An independent production company working for the BBC has lost a laptop and a memory stick containing the details of children.
Objective Productions, which lost the data, said theft was from a car in an Ikea car park. It would not comment further. The Guardian newspaper reported that about 250 children’s data had been stolen.
Details such as names, addresses, birthdates, phone numbers and holiday plans of children who had applied to take part in a new BBC1 series, Gastronauts, was contained on the memory stick, the Guardian reported.
In a statement, the BBC said it took the issue “very seriously”. It has written to the children's parents.
“There is absolutely no evidence this data has been misused and the measures we took were entirely precautionary,” it added. “In the weeks since this happened, CBBC [children’s BBC] suspended new commissions and carried out a comprehensive review of practices at Objectives1 and we are now satisfied security of data is strong enough for production to resume.”
IT suppliers were quick to urge better security measures. Matt Fisher, Centennial product manager, at service management and data loss prevention firm FrontRange Solutions, said “it seems that organisations still don't have the appropriate measures in place” when it comes to security.
He said the news indicated “an institutionalised lax approach to data security, where staff do not fully understand how to handle sensitive data”. There is often also little technology in place in businesses “to manage which computer users are able to copy confidential data to removable media devices like laptops or USB sticks”. Lastly, data that is legitimately copied to USB sticks needs better encryption, he said.
Greg Day, security analyst at McAfee, said the data loss “clearly highlights an issue for businesses when sharing sensitive information with third parties”.
“Information such as a person's whereabouts can, to some people, seem insignificant - but to a criminal this can offer a great opportunity to target this person and their home – something that should be taken into account by anyone considering offering their Facebook status to “on holiday”.
Organisations should not forget the dangers associated with USB sticks and mobile working, added Jamie Cowper, marketing director Europe, Middle East and Africa at data protection firm PGP Corporation.
“If organisations are to continue to support mobile working without impacting on employee freedom or putting data at risk, then existing security policies must be extended beyond laptops to include removable media,” he said.
“That way, staff looking to download corporate data can only do so if they have been authorised and the data will remain encrypted during transmission, ensuring that if and when devices such as memory sticks do go missing, the data on board remains secure.”