MoD Loses 340 Laptops In Two Years

The Ministry of Defence has admitted that it has lost 340 laptops during a two year period from 2008 to 2010.

The news came to light in response to a Freedom of Information request by Lewis PR. The MoD said that 120 laptops at a cost of £1,800 each were stolen. Another 220 laptops were lost and only 25 were ever recovered. Less than half (157 laptops) had data which had been encrypted.

And it was also revealed that 593 CDs, DVDs and floppy disks, as well as 215 USB memory sticks, 96 removable hard-disk drives and 13 mobile phones went missing. Only 164 of the 593 CDs, DVDs and floppy disks, were recovered. Only 40 were encrypted, and only 52 of the 215 missing memory sticks were protected.

High Tech Losses

The findings show that a total of 1,257 hi-tech items disappeared from the Ministry of Defence but a staggering 983 were not encrypted. Only nine staff were disciplined over the losses.

The Freedom of Information requests made by Lewis reveal that the MoD is the worse culprit of 11 government departments that were surveyed. In total the ministries reported the loss of 518 laptops, 131 BlackBerrys or iPhones, 104 mobile devices and 932 electronic storage devices over the past two years, at an estimated cost to the taxpayer of £781,453.

The MoD put the total value of the electronic devices that disappeared during this period at £620,193, of which £45,804 of equipment was recovered.

The figures suggest the MoD’s record has not improved significantly since July 2008, when it admitted that 658 laptops had been stolen and 89 lost in the previous four years.

“While it’s worrying that there is still so much data going missing through lost devices, what’s even more alarming is that so few of the devices were encrypted,” said Eb Adeyeri, Digital PR Director, LEWIS PR. “Surely it’s incumbent on government departments to take the issue of computer security far more seriously and at the very least ensure all devices are adequately encrypted.”

And the response from the security industry was equally damming.

Industry Reacts

“It’s scandalous that such a large amount of equipment and data has gone missing,” said Sean Sullivan, security advisor at security company F-Secure. “There seems to be a cavalier approach to the storage and protection of data. Who knows what damage could be done to the UK if this material gets into the wrong hands? At a time when national security is paramount, it’s vital that far more is done to encrypt sensitive data and staff are held to account. This loss represents a devastating disregard for the taxpayer’s security and pocket.”

“That only 20 percent of the devices lost from the MOD were protected by encryption is shocking,” said Keith Crosley, director of data loss prevention company Proofpoint. “Organisations of all types need to be aware that, after leaks via email, lost and stolen mobile devices are one of the top sources of data breaches. Proofpoint research shows that, just in the past year, nearly one quarter of large organisations investigated such a breach.”

“There are so many examples of bad practice here, within the very organisations that should be setting the example for everyone else, it’s shocking,” said Dave Everitt, general manager, Absolute Software. “The sheer number of devices that were lost or stolen from the MoD is evidence that for all the hackers and computer viruses in the world, simple human error is still the biggest security threat to our national security.”

MoD – Perspective Needed

The MoD said though that it was important to maintain some perspective on the losses.

“The MoD takes any loss of media storage devices very seriously and has robust procedures in place,” said the MoD in an emailed statement to eWEEK Europe UK. “New processes, instructions and technological aids have also being implemented to mitigate human errors and raise awareness of every individual in the Department. Investigations are undertaken into every loss or theft, and appropriate disciplinary action taken.”

“Yes the figures are high, but it should be remembered that the figures come from a two year period between June 2008 and May 2010,” said an MoD spokesman, speaking to eWEEK Europe UK. “A lot of encryption technologies was brought in later in this period, and procedures such as how laptops are booked in and out, have they been encrypted, have been tightened up.”

“People should also remember that the MoD has thousands of people, far more than comparable government departments,” the spokesman said. He said that the MoD has 46,000 laptops in total.

“We have so many people moving about, and a lot of these laptops would have not needed encryption because they did only contain unclassified data that is publicly available, and not data that is operationally sensitive. Clearly, losing stuff is not good but we are not endangering lives,” said the spokesman.

However, the figures do suggest the MoD’s track record has not improved significantly since July 2008, when it admitted that 658 laptops had been stolen and 89 lost in the previous four years. Last July the MoD admitted it had lost an entire server from a secure building during 2008. In addition, the MoD also admitted that it had lost personal data on 1.7 million individuals in October of that year.

Tom Jowitt

Tom Jowitt is a leading British tech freelancer and long standing contributor to Silicon UK. He is also a bit of a Lord of the Rings nut...

View Comments

  • Lost and stolen equipment is rarely recovered, so the new Government needs to act now and ensure data is protected, regardless of human error. There is no excuse for mishandling public information. Major Government reports published in 2008 on information security and data handling, appear to have had little effect on practice. Protective measures, such as encryption, were supposed to be obligatory. Civil servants often work in difficult conditions, and they need the right tools when handling sensitive data.

    Chris Mayers, chief security architect at Citrix

  • Playing with statistics as suggested in the article (“only” 340 computers were lost out of 46,000 laptops) is misleading. Any security expert can tell the MoD that it is not the number of laptops that is important but rather the chance that one of them will act as the “weakest link” when trying to break into confidential MoD resources. With current technologies in the Information Lifecycle Protection space, MoD can ensure that public sensitive data will not be revealed to unauthorized parties in case of stolen or lost laptops. These technologies suggest a cost effective and efficient implementation of security measures. Compared to the enormous cost of lost sensitive public MoD information, installing Information Lifecycle Protection will always give a positive ROI.

    Motty Alon, Director of Solution Strategy, SafeNet

Recent Posts

Northvolt Mulls US Bankruptcy Protection – Report

Troubled battery maker Northvolt reportedly considers Chapter 11 bankruptcy protection in the United States as…

5 hours ago

FTC Plans Investigation Into Microsoft Cloud Business – Report

Microsoft's cloud business practices are reportedly facing a potential anti-competitive investigation by the FTC

7 hours ago

Programmer Sentenced To Five Years In Prison For Bitcoin Laundering

Ilya Lichtenstein sentenced to five years in prison for hacking into a virtual currency exchange…

8 hours ago

Hate Speech Watchdog CCDH To Quit Musk’s X

Target for Elon Musk's lawsuit, hate speech watchdog CCDH, announces its decision to quit X…

1 day ago

Meta Fined €798m Over Alleged Facebook Marketplace Violations

Antitrust penalty. European Commission fines Meta a hefty €798m ($843m) for tying Facebook Marketplace to…

1 day ago

Elon Musk Rebuked By Italian President Over Migration Tweets

Elon Musk continues to provoke the ire of various leaders around the world with his…

1 day ago