Loss of RAF Data
Join Date: Nov 2007
Location: scotland
Posts: 102
Likes: 0
Received 0 Likes
on
0 Posts
The form asked for all her personal data, and additionally the name, former name, place/date of birth and passport numbers of both her parents.
Join Date: Jul 2007
Location: Somerset
Age: 68
Posts: 182
Likes: 0
Received 0 Likes
on
0 Posts
The Navy recruitment ad ran on the telly earlier with the strapline "Life without limits". Perhaps that should be "Life without laptops", or "...without limits on stupidity"
Join Date: Jan 2003
Location: England
Posts: 964
Likes: 0
Received 0 Likes
on
0 Posts
Ed
but the addresses are all on the laptop
In addition to whatever "standard" punishment the officer will receive, I think he should print out 600,000 letters of apology and personally sign, seal and post everyone of them.
Join Date: Mar 2007
Location: FL410
Posts: 383
Likes: 0
Received 0 Likes
on
0 Posts
Amazed...
Just for interest this is the reply I received after contacting the email hotline:
"Dear Sir
Thank you for your enquiry to MoD Recruitment Data Check.
I have checked the data base using the information you have supplied and I can advise there may be a record which relates to you held on the laptop.
If you require further information at this time can you please apply in writing to the address noted below and enclose photocopies of two of the following document
·A photocopy of the page of your passport with your photograph on it.
·A photocopy of your driving licence (both card and paper counterpart).
·A photocopy copy of a recent utility or other bill, such as a mobile phone bill showing your home address. We do not need to see the details of the bill, just the address
·A letter from your employer confirming your home address.
·A photocopy of any letter from a body such as your bank, building society or council showing your home address. We do not need to see the contents of the letter, just the address.
The address is: Recruit Data Check
Mail Point 403
Kentigern House
65 Brown Street
Glasgow
G2 8EX
I have included some information:
What risk is there with this information being lost ?
MOD’s assessment is that the loss of data does not pose a significant risk to personal security.
We have already informed banks of the potential loss of data for the small proportion of records where bank account information was held. This means that banks have already been alerted to look for signs of any irregularities in these accounts and then to alert individuals.
In addition, at the request of the Home Office, the Association for Payment Clearing Services now play a leading role in raising the awareness of identity theft. Should you have internet access, you may wish to view their website which provides practical advice on to how minimize any potential problem as a result of potential loss of data. This website can be viewed at www.identitytheft.org.uk.
If I am one of the people affected, what should I do?
There are some practical steps you can take to make sure your information can’t be used to defraud you or for other criminal purposes.
You shouldn’t give out personal details if anyone contacts you unexpectedly but take a note of their name and telephone number.
If any of the passwords you use to access personal accounts (for example on the internet) use any of your personal data, for example your date of birth, you should consider changing them.
What steps have you taken to protect bank details?
If you are one of the people whose bank details may have been affected, we have already let your bank know about the theft and they are monitoring your account for signs of any unauthorised activity.
The banks and building societies have told us that they have the appropriate safeguards in place and that there is no need for you to ask for a new account or to contact them.
If your account is used fraudulently by someone else then you will not have to pay but you might wish to take some steps to protect yourself. If you receive bills, invoices or receipts or see entries in your statements for goods or services which you have not ordered you should contact your bank or building society immediately.
Yours faithfully,
MoD Recruitment Data Check"
I find it absolutely amazing that they can't even be arsed to apologise! And what makes them think I'm going to trust the MOD with copies of ANY important documents?
In the time since I submitted my application to the RN, I've had time to join, complete 9 years service, retire and move on.. What the devil do they need data on me on some idiot's laptop for?
Court martial him. And then send him to me...
Steward, my gun!
"Dear Sir
Thank you for your enquiry to MoD Recruitment Data Check.
I have checked the data base using the information you have supplied and I can advise there may be a record which relates to you held on the laptop.
If you require further information at this time can you please apply in writing to the address noted below and enclose photocopies of two of the following document
·A photocopy of the page of your passport with your photograph on it.
·A photocopy of your driving licence (both card and paper counterpart).
·A photocopy copy of a recent utility or other bill, such as a mobile phone bill showing your home address. We do not need to see the details of the bill, just the address
·A letter from your employer confirming your home address.
·A photocopy of any letter from a body such as your bank, building society or council showing your home address. We do not need to see the contents of the letter, just the address.
