The risks posed by USB sticks has once again being starkly illustrated after a flash memory device, said to contain anti-terror training manuals and other sensitive material, was found on a Manchester street.
According to a weekend report in the Daily Star on Sunday, the red top newspaper was handed the USB device after it was found by an unnamed 34-year-old businessman on the pavement outside a Police station in Stalybridge, Greater Manchester.
The device was branded with the initials GMP POTU (Greater Manchester Police Public Order Training Unit) and was unencrypted. When the businessman who found the device connected the USB drive to his laptop to check the contents, he discovered approximately 2,000 files including some produced by the National Police Improvement Agency about counter-terrorism tactics.
And potentially even more seriously, the USB stick contained a comprehensive list of police officers’ names, ranks and their divisions.
Superintendent Bryan Lawton, of GMP’s Specialist Operations Branch, told the Press Association: “We are aware of an article relating to the finding of a memory stick belonging to GMP by a member of the public.
“We are currently looking into who this device belongs to, what information is contained on it and the circumstances surrounding its loss.”
Last month, Sophos’s Graham Cluley warned that the main cause of security breaches was still human error. And indeed, data breaches caused by the loss of USB sticks or other storage mediums is unfortunately becoming increasingly common-place nowadays.
Zurich Insurance was recently hit with a record fine of £2.28 million, after its sister company Zurich South Africa lost an unencrypted backup tape containing the financial personal information of around 46,000 policy holders.
Earlier this year the ICO warned that businesses that do not own up to data breaches will face tougher action than those that come forward of their own volition. Companies that fall foul of data breach laws risk a maximum fine of £500,000 under powers granted to the ICO in January.
However, the ICO has still issued no fines, despite naming and shaming a whole host of institutions and public service organisations that have been subject to data breach. In June, for example, the ICO published a list of all the data breaches reported since 2007. Of the 1,007 reported breaches, the NHS was responsible for 305.
In June, a Freedom of Information (FOI) request by Software AG revealed that most public sector bodies have no idea about secure data transfer policies.
German foreign minister warns Russia will face consequences for “absolutely intolerable” cyberattack on ruling party,…
Google is reportedly laying off at least 200 staff from its “Core” organisation, including key…
Investor appeasement? Apple unveils huge $110 billion share buyback program, as sales of iPhone decline…
Tesla retreats from pioneering gigacasting manufacturing process, amid cost cutting and challenges at EV giant
No skynet please. After the US, UK and France pledge human only control of nuclear…
Microsoft's AI investments continue in south east Asia, after investments in Japan, Malaysia, Indonesia, as…
View Comments
These incidents could have been easily avoided by using a simple data encryption solution like for example EasyLock - that I have on my USB Stick, a simple, but efficient software, which automatically encrypts all the files copied to a USB Drive.
The main idea is that people, companies, governments should realize the importance of security solutions against data theft and loss and see in them a security request as vital as an antivirus program for a PC or a cipher for a suitcase.