More data losses
Thread Starter
Join Date: Sep 2007
Location: W Sussex
Posts: 115
Likes: 0
Received 0 Likes
on
0 Posts
More data losses
Theyve done it again!
This from the times online this morning -
The Ministry of Defence has begun an investigation into its worst information security breach after a portable hard drive with details of about 100,000 servicemen and women and 800,000 applicants to join the Armed Services was found to be missing on Wednesday.
Sensitive details of the family members of personnel were also among the data stored, including bank details and passport numbers.
The portable hard drive — which is believed not to have been encrypted — was used by EDS, the MoD’s main IT contractor, to test computer equipment. It could have been missing for several days.
“The matter is being investigated by MoD police,” an MoD spokeswoman said last night. “We were informed by EDS that it was unable to account for a portable hard drive used in connection with the administration of Armed Forces personnel data. This came to light during a priority audit EDS is conducting to comply with the Cabinet Office data handling review.”
This from the times online this morning -
The Ministry of Defence has begun an investigation into its worst information security breach after a portable hard drive with details of about 100,000 servicemen and women and 800,000 applicants to join the Armed Services was found to be missing on Wednesday.
Sensitive details of the family members of personnel were also among the data stored, including bank details and passport numbers.
The portable hard drive — which is believed not to have been encrypted — was used by EDS, the MoD’s main IT contractor, to test computer equipment. It could have been missing for several days.
“The matter is being investigated by MoD police,” an MoD spokeswoman said last night. “We were informed by EDS that it was unable to account for a portable hard drive used in connection with the administration of Armed Forces personnel data. This came to light during a priority audit EDS is conducting to comply with the Cabinet Office data handling review.”
Join Date: Apr 2004
Location: Erehwon
Posts: 1,146
Likes: 0
Received 0 Likes
on
0 Posts
It stretches credulity that these 'losses' are not termed 'politically motivated'.
Has the 'system' always lost data, or are we just being told of each occurrence?
This level of breaches of personal security are unprecedented . . . or are they?
It makes me very angry because I meticulously shred all rubbish bearing any personal details that goes out to the dustmen, then 'our' government oversee losses of sensitive information on this scale.
First rule of Health and Safety etc etc, but we really DO need reliable institutions.
Has the 'system' always lost data, or are we just being told of each occurrence?
This level of breaches of personal security are unprecedented . . . or are they?
It makes me very angry because I meticulously shred all rubbish bearing any personal details that goes out to the dustmen, then 'our' government oversee losses of sensitive information on this scale.
First rule of Health and Safety etc etc, but we really DO need reliable institutions.
I don't own this space under my name. I should have leased it while I still could
12 years ago the same type of contractor, probably EDS even then, simply abandoned a server that had the images from the Strike Secret system. OK, they abandoned it in a secure room but it was unlabelled and no one looked for it.
Join Date: Jul 2007
Location: North of Watford (Gap)
Age: 58
Posts: 403
Likes: 0
Received 0 Likes
on
0 Posts
Heard this on the radio this morning. Words fail me... 
Yet another compelling reason why the ID card and other personal data projects need to be scrapped.
I wouldn't trust this lot to run a bath, never mind a country.
Yet another compelling reason why the ID card and other personal data projects need to be scrapped.
I wouldn't trust this lot to run a bath, never mind a country.
Join Date: Jul 2006
Location: bristol
Age: 56
Posts: 1,051
Likes: 0
Received 0 Likes
on
0 Posts
Shush everyone
Can you all keep it down for a while, I'm busy reading through Beagle's bank account details on this cheap hard drive I just bought. Hmmm he is not as well to do as I would have thought.
How must it feel if you were doing some form of guard duty, on a sensitive weapon, or piece of kit overnight (or more likely away overseas), and knowing that some "baddy" may have access to your home address where your kith and kin are sleeping supposedly soundly
This may be a stupid question, but could someone actually be criminally liable if anything untoward happens to anyone through the loss (and subsequent finding) of this information. I doubt that they would, given we have a government who are happy to return ministers who have needed to be previously sacked due to "poor performance"
Sorry to post such obvious (to many) things, but this is a rumour site and hopefully the odd politico is looking in too.