The address is: Recruit Data Check
Mail Point 403
Kentigern House
65 Brown Street
Glasgow
G2 8EX
I have included some information:
What risk is there with this information being lost ?
MOD’s assessment is that the loss of data does not pose a significant risk to personal security.
We have already informed banks of the potential loss of data for the small proportion of records where bank account information was held. This means that banks have already been alerted to look for signs of any irregularities in these accounts and then to alert individuals.
In addition, at the request of the Home Office, the Association for Payment Clearing Services now play a leading role in raising the awareness of identity theft. Should you have internet access, you may wish to view their website which provides practical advice on to how minimize any potential problem as a result of potential loss of data. This website can be viewed at www.identitytheft.org.uk.
If I am one of the people affected, what should I do?
There are some practical steps you can take to make sure your information can’t be used to defraud you or for other criminal purposes.
You shouldn’t give out personal details if anyone contacts you unexpectedly but take a note of their name and telephone number.
If any of the passwords you use to access personal accounts (for example on the internet) use any of your personal data, for example your date of birth, you should consider changing them.
What steps have you taken to protect bank details?
If you are one of the people whose bank details may have been affected, we have already let your bank know about the theft and they are monitoring your account for signs of any unauthorised activity.
The banks and building societies have told us that they have the appropriate safeguards in place and that there is no need for you to ask for a new account or to contact them.
If your account is used fraudulently by someone else then you will not have to pay but you might wish to take some steps to protect yourself. If you receive bills, invoices or receipts or see entries in your statements for goods or services which you have not ordered you should contact your bank or building society immediately.
Yours faithfully,
MoD Recruitment Data Check"
I find it absolutely amazing that they can't even be arsed to apologise! And what makes them think I'm going to trust the MOD with copies of ANY important documents?
In the time since I submitted my application to the RN, I've had time to join, complete 9 years service, retire and move on.. What the devil do they need data on me on some idiot's laptop for?
Court martial him. And then send him to me...
Steward, my gun!
Join Date: Jan 2003
Location: England
Posts: 964
Likes: 0
Received 0 Likes
on
0 Posts
We have lost your data, so please send all the sensitive bits to us again, so we can lose it again
D O
So you are at 9 years + retirement, maybe we should press to test and see who gets the 'longest' time back where they say
D O
So you are at 9 years + retirement, maybe we should press to test and see who gets the 'longest' time back where they say
I can advise there may be a record which relates to you held on the laptop
Join Date: May 2002
Location: In a hole, in the garden.
Posts: 56
Likes: 0
Received 0 Likes
on
0 Posts
I am furious about this as a close personal relative had their info. on this computer. They have never applied to join or been in the Armed forces but had a job with a link to them. They had an apologetic call from an Army Officer and were given a police number to call immediately if needed as their security is now threatened. I don't know how this laptop went walkies but I hope whoever is to blame will be seriously dealt with.
Join Date: Apr 2005
Location: Europe
Posts: 414
Likes: 0
Received 0 Likes
on
0 Posts
Is the MOD exempt from the Data Protection Act?
http://www.ico.gov.uk/what_we_cover/...rotection.aspx
Can we expect a mahoosive fine or even a prosecution for the loss of the data that we probably shouldn't have kept in the first place?
Standby for even tighter rules on IT, our laptops and PCs will take so long to log into soon it won't be worth using them
http://www.ico.gov.uk/what_we_cover/...rotection.aspx
Can we expect a mahoosive fine or even a prosecution for the loss of the data that we probably shouldn't have kept in the first place?
Standby for even tighter rules on IT, our laptops and PCs will take so long to log into soon it won't be worth using them
I can see no reason whatsoever that sensitive data like this, which contains the personal details of thousands of people, should be allowed to be downloaded onto a local hard disc.
Yes, it may be that somebody may want to analyse this data (perhaps offline) but there is no reason for this data to contain any personal details.
I am sure (at least I hope) that the banks do not allow personal data of their customers to be downloaded onto the laptops of their employees, so why the MoD and other government departments?
The Pharmaceutical industry collects masses of data in the clinical research process from patients (sorry, I mean subjects) taking part in clinical trials all over the world on a daily basis. This data is then analysed by the stats department within each pharma company. None of this data contains personal details of the people taking part in the trials. If they can do it so can government departments.
Anyone who authorises a software program to be able to download personal data onto a local hard disc should be responsible and accountable - in court if necessary.
Do you have data on your local disc which could embarrass you (or the MoD) if found in the boot of your car or stolen from your home??
Think long and hard about this hard now.
.....and what are you going to do about it??
Yes, it may be that somebody may want to analyse this data (perhaps offline) but there is no reason for this data to contain any personal details.
I am sure (at least I hope) that the banks do not allow personal data of their customers to be downloaded onto the laptops of their employees, so why the MoD and other government departments?
The Pharmaceutical industry collects masses of data in the clinical research process from patients (sorry, I mean subjects) taking part in clinical trials all over the world on a daily basis. This data is then analysed by the stats department within each pharma company. None of this data contains personal details of the people taking part in the trials. If they can do it so can government departments.
Anyone who authorises a software program to be able to download personal data onto a local hard disc should be responsible and accountable - in court if necessary.
Do you have data on your local disc which could embarrass you (or the MoD) if found in the boot of your car or stolen from your home??
Think long and hard about this hard now.
.....and what are you going to do about it??
Last edited by Frelon; 21st Jan 2008 at 13:15. Reason: Punctuation!
Join Date: Aug 2006
Location: Button Moon.
Posts: 41
Likes: 0
Received 0 Likes
on
0 Posts
Seeing as my data is no doubt on said laptop I'll have my twogigs worth.
Looking at the MOD statement and the posts on this thread and I'd say it's fairly reasonable to conclude that the 600,000 records is everyone that's enquired and then joined (or not) the two services within the last ten years.
I don't know why bank details would be with that. I don't recall ever being asked for bank details as part of the recruitment process...?
So there's a question about the source of such data and then why was it needed. Were they planning to cold-call those who lost interest? Were they looking to identify target areas based on enquiries, is there an area of Solihull with a predisposition to join the SBS?
I'm surprised that people, especially military (how quickly we forget the IRA) do not know that laptops are an easy target, especially for your average junkie that needs a quickfix.
Very disappointed. For the officer concerned the worst thing, ultimately, is the shame in letting down your colleagues.
Looking at the MOD statement and the posts on this thread and I'd say it's fairly reasonable to conclude that the 600,000 records is everyone that's enquired and then joined (or not) the two services within the last ten years.
I don't know why bank details would be with that. I don't recall ever being asked for bank details as part of the recruitment process...?
So there's a question about the source of such data and then why was it needed. Were they planning to cold-call those who lost interest? Were they looking to identify target areas based on enquiries, is there an area of Solihull with a predisposition to join the SBS?
I'm surprised that people, especially military (how quickly we forget the IRA) do not know that laptops are an easy target, especially for your average junkie that needs a quickfix.
Very disappointed. For the officer concerned the worst thing, ultimately, is the shame in letting down your colleagues.
Join Date: Aug 2006
Location: firmly on dry land
Age: 81
Posts: 1,541
Likes: 0
Received 0 Likes
on
0 Posts
(a page of no,no's could be supplied with the application form to filter out the time wasters)
it reduces the amount of personal data held unnecessarily by the MoD.
Retaining or collating all that material on one laptop is an entirely different matter. Surely any data analysis should be done at the HQ level and not an outstation. As it appears itis Air Force/Navy data well the mind boggles 600000 for a combined force of 70-80000.
Stroll on 1615.
The maddening thing about this is that the world-standard database format, SQL, includes as standard the ability to define, grant, and revoke levels of permission for any and all users on the system. Quite simply you GRANT read, edit ON recruits for each user, or each group of users; under no circumstances do you GRANT ALL ON recruits to anyone but the db administrator. However, it seems anyone in government gets to use the DUMP command (i.e. export all records to local disk)...
Join Date: Jun 2007
Location: UK
Posts: 43
Likes: 0
Received 0 Likes
on
0 Posts
Whatever this information was being used for, right or wrong, it does not excuse the way it has been handled. It should have been made secure. As someone who has lost his data in this incident, the most annoying part is not that this data was being kept, because as someone who is serving this is expected, but the fact that it was stored in such an irresponsible manner.
I have found myself asking the same questions that have been posed on here several times, why did this chap have these details to take home with him, why were they not encrypted, and why (ffs) did he leave them in his car? If he was doing something dodgy (not neccessarily for personal gain, but just flaunting the I.T. rules to meet deadlines or something along those lines), then why on earth was he not taking EXTRA care?
