Leicester City Council has admitted to losing a USB stick that contained details on around 4,000 people.
According to This is Leicestershire, the data includes medical details on elderly and vulnerable people on LeicesterCare's files, the council's service to support vulnerable people. It also contained 2,000 keysafe codes that are used to open boxes that are attached to an outside wall of people's homes, which contain a key to the front door.
The council said that it is in the process of changing all of the codes. It reported that the missing memory stick was used as a back-up device to record information on council computers and was locked in a safe each night.
The stick is not supposed to leave the offices at any time and the council has said it believes it is missing within the building. It was last seen on Friday 5th March, officially reported as missing on Tuesday 9th March and reported to the police on Monday 14th March.
A city council spokesperson said: "We can confirm we are investigating the possible loss of a data device that contains personal details of around 4,000 LeicesterCare users. At this time we have no reason to believe this data has been removed deliberately. However, while we have been assured by our supplier the information on the device is not accessible to anyone who may find it, we are taking every precaution to maintain the security of our LeicesterCare users.”
Terry Greer-King, managing director of Check Point UK, said that the council took steps to secure the sensitive data before the loss, which he claimed was good news, but unfortunately, they are in a minority.
Dave Jevans, CEO of IronKey, said: “I think it is finally showing that there is an impact from more secure systems and from the Information Commissioner cracking down, but it is good to see people taking advantage of more secure measures. It is good news I suppose but you cannot stop people from losing things and that is why we have encryption.”
“When we surveyed 130 UK public and private sector organisations in November 2010, 52 per cent said they do not use data or device encryption, and a further eight per cent admitted they didn't even know if encryption was in use. So there's still a big security gap to be bridged, even though automated data encryption is easily deployed so that employees cannot work around or disable the protection.”
Tom Colvin, CTO of Conseal Security, said: “This news once again stands as testament to the fact that current storage security solutions for removable storage are not adequate or do not fit the way that users and organisations need to operate in order to remain efficient and productive.
“Complex endpoint security solutions that only allow specific USB devices or approved removable media to be used are extremely expensive and cumbersome, which almost certainly led to Leicester City Council relying on the rather out-dated need to lock up the memory stick in a safe every night. By using a solution that could remotely self destruct the data the moment they realised the memory stick had been misplaced would have afforded them an extra level of security and protection.”