British MoD Stunned By Massive Data Loss

← Back to Stories (view on slashdot.org)

British MoD Stunned By Massive Data Loss

Posted by timothy on Friday October 10, 2008 @08:41PM from the austin-powers-meets-the-peter-principle dept.

Master of Transhuman writes "Seems like nobody can keep their data under wraps these days. On the heels of the World Bank piece about massive penetrations of their servers, the British Ministry of Defense has lost a hard drive with the personal details of 100,000 serving personnel in the British armed forces, and perhaps another 600,000 applicants. This comes on the heels of the MoD losing 658 of its laptops over the past four years and 26 flash drives holding confidential information. Apparently the MoD outsources this stuff to EDS, which is under fire for not being able to confirm that the data was or was not encrypted."

5 of 166 comments (clear)

Min score:

Reason:

Sort:

No, no, no by gowen · 2008-10-10 20:47 · Score: 5, Informative

the British Ministry of Defense has lost a hard drive with the personal details of 100,000 serving personnel

No. EDS lost a hard-drive, belonging to the MoD. Had to get that in before the "Government is intrinsically incompetent" posse got here. EDS, a privately owned and run subsidiary of Hewlett-Packard, subcontracting to the MoD, were responsible for the security of this drive, and they, not anyone at the MoD did the losing here.

--
Athletic Scholarships to universities make as much sense as academic scholarships to sports teams.
1. Re:No, no, no by CountBrass · 2008-10-10 21:58 · Score: 5, Informative
  
  And who decided that EDS were competent to manage the MoD's data? That would be the MoD i.e. the government. So it is the Government that is intrinsically incompetent: they have a history of either handing over vast amounts of private data to untrustworthy companies (EDS, PA Consulting, Capgemini) or of losing it themselves (HMRC, Home Office, SIS).
  
  In law under the Data Protection Act the MoD, not EDS, are the Data Controller and therefore responsible for losing it.
  
  --
  Bad analogies are like waxing a monkey with a rainbow.
I can! by matt4077 · 2008-10-10 20:56 · Score: 5, Funny

I can confirm that the data was or was not encrypted.

--
Fleur de Sel
News from MOD by auric_dude · 2008-10-10 21:14 · Score: 5, Informative

Update from MOD http://www.mod.uk/DefenceInternet/DefenceNews/DefencePolicyAndBusiness/ModIssuesUpdateOnMissingEdsHardDisk.htm
Government Incompetence? by BenEnglishAtHome · 2008-10-11 00:15 · Score: 5, Informative

Isn't that the definition of a government?

Not really. Where I work, any laptop connected to the network is checked at every connection for the presence of active full disk encryption software. If it isn't found (which can happen when computers are being built and the encryption installation hasn't been completed) then an immediate alert is sent to the support staff nearest the machine. In response to that alert, the machine must be encrypted or seized immediately. We're talking same-day action, here, with the consequence of inaction being that someone gets fired.
The result is that when we lose (usually through theft but the method is unimportant in this context) a laptop, we can immediately report that said laptop was fully encrypted and no data was lost or is at risk.
If we need to let a contractor on our network, we set up one of our laptops to meet all security requirements and lend that hardware to the contractor. No contractor is allowed to put their machine on our network.
Finally, when data is written to removable media, it's encrypted. We run a software package (Guardian Edge) that forces all writes to removable media to be encrypted. It's a pain sometimes, but it's the least we can do to keep the publics private data safe.
Frankly, I'm shocked that the MOD would accept less stringent practices on the part of contractors. I know we don't.