How must it feel if you were doing some form of guard duty, on a sensitive weapon, or piece of kit overnight (or more likely away overseas), and knowing that some "baddy" may have access to your home address where your kith and kin are sleeping supposedly soundly
This may be a stupid question, but could someone actually be criminally liable if anything untoward happens to anyone through the loss (and subsequent finding) of this information. I doubt that they would, given we have a government who are happy to return ministers who have needed to be previously sacked due to "poor performance"
Sorry to post such obvious (to many) things, but this is a rumour site and hopefully the odd politico is looking in too.
Join Date: Apr 2005
Location: France 46
Age: 77
Posts: 1,743
Likes: 0
Received 0 Likes
on
0 Posts
It is being reported that MOD has had 658 laptops stolen and 26 memory sticks "stolen or mislaid" in the last 4 years.
Why has this only now come into the public domain? Is there any member of the Armed Forces whose personal details have NOT been compromised?
Why has this only now come into the public domain? Is there any member of the Armed Forces whose personal details have NOT been compromised?
Join Date: Dec 2006
Location: Wilts
Posts: 183
Likes: 0
Received 0 Likes
on
0 Posts
I am taking out an Experian credit check annual subscription and intend sending the bill to the MOD. Perhaps everyone else should do the same.
Still fuming from the Innsworth debacle.
Ed
Still fuming from the Innsworth debacle.
Ed
Join Date: May 2006
Location: Arbistan
Posts: 85
Likes: 0
Received 0 Likes
on
0 Posts
Originally Posted by grabbers
I know I'm dull but is this recently announced loss in addition to the Innsworth breach?
Is there any news on the Innsworth breach, or will this slowly be forgotten? I'd like to know if either/both affect me and, if so, what MOD/Govt is going to do about it.
Red On, Green On
Join Date: May 2004
Location: Between the woods and the water
Age: 24
Posts: 6,487
Likes: 0
Received 2 Likes
on
2 Posts
Is there any member of the Armed Forces whose personal details have NOT been compromised?
.To save anyone the hassle I think I'll just post them up for sale on Ebay - why should some other f**k*r get the money when I can sell my own and keep the proceeds?
Join Date: Aug 2002
Location: where should i be today????
Age: 57
Posts: 342
Likes: 0
Received 0 Likes
on
0 Posts
That file containing apology letters will sure be getting thick 
so will the use of second class stamps ............no need to rush in giving us details after all
so will the use of second class stamps ............no need to rush in giving us details after all
Join Date: Mar 2004
Location: at the end of the bar
Posts: 484
Likes: 0
Received 0 Likes
on
0 Posts
This wouldn't have happened 10, or even 5 years ago. The availability of cheap, poratble high capacity storage media has resulted in a much more lax attitude to data security. Added to which, many of the contractors involved will not have the same security mindset as a member of the Forces or a career Civil Servant.
Obviously, you can get a lot more info on a 160Gb poratble hard drive than you could ever get on a 1mb floppy, but people tended to take more care of those, and USB memory sticks are so common these days. (I have one that has an 8Gb capacity) so the numbers invoved are much higher - easier to drop the whole database onto the storage to test off site than to take a proper, redacted set of test data.
Obviously, you can get a lot more info on a 160Gb poratble hard drive than you could ever get on a 1mb floppy, but people tended to take more care of those, and USB memory sticks are so common these days. (I have one that has an 8Gb capacity) so the numbers invoved are much higher - easier to drop the whole database onto the storage to test off site than to take a proper, redacted set of test data.
Join Date: Aug 2006
Location: firmly on dry land
Age: 81
Posts: 1,541
Likes: 0
Received 0 Likes
on
0 Posts
What they haven't sorted yet is the potential for emailing data.
Rather than risk losing your USB stick, CD, floppy or laptop, just email it home. Ansolutely secure, not. Once at home you can lose the data with impunity. Only if it resurfaces and there is a recoverable audit trail will it be found.
The sooner that a law is passed to protect information, especially sensitive information the better. That is to say punished criminally with real consequences if data is misused by anyone in the chain. Secure transportation of any disks/USB sticks that must be moved and full accountability of stewardship from start to finish. Also compartmentalisation of data, so that various pieces of the jigsaw are kept separately and only joined together on the express ok of a senior manager/civil-serpent.