And as for sending a photocopy of my details off to Glasgow? The jury is still out on that one...
I have found myself asking the same questions that have been posed on here several times, why did this chap have these details to take home with him, why were they not encrypted, and why (ffs) did he leave them in his car? If he was doing something dodgy (not neccessarily for personal gain, but just flaunting the I.T. rules to meet deadlines or something along those lines), then why on earth was he not taking EXTRA care?
And as for sending a photocopy of my details off to Glasgow? The jury is still out on that one...
Anyone who works in Birmingham should know better than to leave anything of value in a car in Edgbaston - it's a wonder the car was still there [and I do speak from experience having worked in that area and had my car stolen -that was 30 years ago and I think crime has worsened since then]
Join Date: Sep 2006
Location: between a rock and a hard place
Posts: 218
Likes: 0
Received 0 Likes
on
0 Posts
Submitted to BBC not too long ago:
I am one of the many serving members of the Armed Services who has had their personal details stolen in the recent theft of a laptop.
Today we received a "signal" that, because the incident had appeared in the press it was probably best that we should all know what had happened. In other words almost a written confession that the MoD would not have informed us had it not been made public knowledge.
This is obviously unsatisfactory but I feel there are further questions that need asking here. For instance why would my details from my application in 1997 still be recorded? This poses many Data Protection Act questions and surely warrants further investigation.
Also, amazingly, when calling the phone number set up to check if your details were lost or not, on confirmation that ones details have been lost they then ask you to post a copy of a bank statement, utility bill, driving license / passport to Confirm your Identity !!!! Unbelievable and just a little incompetent. I shall not be providing yet further information so that it can be lost by these idiots.
I just hope that we all receive a written apology and that some consequences occur ref the DPA.
I DO NOT think that the Lt concerned should be made an example of, yes he was a complete tool for leaving the laptop in the car. The important thing is that this exposes much deeper issues with the way some parts of the MoD are handling our data.
Grrrrrrrrrrrr
I am one of the many serving members of the Armed Services who has had their personal details stolen in the recent theft of a laptop.
Today we received a "signal" that, because the incident had appeared in the press it was probably best that we should all know what had happened. In other words almost a written confession that the MoD would not have informed us had it not been made public knowledge.
This is obviously unsatisfactory but I feel there are further questions that need asking here. For instance why would my details from my application in 1997 still be recorded? This poses many Data Protection Act questions and surely warrants further investigation.
Also, amazingly, when calling the phone number set up to check if your details were lost or not, on confirmation that ones details have been lost they then ask you to post a copy of a bank statement, utility bill, driving license / passport to Confirm your Identity !!!! Unbelievable and just a little incompetent. I shall not be providing yet further information so that it can be lost by these idiots.
I just hope that we all receive a written apology and that some consequences occur ref the DPA.
I DO NOT think that the Lt concerned should be made an example of, yes he was a complete tool for leaving the laptop in the car. The important thing is that this exposes much deeper issues with the way some parts of the MoD are handling our data.
Grrrrrrrrrrrr
Join Date: Aug 2006
Location: firmly on dry land
Age: 81
Posts: 1,541
Likes: 0
Received 0 Likes
on
0 Posts
That would be D O Guerero http://www.pprune.org/forums/member.php?u=169934 then 
Join Date: May 2005
Location: Brighton
Age: 46
Posts: 33
Likes: 0
Received 0 Likes
on
0 Posts
Having just called the helpline I now know that my details are amongst those lost.
Given that I left the RAF just over a year ago, I can think of no possible reason why a RN Petty Officer recruiter attending an URNU town night in Brum should have in his possession my personal, legal and financial data and then leave it unattended. This simply is not good enough: a balls up of epic proportions from the PO involved but also mismanagement of sensitive information at a higher level.
It seems that some of the personal security lessons of the IRA years have been forgotten by this chap and his heirachy on a monumental scale. Potentially Al Q could now have the home address and family details of everyone who has joined the Armed Forces in the last 10 years (the overwhelming majority of all serving personnel) and the Nigerians could have a bumper harvest financially crippling the same group.
Forgetting the Data Protection Act for a moment and considering the detrimental effect this could have on the security of the majority of personnel, perhaps the Official Secrets Act should be invoked. I suspect, though, that most of this data is 'Staff in Confidence' whereas by virtue of the sheer volume of sensitive personal information it should be handled as Secret or Top Secret.
