceInternet/DefenceNews/)
in this section:

People In Defence (http://www.mod.uk/DefenceInternet/DefenceNews/PeopleInDefence/)
Military Operations (http://www.mod.uk/DefenceInternet/DefenceNews/MilitaryOperations/)
Equipment and Logistics (http://www.mod.uk/DefenceInternet/DefenceNews/EquipmentAndLogistics/)
Defence Policy and Business (http://www.mod.uk/DefenceInternet/DefenceNews/DefencePolicyAndBusiness/)
Training and Adventure (http://www.mod.uk/DefenceInternet/DefenceNews/TrainingAndAdventure/)
Estate and Environment (http://www.mod.uk/DefenceInternet/DefenceNews/EstateAndEnvironment/)
History and Honour (http://www.mod.uk/DefenceInternet/DefenceNews/HistoryAndHonour/)
Royal Navy (http://www.mod.uk/DefenceInternet/DefenceNews/RN/)
British Army (http://www.mod.uk/DefenceInternet/DefenceNews/Army/)
Royal Air Force (http://www.mod.uk/DefenceInternet/DefenceNews/RAF/)
In Depth (http://www.mod.uk/DefenceInternet/DefenceNews/InDepth/)
News Archive (http://www.mod.uk/DefenceInternet/DefenceNews/Archive/)
Press Centre (http://www.mod.uk/DefenceInternet/DefenceNews/PressCentre/) Related Links

Data Handling Procedures in Government (http://www.cabinetoffice.gov.uk/reports/data_handling.aspx) Report into the Loss of MOD Personal Data (http://www.mod.uk/DefenceInternet/AboutDefence/CorporatePublications/PolicyStrategyandPlanning/ReportIntoTheLossOfModPersonalData.htm)Defence News Blog (http://www.blogs.mod.uk/)
Related News

MOD agrees data action plan after laptop loss (http://www.mod.uk/DefenceInternet/DefenceNews/DefencePolicyAndBusiness/ModAgreesDataActionPlanAfterLaptopLoss.htm)Browne announces review on MOD information security (http://www.mod.uk/DefenceInternet/DefenceNews/DefencePolicyAndBusiness/BrowneAnnouncesReviewOnModInformationSecurity.htm)

Accessibility (http://www.mod.uk/DefenceInternet/Accessibility/)
Freedom of Information (http://www.mod.uk/DefenceInternet/FreedomOfInformation/)
Copyright (http://www.mod.uk/DefenceInternet/Copyright/)
Your Privacy (http://www.mod.uk/DefenceInternet/YourPrivacy/)
Security Policy (http://www.mod.uk/DefenceInternet/SecurityPolicy/)
http://www.mod.uk/DefenceInternet/Images/directgov-footer-logo.gif (http://www.direct.gov.uk/)

Back in 2006 I mentioned on this site that the JPA System had a couple of security issues. However when I left earlier this year they still had not carried out the necessary security upgrades required to ensure the integrity of data.

I laugh at how I was treated in regard to the whole sorry affair.

The shocking lack of understanding of Data Security by EDS and the MOD is a farce of the highest British proportions.

They treat the Data Protection Act as a tool to slap the operator down with but do not pay it due and proper consideration when the requirement is on them.

But until they (we) stop buying the cheapest option, which includes employing monkies and hiding behind process that are inadequate for the task and no accountability (not just shooting the lowest rank present), we will continue to have these issues and them being aired in the press.

I don't even think our specialists have a proper understanding of what is meant by computer sy. One of my colleagues was told he couldn't keep a Service laptop at home over the weekend prior to taking it abroad on duty on the Monday morning (very early). Before being permitted to do so, the feds would need to conduct a survey of his house. As if that weren't mad enough, one of the additional concerns was that the laptop (which was cleared up to REST only) was fully encrypted (BeCrypt), which meant this would make it a greater target so it would need even more protection.

By the way, I advise anyone out there who has a work laptop to make sure it is encrypted. It really isn't that difficult to use, and will genuinely protect YOU if it gets lost or stolen (as long as you aren't so stupid as to carry the dongle and password around with the laptop(egin the case!)).

STH

Why is there still nothing on the official RAF site about who to contact about this?

Could it be that they've lost the blokes name, home address, phone no, work address, phone no, service no, NI no, email address..............................etc

They don't need to lose electronic data to scupper you. JPA posted 4 of my pay statements to Iraq while I was in Afghanistan!!!!

(as long as you aren't so stupid as to carry the dongle and password around with the laptop(egin the case!)).

Yeah, right.

I used (we used) a number of laptops from RAF Henlow. The laptops each had the password and login details in laminated plastic in the case. The nature of the lamination meant it could not fit in a pocket. best place to keep it . . .

I now have 4 work passwords on one machine at work. That I can't enter passwords 2, 3 and 4 unless I am logged in is a nonsense. Password 2 is 10 alpha/numeric characters but at least I can set them myself. Password 1 is 9 letters, password 3 is 9 numbers and so on.

They make it so difficult that people will write them down.

At home I use a password generator and storeage system not least because all my banks use different systems too.

And how many cards do we have that require PIN? And how many people have a different PIN for each card.

:(

They have told me that my details are not on it. Happy Days!! Not that I believe them :8

How do they know if they can'y find it???

Add this into the mix, a matelot that I have the misfortune to be good mates with has said that two of the junior scroates he works with has such little trust of the security of data and also of the baks at the moment they have requested to be paid in cash!

I believe the midden is about to hit the windmill. I heard a shares advisor saying that his cleint put all their money in canned food and shotguns.

Letter came in today stating that my data ("general service information") had been transferred to the drive....standard brush-off which stated that "we have conducted a risk assessment...risk of identity fraud is low" with a link to a defunct Home Office website address! Message is clear....go away, we don't care!

Duty of care this is not! I'm asking if BAFF can delve deeper. Only some sort of formal action can minimise the chance of this happening again.

An ex colleague has just come up with the latest in conspiracy theories, following an item in todays Telegraph :
'A leading rail union has called for an urgent inquiry after a laptop containing personal details of 150,000 workers in the industry was stolen.'
It seems the only people in the country who haven't had their data lifted, lost or misplaced are our MPs, so is this a back door attempt to get all our ID card data set in place in advance?

Dont blame me - I just said I'd post it for him! :oh:

Is this new news, or old news:

BBC NEWS | Politics | Up to 1.7m people's data missing (http://news.bbc.co.uk/1/hi/uk_politics/7667507.stm)

"A missing computer hard drive may have contained details of 1.7 million people who had enquired about joining the armed forces, the government has said.
The drive was reported missing last week by EDS, a firm contracted to the Ministry of Defence.
Armed Forces Minister Bob Ainsworth told MPs the information, which went missing at an EDS site in Hampshire, was "unlikely" to have been encrypted"


Best to get them young, really, saves Al Q, Terry, KGB, Stasi etc. so much trouble :ugh:

24 hours after providing the requested verification details, got this reply back from Recruit Data:
Thank you for your e-mail response.
I have checked the database and can confirm that your information is not stored on it in any form.
As a negative trace has been returned we do not have any information to send you and therefore trust that this satisfies your query.
Why can't SPVA use the same validation requirements to tell me if my data was lost in the Innsworth loss?

N Joe

I have lost count as to which of my records have not been lost :sad: