The Conservative Party and the IT security industry have slammed the government's IT security record after defence secretary Des Browne announced plans for a full investigation into the loss of a Royal Navy laptop holding details of 600,000 people.
Browne last night announced that the initial probe into the lost laptop has revealed two similar thefts in the past three years, in what shadow defence secretary Liam Fox described as a "dreadful mess".
The most recent laptop theft, which occurred on 9 January, 2008 in Edgbaston, could have placed the unencrypted passport details, National Insurance numbers, drivers' licence numbers, family details and NHS numbers into the hands of criminals. Browne said there was no evidence the data has fallen into the hands of extremists, but refused to rule out the possibility.
"Our internal investigation has identified weaknesses in the application of MoD security procedures to this database," said Browne. "It is clear that the database files were not encrypted, in breach of MoD procedures."
"It is not clear to me why recruiting officers routinely carry with them information on such a large number of people or, indeed, why the database retains this information at all," he added.
The incident has prompted Cabinet Secretary Sir Gus O'Donnell to contact all government departments to ensure that from now on, "no unencrypted laptops or drives containing personal data should be taken outside secured office premises".
"Please ensure that this is communicated throughout your organisation and delivery bodies and implemented immediately, and that steps are taken to monitor compliance," he wrote, in an email to civil servants.
Shadow defence secretary Liam Fox described the most recent data loss as "unforgivable", and the latest in a long line of lost laptops that could potentially put the public at risk. He said 68 MoD laptops had been stolen in 2007, 66 in 2006, 40 in 2005 and 173 in 2004.
"Clearly we don't know what risks will be faced by those on the databases - it will depend on whose hands it has fallen into," he said.
"But to put our troops and the public at risk in this way is unforgivable because this seems like a systemic failure, not a single act of incompetence or irresponsibility."
The incident showed "incompetence, mismanagement and poor procedures" on the part of the authorities, said Fox.
Joe Fantuzzi, CEO of IT security firm Workshare, said the data breach was particularly concerning so soon after HM Revenue and Customs' (HMRC’s) loss of 25 million people's child benefit details late last year.
"After the HMRC scandal one would have thought the government would put in safeguards on information such as passport details, National Insurance data and NHS numbers with more care," said Fantuzzi.
"We believe the UK citizens would like to see a timeline for tackling these data breaches which continue to put people’s identity and privacy at risk," he added.