Only 55 of the data loss breaches have actually been reported
If you can’t stop data breaches, at least cover them up! This seems to be the data security code British authorities go by. Too bad for them there is something called Freedom of Information Act requests… A new report issued by privacy campaign group Big Brother Watch showed that councils across the UK experienced over a thousand data loss cases over a three year period – August 2008 to August 2011.
To get the information, the group sent 433 FOIs to local authorities and councils across the Great Britain and showed s shocking discrepancy between the reported 50 something incidents and the harsh reality. Not only did BBW uncover the data mishandling cases, they also requested information on what happened to the employees of said councils – if they had been disciplined, fired or prosecuted over the data breaches -, and inquired about the council’s response to each incident. Read more
The latest annual statistics from the UK’s National Fraud Authority show that more than £38bn have been lost over the last 12 months due to fraud. This amounts to an increase of more than 25%.The public sector (£21.2bn) reported the biggest part of the loss, while the private sector cost the government only £12bn, with another £4bn in losses from fraud against individuals.
According to the NFA the increase was to be expected, at least in part, due to improved reporting procedures. The figures include estimates for procurement (£2.4bn) and grant fraud (£515m) for the first time. Read more
UK Metropolitan police commissioner Sir Paul Stephenson, has stated that he believes police officers trained to fight against the growing number of cyber criminals are as vital as uniformed officers in the streets. In a letter to “The Sunday Telegraph” he outlines his beliefs that cutting back -office staff in favor of more street officers is wrong.
“Online fraud generated £52bn worldwide in 2007 – a staggering sum. There is a significant fight back by the financial institutions, working with police. In the Met, we play our part in a ‘Virtual Task Force’,” he said. Read more
Back in 2008, assuming that the human factor would eventually fail at some point and people would make the mistake of plugging an unsecured memory stick into a military laptop, several memory sticks were scattered in a US military base in the Middle East that was providing support for the Iraq war. All these memory sticks were deliberately infected with a computer worm.
It resulted in the self-propagation of a computer worm into the computer system of Centcom – the central command of the US military. The eradication process took 14 months. Apparently this attack, acknowledged by the Pentagon only in august 2010, was very similar to a Stuxnet worm attack which was used in attempts against Iraq’s nuclear facilities and Iran’s nuclear programme. Read more
UK: Information Commissioner’s Office reports that the NHS has disclosed 305 security losses, as the amount of breaches tops 1,000
Over more than 1000 data losses for the NHS. This is a new record.
Of which alone 307 were as a result of stolen data or hardware and 233 due to lost data or hardware.
The Information Commissioner’s Office has warned organisations that they need to minimise the risk of mistakes, as the amount of losses reported tops 1,000.
The ICO claimed that staff need simple procedures on how to handle personal information with appropriate training to ensure the importance of securing it is fully understood. It also said that it is essential that the protection of people’s personal information is part of organisations’ culture and DNA.
An ICO report revealed that 254 breaches were as a result of information being disclosed in error, 307 were as a result of stolen data or hardware and 233 due to lost data or hardware.
A further 83 were due to a technical or procedural failure and 59 were lost in transit. A breakdown of companies revealed 305 incidents were recorded by the NHS, 288 in the private sector and 132 by local government. Only 81 incidents were the result of central government.
David Smith, deputy commissioner at the ICO, said: “We all know that mistakes can happen but, the fact is that human error is behind a high proportion of security breaches that have been reported to us. Extra vigilance is required so that people’s personal information does not end up in the wrong hands.
“Organisations should have clear security and disclosure procedures that staff can understand, properly implement these and ensure that they are being followed by staff. Staff must be adequately trained not just in the value of personal information, but in how to protect it.
“We are keen to work with organisations to prevent breaches happening in the first place and to help ensure that things are put right when they do go wrong.”
Source and full article: SC Magazine
When one thinks of institutions like the British Ministry of Defense, one expects tight security. Tight as in you cross us once, we expect you not to cross us twice. Apparently, things go another way, as the MoD, quoted by V3.co.uk, says the number of data breaches they have been exposed to was 4 times higher in the past year.
The Ministry’s latest resource accounts show it suffered eight serious breaches in the 2008 to 2009 period, up from just two in the preceding year. The most serious case lead to the loss of a portable hard disk from a contractor’s premises containing the names, passport information and bank account details of about 1.7 million individuals. That’s a big blow!
Other incidents included the theft of three USB sticks from “secure government premises”, which contained details of all RAF service personnel who served between 2002 to 2008 and some of their next of kin.
And in April last year, an unencrypted laptop was stolen from government premises containing the personal records of 300 people.
The MoD admitted that it had lost electronic equipment, devices or paper documents from outside government premises on 15 occasions, and in six instances they were lost from within government offices.
Although the numbers of data breaches reported in the UK has been significant this year, the UK Government has recently announced it will not implement a compulsory data breach notification law for the private-sector companies. The decision was made after reviewing a recommendation made in July by information commissioner Richard Thomas.
On the other hand public-sector organizations are obligated to report any significant potential or actual data loss. Their private-sector counterparts should report the losses in the spirit of “good business practice”. So if your data is exposed by a public-sector institution and only 2 others have been affected, or if a private company looses thousands of private record but does not see reporting the incident as good practice, you will never find out.
“After considering the analysis of the experience of the US in the area of data-breach notification legislation, the government is not intending to implement similar legislation to that in operation in the US,” states the Response to the Data Sharing Review Report.
Private-sector companies are not clear of all consequences, as fines for organizations found in breach of data-protection laws will soon be raised. According to the same report, The Ministry of Justice is working with the Information Commissioner’s Office to determine the level of the maximum fine.
If you are British and have been plotting to stalk a member of the British National Party (BNP) you might just have missed the opportunity. A list with all the party’s members, including names, addresses, and email addresses has recently shown up online. Some of those who just got exposed online are also underage (an extra “benefit” of the family plan BNP offers) and others had mentions of other personal details made public, such as job or hobbies.
As the Register puts it, “That’s how we know that that BNP members include receptionists, district nurses, amateur historians, pagans, line dancers and a male witch.” Members reacted pretty strongly, filing their comments with courses and outrage. As certain professions in the UK are expected to have no political color, they might even lose their job and according to several blog sources, some pretty powerful people in the BNP are to blame for the leak.
BNP spokespersons found out of the leak from the Register, but although completely unaware, they promised to treat whoever is responsible quite harshly!