Categories: RegulationSecurity

MOD Admits Losing An Entire Server

The Ministry of Defence has published details of its data loss incidents for 2008 – which include the loss of an entire server from an apparently secured government building, and the loss of 1.7 million individuals’ personal data.

As part of its Annual Report and Accounts document published this week, the Ministry of Defence is obliged to list any serious data breach incidents over the last 12 months. While details of some of the incidents have been reported already, collecting the information together provides a summary of the various ways information security has been subverted in the MOD over the last year.

The incidents include one entry listed as occurring in September 2008 when it was apparently discovered that ” a server was missing following the closure of a secured government premises”. The report also goes on to provide details of the data which is described as “names, addresses, details and service number [sic] or National Insurance number [sic] and medical records relating to around 700 individuals – 200 of which are reported to be active records. The police were notified of the incident, the MOD reports.

The most infamous data loss incident in the report happened in October 2008 when a portable hard disk containing personal data of some 1.7m individuals went missing from the supposedly secured office of a contractor. Although not named in the MOD report, the contractor was reported at the time to be EDS and the personal information related to individuals interested in joining the military rather than serving personnel. The report lists the action being taken after the incident as: “APACS contacted with details of 16,000 bank accounts that could have been affected. Police notified. Helpline established to answer enquiries.”

For its part EDS said in a statement at the time that it was “unable to account” for the hard drive but that there was “no evidence that security at the site has been breached.”

As well as listing missing or potentially stolen data, the report also records an incident in August 2008 when a MOD computer apparently suffered “catastrophic failure” and “back-up failed”. The data was apparently medical records of around “1150 servicemen and their dependents”. The action taken was to notify those concerned and recreate the records manually.

Commenting on the incidents, the MOD states that it has improved its policy and approach to information security in light of the Burton review.

“The department has made good progress implementing the recommendations of from the Burton Report. Forty-one of the 51 recommendations have been achieved. Significant progress has been made against the remaining 10,” the MOD report states.

Unfortunately for the MOD, the Burton Review was actually conducted in April 2008 in response to the loss of a laptop containing 600,000 people’s details and before the EDS portable hard disk incident relating to 1.7m people.

Andrew Donoghue

Recent Posts

EU Publishes iOS Interoperability Plans

European Commission publishes preliminary instructions to Apple on how to open up iOS to rivals,…

1 hour ago

Momeni Convicted In Bob Lee Murder

San Francisco jury finds Nima Momeni guilty of second-degree murder of Cash App founder Bob…

2 hours ago

US Supreme Court Agrees To Hear TikTok Appeal

US Supreme Court says it will hear appeal of TikTok and parent ByteDance against ban…

2 hours ago

Japanese Space Start-Up Destroys Second Rocket After Launch

Japanese start-up Space One destroys Kairos rocket for second time shortly after launch, as country…

3 hours ago

CATL Aims To Massively Expand EV Battery-Swap Infrastructure

World's biggest EV battery maker CATL aims to build 1,000 battery-swap stations next year, rising…

3 hours ago

Facebook ‘Restricted’ Palestinian News Content

Facebook has 'severely restricted' news content from Palestinian outlets since October 2023 amidst bias concerns,…

4 hours ago