Red faces as UK government laptop goes missing

Red faces as UK government laptop goes missing


High value data stolen

A laptop containing details of customers at banking institutions has been stolen after a member of UK's HM Revenue and Customs (HMRC) left it in the boot of his car.

The computer contained records from finance houses revealing the identity of high value customers who had invested in Individual Savings Accounts, according to research by the BBC.

“We very much regret the loss of some customer data provided to us by a number of financial institutions," said a spokeswoman for HMRC.

"The incident has been reported to the police and we are carrying out an urgent internal enquiry. HMRC places the utmost importance on the security of confidential material and we have in place very clear processes governing the handling of such material.”

She explained that the laptop was password protected using a complex code and that the data was locked with high-level encryption.

"It looks like the HMRC has put in place numerous types of protection which has ensured that the data on this laptop cannot be used by fraudsters," said Philip Wicks, a security consultant at Morse.

"However, this incident once again highlights the need for organisations to think long and hard about the data they allow employees to take offsite on laptops and mobile devices.

"Organisations should have policies and procedures in place that dictate what information can and cannot be taken off the premises."

The laptop was stolen when a member of HMRC was doing a regular audit of the banks' information on 20 September. This involved checking the details of current account holder information against records.

"By taking full responsibility for this loss, HMRC is a perfect example of the rapidly changing attitude to data breach disclosure in the UK," said Jamie Cowper, director of European marketing at enterprise data protection firm PGP Corporation.

"With top-level encryption making it virtually impossible to access the data on the laptop, HMRC had no real obligation or reason to report the breach.

"As such, this voluntary disclosure shows a refreshing level of ethical responsibility and commitment to its customers."

HMRC has advised the banks to notify their customers immediately.