The risks posed by USB sticks has once again being starkly illustrated after a flash memory device, said to contain anti-terror training manuals and other sensitive material, was found on a Manchester street.
According to a weekend report in the Daily Star on Sunday, the red top newspaper was handed the USB device after it was found by an unnamed 34-year-old businessman on the pavement outside a Police station in Stalybridge, Greater Manchester.
The device was branded with the initials GMP POTU (Greater Manchester Police Public Order Training Unit) and was unencrypted. When the businessman who found the device connected the USB drive to his laptop to check the contents, he discovered approximately 2,000 files including some produced by the National Police Improvement Agency about counter-terrorism tactics.
And potentially even more seriously, the USB stick contained a comprehensive list of police officers’ names, ranks and their divisions.
Superintendent Bryan Lawton, of GMP’s Specialist Operations Branch, told the Press Association: “We are aware of an article relating to the finding of a memory stick belonging to GMP by a member of the public.
“We are currently looking into who this device belongs to, what information is contained on it and the circumstances surrounding its loss.”
Last month, Sophos’s Graham Cluley warned that the main cause of security breaches was still human error. And indeed, data breaches caused by the loss of USB sticks or other storage mediums is unfortunately becoming increasingly common-place nowadays.
Zurich Insurance was recently hit with a record fine of £2.28 million, after its sister company Zurich South Africa lost an unencrypted backup tape containing the financial personal information of around 46,000 policy holders.
Earlier this year the ICO warned that businesses that do not own up to data breaches will face tougher action than those that come forward of their own volition. Companies that fall foul of data breach laws risk a maximum fine of £500,000 under powers granted to the ICO in January.
However, the ICO has still issued no fines, despite naming and shaming a whole host of institutions and public service organisations that have been subject to data breach. In June, for example, the ICO published a list of all the data breaches reported since 2007. Of the 1,007 reported breaches, the NHS was responsible for 305.
In June, a Freedom of Information (FOI) request by Software AG revealed that most public sector bodies have no idea about secure data transfer policies.
Good news for creditors. CEO John Ray III says bankrupt crypto exchange FTX will be…
Chip giants Intel and Qualcomm complain of sales impact after United States revokes some of…
Using the Digital Services Act, European Commission asks X (formerly Twitter) for details over reduction…
Payroll records of nearly all members of the UK's armed forces have been exposed, reportedly…
Updates arrive for two iPad models (iPad Air and iPad Pro) as well as some…
US government sued by TikTok in bid to block law that will force sale of…
View Comments
These incidents could have been easily avoided by using a simple data encryption solution like for example EasyLock - that I have on my USB Stick, a simple, but efficient software, which automatically encrypts all the files copied to a USB Drive.
The main idea is that people, companies, governments should realize the importance of security solutions against data theft and loss and see in them a security request as vital as an antivirus program for a PC or a cipher for a suitcase.