In short: not a happy bunny. Let's hope the thief panicked and threw the laptop in a canal. Unfortunately, no one will ever know how far this data has travelled until it comes back to bite us on the arse.
I'm sure 'lessons will be learned' as always. Unfortunately they should have been known all along and now the damage may well have been done. Muppets.
Given that I left the RAF just over a year ago, I can think of no possible reason why a RN Petty Officer recruiter attending an URNU town night in Brum should have in his possession my personal, legal and financial data and then leave it unattended. This simply is not good enough: a balls up of epic proportions from the PO involved but also mismanagement of sensitive information at a higher level.
It seems that some of the personal security lessons of the IRA years have been forgotten by this chap and his heirachy on a monumental scale. Potentially Al Q could now have the home address and family details of everyone who has joined the Armed Forces in the last 10 years (the overwhelming majority of all serving personnel) and the Nigerians could have a bumper harvest financially crippling the same group.
Forgetting the Data Protection Act for a moment and considering the detrimental effect this could have on the security of the majority of personnel, perhaps the Official Secrets Act should be invoked. I suspect, though, that most of this data is 'Staff in Confidence' whereas by virtue of the sheer volume of sensitive personal information it should be handled as Secret or Top Secret.
In short: not a happy bunny. Let's hope the thief panicked and threw the laptop in a canal. Unfortunately, no one will ever know how far this data has travelled until it comes back to bite us on the arse.
I'm sure 'lessons will be learned' as always. Unfortunately they should have been known all along and now the damage may well have been done. Muppets.
Join Date: Aug 2006
Location: Button Moon.
Posts: 41
Likes: 0
Received 0 Likes
on
0 Posts
Just watching the discussion..
Laptops lost by MOD personnel:
2007: 68
2006: 66
2005: 40
2004: 173 (I am guessing this reflects the early days of extra stupidity)
Of this number, 2 more held recruitment data, one RN laptop stolen in October 2006 (I missed the number of records if it was announced) and 500 records on a laptop stolen from an Army "officer" in December 2005. Apparently it was believed these laptops were encrypted.
I know of one with Tornado data lost by a consultant from Wyton. Documents relating to this theft were reported in local media. One assumes that the figures included that one and that private companies do not hold this data also (CAPITA manage some aspects of Police recruitment?)
Des says he does not believe the problem (of unencrypted data of this type) extends any further than the handling of this particular database, which is managed by Army Training & Recruitment on behalf of all the services.
Liam Fox says this is worse than the Benefit case because it was definately stolen. He also asked whether the laptop concerned was an MOD or personal laptop due to the lack of encryption.
300 laptops have been recalled as part of this enquiry.
The laptop concerned had records dating back to 1997. Of the 600,000, 153,000 records held passport, national insurance, doctors details, religious beliefs, dates of birth and 3,700 included bank details.
Letters were sent to the 3,700. Further letters will be sent to the 153,000. Helpline and email contact established.
Sir Edmund Burton appointed to review. This outside of Police and MOD investigations.
Discussion ongoing.
Laptops lost by MOD personnel:
2007: 68
2006: 66
2005: 40
2004: 173 (I am guessing this reflects the early days of extra stupidity)
Of this number, 2 more held recruitment data, one RN laptop stolen in October 2006 (I missed the number of records if it was announced) and 500 records on a laptop stolen from an Army "officer" in December 2005. Apparently it was believed these laptops were encrypted.
I know of one with Tornado data lost by a consultant from Wyton. Documents relating to this theft were reported in local media. One assumes that the figures included that one and that private companies do not hold this data also (CAPITA manage some aspects of Police recruitment?)
Des says he does not believe the problem (of unencrypted data of this type) extends any further than the handling of this particular database, which is managed by Army Training & Recruitment on behalf of all the services.
Liam Fox says this is worse than the Benefit case because it was definately stolen. He also asked whether the laptop concerned was an MOD or personal laptop due to the lack of encryption.
300 laptops have been recalled as part of this enquiry.
The laptop concerned had records dating back to 1997. Of the 600,000, 153,000 records held passport, national insurance, doctors details, religious beliefs, dates of birth and 3,700 included bank details.
Letters were sent to the 3,700. Further letters will be sent to the 153,000. Helpline and email contact established.
Sir Edmund Burton appointed to review. This outside of Police and MOD investigations.
Discussion ongoing.
Last edited by Duckandcover; 21st Jan 2008 at 16:21.