The Ministry of Defence has reported the loss of the personal details of 600,000 people.
Following the theft of a laptop in the Edgbaston area of Birmingham last week, it has been claimed that this is potentially the most serious as recruits to the Armed Forces are targets for terrorists.
The details were of people who had expressed an interest in joining the Royal Navy, Royal Marines and Royal Air Force, and details included passport details, National Insurance numbers, family details and medical records. The laptop also contained bank records of at least 3,500 people.
Defence Secretary Des Browne is expected to explain the theft before MPs next week, and could face calls to resign if it appears that the MoD did not routinely encrypt data held on laptops or if the department's security procedures are found to be lacking.
A spokesperson for the MoD said: “The Ministry of Defence is treating the loss of this data with the utmost seriousness. We are writing to some 3,500 people whose bank details were included on the database.
“Action has already been taken with the assistance of APACS (the Association for Payment Clearing Services) to inform the relevant banks so that the relevant accounts can be flagged for scrutiny against unauthorised access.”
Chris Mayers, chief security architect at Citrix, said: “This is becoming an all too familiar occurrence, laptop losses which threaten to expose highly sensitive, personal information.
“But what strikes me about this particular incident is that the exposure only came to light during a ‘priority audit' following new data security guidelines from the Cabinet Office. If it wasn't for all the publicity about data loss – and the resulting government reports – the MoD might not even have noticed the computer was missing.
“It's clear government bodies are still not being careful enough when it comes to protecting the information they hold. There seems to still be a fundamental failure of total data protection planning that such sensitive data can be removed or transported and potentially exposed, without any proper security measures in place.
“All organisations handling sensitive data need to realise there is nothing more important than their responsibility to keep that data secure – which means ensuring data is properly encrypted, or better still, never leaves the datacentre.”