It is obvious that the people in charge of the many data-bases are incompetent to varying degrees and need to adhere to rock solid protocols. For this not to happen NOW will only exacerbate the damage already caused and surely to come.
SHJ
It is obvious that the people in charge of the many data-bases are incompetent to varying degrees and need to adhere to rock solid protocols. For this not to happen NOW will only exacerbate the damage already caused and surely to come.
SHJ
Join Date: Feb 2006
Location: A lot closer to the sea
Posts: 665
Likes: 0
Received 0 Likes
on
0 Posts
Intriguing that this happens just as EDS are informed of job cuts (see other thread). Coincidence?
Beginning to get fed up with the fact that the bad guys may know more about me than my OJAR writer!
Beginning to get fed up with the fact that the bad guys may know more about me than my OJAR writer!
Join Date: Jan 2001
Location: UK
Posts: 887
Likes: 0
Received 0 Likes
on
0 Posts
It wouldn't have happened in my day as office/home computers barely existed and lugging an armful of files out of the office was a bit more obvious than sliding a SD card into one's pocket or banging off an e-mail. Bring back the abacus, I say.
Well, that's it then. They've had their chance.
This isn't the first incident, it isn't even the third incident. They can take as many chances as they like, I for one, shall not be.
When I'm next in work I will be clearing as many of my details: flying hours, operations, preferences, qualifications, armed forces railcard, posting preferences, next of kin details, med cats etc off JPA as I can.
I'm not a luddite (though I do dislike JPA) but after being told to 'embrace' the change all its done is left me vastly open to ID theft. Oh, and before anyone counters with, "You cannot know that for certain;" I would retort with, "That's exactly my point!"
No one - especially the MOD and EDS knows where my personal data is!
This is no longer about enhancing the admin system, but rather MY and my family's personal security.
From now on the Boss can have all those details written out a couple of months before to help him with my SJAR before shredding it afterwards. My Will and Next of kin details can be kept on paper in a locked filing cabinet (with the keys locked in a safe) on the Sqn.
Sod them - they can't be trusted.
This isn't the first incident, it isn't even the third incident. They can take as many chances as they like, I for one, shall not be.
When I'm next in work I will be clearing as many of my details: flying hours, operations, preferences, qualifications, armed forces railcard, posting preferences, next of kin details, med cats etc off JPA as I can.
I'm not a luddite (though I do dislike JPA) but after being told to 'embrace' the change all its done is left me vastly open to ID theft. Oh, and before anyone counters with, "You cannot know that for certain;" I would retort with, "That's exactly my point!"
No one - especially the MOD and EDS knows where my personal data is!
This is no longer about enhancing the admin system, but rather MY and my family's personal security.
From now on the Boss can have all those details written out a couple of months before to help him with my SJAR before shredding it afterwards. My Will and Next of kin details can be kept on paper in a locked filing cabinet (with the keys locked in a safe) on the Sqn.
Sod them - they can't be trusted.
I don't own this space under my name. I should have leased it while I still could
SVK, good idea.
I was once put on the emergenct reinforcement list and told to hand my passport into PSF. No, I said, I paid for it, my passport, I keep it. You wnat it, you pay for it!
Soon as I get in I shall be doing a little kleenex job.
My letter states:
'they include general service information relating to yourself' thanks, such as what?
'no evidence to suggest that your details are being used for criminal purposes' YET and how would they know? Are they browsing my bank accounts? Who bought all those shares before they crashed
At least '. . . risk assessment . . . risk of identity fraaud is low.'
Tosser. I thought his dad was a cnut as well.
I was once put on the emergenct reinforcement list and told to hand my passport into PSF. No, I said, I paid for it, my passport, I keep it. You wnat it, you pay for it!
Soon as I get in I shall be doing a little kleenex job.
My letter states:
'they include general service information relating to yourself' thanks, such as what?
'no evidence to suggest that your details are being used for criminal purposes' YET and how would they know? Are they browsing my bank accounts? Who bought all those shares before they crashed
At least '. . . risk assessment . . . risk of identity fraaud is low.'
Tosser. I thought his dad was a cnut as well.