MoD Loses 340 Laptops In Two Years

The Ministry of Defence has admitted that it has lost 340 laptops during a two year period from 2008 to 2010.

The news came to light in response to a Freedom of Information request by Lewis PR. The MoD said that 120 laptops at a cost of £1,800 each were stolen. Another 220 laptops were lost and only 25 were ever recovered. Less than half (157 laptops) had data which had been encrypted.

And it was also revealed that 593 CDs, DVDs and floppy disks, as well as 215 USB memory sticks, 96 removable hard-disk drives and 13 mobile phones went missing. Only 164 of the 593 CDs, DVDs and floppy disks, were recovered. Only 40 were encrypted, and only 52 of the 215 missing memory sticks were protected.

High Tech Losses

The findings show that a total of 1,257 hi-tech items disappeared from the Ministry of Defence but a staggering 983 were not encrypted. Only nine staff were disciplined over the losses.

The Freedom of Information requests made by Lewis reveal that the MoD is the worse culprit of 11 government departments that were surveyed. In total the ministries reported the loss of 518 laptops, 131 BlackBerrys or iPhones, 104 mobile devices and 932 electronic storage devices over the past two years, at an estimated cost to the taxpayer of £781,453.

The MoD put the total value of the electronic devices that disappeared during this period at £620,193, of which £45,804 of equipment was recovered.

The figures suggest the MoD’s record has not improved significantly since July 2008, when it admitted that 658 laptops had been stolen and 89 lost in the previous four years.

“While it’s worrying that there is still so much data going missing through lost devices, what’s even more alarming is that so few of the devices were encrypted,” said Eb Adeyeri, Digital PR Director, LEWIS PR. “Surely it’s incumbent on government departments to take the issue of computer security far more seriously and at the very least ensure all devices are adequately encrypted.”

And the response from the security industry was equally damming.

Industry Reacts

“It’s scandalous that such a large amount of equipment and data has gone missing,” said Sean Sullivan, security advisor at security company F-Secure. “There seems to be a cavalier approach to the storage and protection of data. Who knows what damage could be done to the UK if this material gets into the wrong hands? At a time when national security is paramount, it’s vital that far more is done to encrypt sensitive data and staff are held to account. This loss represents a devastating disregard for the taxpayer’s security and pocket.”

“That only 20 percent of the devices lost from the MOD were protected by encryption is shocking,” said Keith Crosley, director of data loss prevention company Proofpoint. “Organisations of all types need to be aware that, after leaks via email, lost and stolen mobile devices are one of the top sources of data breaches. Proofpoint research shows that, just in the past year, nearly one quarter of large organisations investigated such a breach.”

“There are so many examples of bad practice here, within the very organisations that should be setting the example for everyone else, it’s shocking,” said Dave Everitt, general manager, Absolute Software. “The sheer number of devices that were lost or stolen from the MoD is evidence that for all the hackers and computer viruses in the world, simple human error is still the biggest security threat to our national security.”

MoD – Perspective Needed

The MoD said though that it was important to maintain some perspective on the losses.

“The MoD takes any loss of media storage devices very seriously and has robust procedures in place,” said the MoD in an emailed statement to eWEEK Europe UK. “New processes, instructions and technological aids have also being implemented to mitigate human errors and raise awareness of every individual in the Department. Investigations are undertaken into every loss or theft, and appropriate disciplinary action taken.”

“Yes the figures are high, but it should be remembered that the figures come from a two year period between June 2008 and May 2010,” said an MoD spokesman, speaking to eWEEK Europe UK. “A lot of encryption technologies was brought in later in this period, and procedures such as how laptops are booked in and out, have they been encrypted, have been tightened up.”

“People should also remember that the MoD has thousands of people, far more than comparable government departments,” the spokesman said. He said that the MoD has 46,000 laptops in total.

“We have so many people moving about, and a lot of these laptops would have not needed encryption because they did only contain unclassified data that is publicly available, and not data that is operationally sensitive. Clearly, losing stuff is not good but we are not endangering lives,” said the spokesman.

However, the figures do suggest the MoD’s track record has not improved significantly since July 2008, when it admitted that 658 laptops had been stolen and 89 lost in the previous four years. Last July the MoD admitted it had lost an entire server from a secure building during 2008. In addition, the MoD also admitted that it had lost personal data on 1.7 million individuals in October of that year.