July 7th, 2008
Daily Mail employee data stolen on laptop
A laptop containing confidential information belonging to employees and suppliers of UK newspaper, the Daily Mail, was stolen. According to the Guardian, the missing data consists of name, address, bank account number and bank sort code belonging to affected staff.
The Guardian said:
[Associated Newspapers group finance director, Simon Dyson, and his Northcliffe counterpart, Martyn Hindley said] the laptop was “password protected” but tell recipients to contact their banks and also “consult the government website … for advice on avoiding or dealing with identity theft”.
The letters add: “The likelihood is that this theft was carried out in an opportunistic manner by a thief who will not realise that there is any personal data on the computer and who may just erase what is on the hard drive in order to disguise the fact that the computer is stolen.
Computerworld UK wrote that the Mail blamed a ”’technical issue’ and said they had ‘already strengthened’ security procedures.”
It’s unclear whether or not the data was encrypted; I suspect not, since otherwise the Daily Mail would likely have made that point clear. One can easily imagine the confidential data sitting on a standard XP or Vista laptop with no security enabled aside from standard login passwords.
For the Mail to suggest thieves will “just erase” the data is ridiculous speculation bordering on the ludicrous. Beyond that, I’m sure curious what kind of “technical issue” caused this problem. Must be a darned simple technical loophole if it could be strengthened as quickly as the paper suggests.
Unfortunately, this type of data protection failure has become a common occurrence in both the private sector and government. As I have written before, “It’s time for the government to mandate encryption of personally-identifiable data held by both public and private entities.”
Attempts to contact the Daily Mail for comment were unsuccessful due to time differences between the US and UK.
Michael Krigsman is CEO of Asuret, Inc., a software and consulting company dedicated to reducing software implementation failures. Click here to discuss this post with him on Twitter. See his full profile and disclosure of his industry affiliations.
Subscribe to IT Project Failures via Email alerts or RSS.
