A lost USB stick that contained police information described as ‘dynamite' was found in the street outside a station.
According to reports, a stick containing more than 2,000 pages of highly sensitive and confidential information, intended to be seen only by senior officers, was found on a pavement near a Greater Manchester police station.
The USB stick was prominently branded with the Greater Manchester Police logo and included detailed strategies for acid and petrol bomb attacks, blast control training and the use of batons and shields. It also had a comprehensive list of officers' names, ranks and their divisions.
It was discovered by a 34-year-old passer-by, who asked the Daily Star Sunday to withhold his identity because he feared reprisals and said the documents could have become ‘a terrorists' charter'.
He is reported as saying: “It is scandalous that someone in the police, presumably a high-ranking officer, has been clumsy and negligent enough to lose information as powerful as this. If a terrorist group got hold of this, they could see which officers specialised in what field and where they should target.
“There are even diagrams of crowd control scenes. If this got into the wrong hands, they would be one step ahead of the police all the time. The information in there is dynamite.”
Senior officers are investigating how the files ended up being left in the street.
Terry Greer-King, UK managing director of Check Point, said that the incident highlights the fact that many organisations are still leaving security to chance on portable data storage devices.
He said: “This incident shows yet again why data on USB drives must be encrypted, always. Guidelines to staff and security policies don't stop devices being lost or misplaced, and these simple accidents and human errors will turn into real problems if data isn't protected.
“Companies should ensure all data copied to USB sticks and CDs is automatically encrypted, and the use of all non-authorised devices controlled. This ensures that users can't turn off or work around the security.”
Colin Woodland, VP EMEA at IronKey, said: "The issue of employees' losing data or being victims of theft will likely never change, which is why we're working with a number of constabularies and police forces across UK and EMEA who are actively using IronKey to protects officers on the streets.
"Obviously this sort of data really should have been encrypted, however, we advise our customers, whose mobile workers regularly handle sensitive or valuable data that they go beyond just simple encryption and implement an auditable data protection record. This way if the police wanted to know if someone had attempted to access the device there questions can be easily answered.
"In this case the ideal solution is a managed service, which would allow the IT department to manage the encrypted devices so they can track and ultimately destroy any data that is lost, even if it ended up in the hands of a terrorist group.”
This is not the first security incident to hit Greater Manchester Police, after it was left unconnected from its network for three days following a Conficker infection.
The police were also in the news earlier this year after a file containing personal details of more than 10,000 people were emailed by Gwent Police to The Register.