According to The Sun, the UK Ministry of Defence appears to have lost Yet Another Unencrypted Hard Disk With Over a Million Sensitive Personal Data Records on it.
By TOM NEWTON DUNN
Friday 10th October 2008
A COMPUTER hard-drive with 1.6million pieces of personal data about the armed forces is missing, The Sun can reveal.
Up to one million people could be affected by the scandal.
The names and private details of around 100,000 serving personnel -- half the armed forces -- are believed to be on the drive.
There are also next-of-kin details, 600,000 potential services applicants and the names of their referees.
The data can be used to steal the IDs of servicemen and women on the frontline. It is the worst information security breach to hit the MoD. And it is the second largest ever for the Government since the Datagate scandal last year when the Inland Revenue lost the details of 25million people.
Here we go again. See the Spy Blog category archive - MoD security and privacy breach
Incompetence or malicious "data traitors" ?
It is believed the hard-drive was NOT encrypted.
After the previous data security and privacy scandals, and after Sir Edmund Burton's Review into the MoD recruitment laptop theft scandal, why was this not properly encrypted ?
New Defence Secretary John Hutton was last night "spitting with anger" about the loss, which affects all ranks across the Army, Royal Navy and RAF.
The drive includes passport numbers, addresses, dates of birth, driving licence details, names and contact numbers for family doctors and dentists, and religion groups. Officials admitted there is probably a "small amount" of troops' bank account details.
The hard-drive belonged to the MoD's main IT contractor EDS and was used by the firm -- based in Hook, Hants -- to test MoD computer equipment.
What possible testing requires a full copy of the live personnel database rather than synthetic test data ?
The drive was discovered missing on Wednesday -- but it could have disappeared weeks ago.
A source close to Mr Hutton said: "John believes it is a breach of trust which forces' personnel put in the ministry. EDS's contract will be examined and, if necessary, heads will roll."
An MoD spokesman last night confirmed the loss.
The fact the EDS are involved again, and the amount of data involved, we suspect that this is another copy of the previous, unencrypted TAFMIS-R(H)SQL database on a laptop computer hard drive, which was stolen from a parked vehicle in Birmingham back in January 2008.
We wonder if any of this data has been handed over or sold to the various Private Military Contractor companies who recruit former UK military service personnel.
Given what has already happened, there should also be an Official Secrets Act 1989 section 8 Safeguarding of information prosecution, not just of the EDS defence contractor staff but of the Ministry of Defence managers who have failed again to protect such valuable and potentially life threatening data..