Marks and Spencer (M&S) has confirmed that a laptop containing salary details, addresses, dates of birth, national insurance and phone numbers of some 26,000 employees has been stolen from a printing firm that had been given the personal information in order to write to employees about pension changes.
Two days after the theft, M&S wrote to all staff whose names were on the laptop, warning them of the risk and offering free credit checks as a result.
Jamie Cowper, email and data encryption expert from PGP Corporation commented: "Marks and Spencer's has joined a long list including the Royal Cornwall Hospital Trust, Nationwide Building Society, the Metropolitan Police, Serco and many others. The only silver lining here, as is true in most of these cases, is that it seems to have been an opportunistic theft rather than a targeted attack.”
He said that laptops will continue to go missing, but whether they are lost or stolen is irrelevant as long as the data is only protected by a simple password that would be easily compromised in the wrong hands.
“Today, staff and customers are increasingly concerned about the possibility of identity theft, and the offending company suffers not only high financial costs, but also risks enormous damage to their brand in the aftermath of a breach,” he said. “Encryption and proper authorisation controls are quickly becoming essential measures for the protection of sensitive customer and employee data – companies need to realise this before legislation in this area drives greater punishment."