A memory stick that is said to contain anti-terror training manuals has been discovered outside a Manchester police station
The risks posed by USB sticks has once again being starkly illustrated after a flash memory device, said to contain anti-terror training manuals and other sensitive material, was found on a Manchester street.
According to a weekend report in the Daily Star on Sunday, the red top newspaper was handed the USB device after it was found by an unnamed 34-year-old businessman on the pavement outside a Police station in Stalybridge, Greater Manchester.
The device was branded with the initials GMP POTU (Greater Manchester Police Public Order Training Unit) and was unencrypted. When the businessman who found the device connected the USB drive to his laptop to check the contents, he discovered approximately 2,000 files including some produced by the National Police Improvement Agency about counter-terrorism tactics.
Firearms, Counter Terrorism
This included information on counter terrorism training, including strategies for dealing with acid and petrol bomb attacks, blast control training and the use of batons and shields. Other sections were apparently about the use and understanding of firearms, as well as water cannons and CS gas.
And potentially even more seriously, the USB stick contained a comprehensive list of police officers’ names, ranks and their divisions.
Superintendent Bryan Lawton, of GMP’s Specialist Operations Branch, told the Press Association: “We are aware of an article relating to the finding of a memory stick belonging to GMP by a member of the public.
“We are currently looking into who this device belongs to, what information is contained on it and the circumstances surrounding its loss.”
The Human Element
Last month, Sophos’s Graham Cluley warned that the main cause of security breaches was still human error. And indeed, data breaches caused by the loss of USB sticks or other storage mediums is unfortunately becoming increasingly common-place nowadays.
Zurich Insurance was recently hit with a record fine of £2.28 million, after its sister company Zurich South Africa lost an unencrypted backup tape containing the financial personal information of around 46,000 policy holders.
Earlier this year the ICO warned that businesses that do not own up to data breaches will face tougher action than those that come forward of their own volition. Companies that fall foul of data breach laws risk a maximum fine of £500,000 under powers granted to the ICO in January.
However, the ICO has still issued no fines, despite naming and shaming a whole host of institutions and public service organisations that have been subject to data breach. In June, for example, the ICO published a list of all the data breaches reported since 2007. Of the 1,007 reported breaches, the NHS was responsible for 305.
In June, a Freedom of Information (FOI) request by Software AG revealed that most public sector bodies have no idea about secure data transfer policies.