The Home Office has launched an investigation after a buyer acquired a laptop on eBay that contained a disc with confidential information.
The disc was hidden under the computer’s keyboard, and discovered by a local PC repair firm, Leapfrog Computers in Bolton, when it was put in for repair. The disc had the words ‘Home Office’ and ‘Confidential’ written on it.
Both the disc and the laptop are understood to have been encrypted.
Philip Wicks of consultancy firm Morse said that whatever the circumstances of this latest data debacle, many organisation were not taking sufficient care when disposing of IT equipment.
“Organisations need to use specialist techniques and tools to make sure they completely wipe hard drives clean before disposing of them or selling them on,” he said. “They should be following best practices such as ISO27001:2005 (formerly BS7799). There are third party organisations that can help, however they must be vetted to ensure they are reputable and not just a broker who is out to make a quick buck, and can’t be bothered to go through the process of thoroughly wiping the equipment.”
The news is a further embarrassment to the government, following other major data breaches. Last November, HM Revenue & Customs lost two discs containing the details of 25 million child benefit claimants, after a junior employee sent them by unregistered post.
In December, the Driving Standards Agency said it lost a disc containing the records of three million learner drivers. Soon after that the Department of Health said that nine of its regional NHS trusts had lost patient data, including medical records for about 160,000 children in East London.
In January, a laptop containing personal information on about 600,000 new and potential recruits to the Royal Marines, the Royal Navy and the Royal Air Force was stolen from an officer in the Royal Navy.