A hard drive containing personal information on about 100,000 of the British armed forces -- as well as approximately 600,000 potential recruits -- has gone missing from a contractor's location.
The U.K. Ministry of Defense confirmed yesterday that the drive did not turn up in an audit of systems at the offices of its contractor, EDS, in Hook, U.K. The drive contains about 1.5 million pieces of information, including some bank and drivers license details, passport numbers, addresses, dates of birth, and telephone numbers.
"On Wednesday, October 8, we were informed by our contractor EDS that they were unable to account for a portable hard drive used in connection with the administration of Armed Forces personnel data," said a spokeswoman from the MOD. "This came to light during a priority audit EDS is conducting to comply with the Cabinet Office data handling review. The MoD Police are investigating this matter with EDS."
Investigators do not yet know whether the drive was lost or stolen from the EDS "secure" location. The spokeswoman would not confirm whether the data on the drive was encrypted or not.
Just over a week ago, another drive containing data on about 50,000 service personnel was stolen from a Royal Air Force location in Gloucestershire. (See Theft at RAF Facility Endangers Personal Data of 50,000.) In August, the U.K. Ministry of Justice lost data on about 45,000 individuals when a laptop was lost.
Nick Lowe, regional director for Northern Europe said: Less than two weeks ago, unencrypted data was stolen on portable hard disc drives [from] an RAF base, and now we have possibly the biggest ever data loss from the MOD -- again from misplaced portable drives.
When will organizations realise that the security of detailed, personal data of this kind cannot be left to chance?" Lowe wondered. "Portable disks and data cannot be left unprotected by automatic encryption, because they will go missing, be misplaced, or get stolen.
Tim Wilson, Site Editor, Dark Reading