The Ministry of Defence (MoD) has admitted that it has lost 340 laptops in the past two years with less than half having encrypted data.
In a response to a Freedom of Information request by Lewis PR, the MoD revealed that 120 laptops were stolen and 220 were lost. Only 25 were recovered. Also, 593 CDs, DVDs and floppy disks, 215 USB memory sticks, 96 hard-disk drives and 13 mobile phones also went missing, many containing sensitive data which was not encrypted.
The biggest departmental loser was the Department for Work and Pensions, which lost 71 laptops, 48 mobile phones and had 27 BlackBerrys reported lost or stolen. The Department for Transport lost 38 laptops, 39 PDAs, 21 mobile phones and two memory sticks.
In total, the 11 departments questioned reported the loss of 518 laptops, 131 BlackBerrys /iPhones, 104 mobile devices and 932 memory devices. Added together this represented an estimated loss to the taxpayer of £777,854.29.
Sean Sullivan, security advisor at F-Secure, said: “It's scandalous that such a large amount of equipment and data has gone missing. There seems to be a cavalier approach to the storage and protection of data. Who knows what damage could be done to the UK if this material gets into the wrong hands?”
Dave Everitt, general manager at Absolute Software, said: “There are so many examples of bad practice here, within the very organisations that should be setting the example for everyone else, it's shocking. The sheer number of devices that were lost or stolen from the MoD is evidence that for all the hackers and computer viruses in the world, simple human error is still the biggest security threat to our national security.
“Of the 340 laptops lost by the MoD, only 25 were returned. Encryption use was low, but even if it is deployed, codes can be broken by those in the know. The technology already exists on most laptops to track stolen hardware and recover it – it's normally just a case of enabling this. If a laptop or mobile can't be tracked, Government departments should at least ensure they can remotely destroy the information held on it – rendering the laptop and its contents entirely useless.”
Keith Crosley, director of data loss prevention company Proofpoint, said: While the value of the lost and stolen equipment is staggering, the potential losses of private information about and belonging to UK citizens, classified government information and other non-public information could easily be several times greater. That only 20 per cent of the devices lost from the MoD were protected by encryption is shocking. Organisations of all types need to be aware that, after leaks via email, lost and stolen mobile devices are one of the top sources of data breaches.”