MoD admits to more laptop thefts

The Ministry of Defence has had two further laptops stolen, admitted Defence Secretary Des Browne.

silicon.com's Full Disclosure campaign - what we are asking for...

silicon.com wants the government to review its data protection legislation and improve the reporting of information security breaches in the public and private sectors.

We are calling for greater public debate and for the government to consider legislation that would require organisations that suffer information security breaches to alert their customers if there is a chance the breach has put individuals' sensitive personal data at risk.

We want to hear your views about this campaign and the issues it raises. Make your voice heard by leaving a Reader Comment below or emailing us at editorial@silicon.com.

Speaking before parliament he confessed the theft of a Royal Navy laptop containing 600,000 servicemen's and recruits' details on 9 January was not a one off - saying laptops containing similar details for a smaller number of people had also been stolen in 2005 and 2006.

Browne said Sir Edmund Burton, Information Advisory Council chairman, would investigate weaknesses in MoD security procedure and warned if these losses had breached the law the individuals would "have to live with the consequences".

He said the Royal Navy had completed its investigation into what had happened and was considering what action needed to be taken against the recruiting officer who had the laptop stolen from his car in Edgbaston in Birmingham on 9 January.

Browne admitted none of the data on the three stolen laptops had been encrypted and said the individual who suffered the laptop theft in January had failed to follow MoD data security procedures.

He said the previous thefts had been reported to the police and the armed forces but that politicians and the individuals whose data was on the laptops had not been informed.

Shadow defence secretary Liam Fox challenged Browne saying the MoD had lost 68 laptops in 2007, 66 in 2006, 40 in 2005 and 173 in 2004 asking him: "What on earth is going on?"

Fox said: "This seems like a systemic failure, not a single act of incompetence. This is a dreadful mess that the Secretary of State has unveiled."

Browne said: "It is clear there were shortcomings in security training and awareness among relevant staff. I take this theft extremely seriously. I am also keenly aware of the risk should this data fall into the wrong hands. Those in the armed forces have a right to expect their data will be properly protected. This must never happen again."

He added that Sir Edmund's review would look at concerns raised by information commissioner Richard Thomas on why a database of this size was kept on one machine.

Browne said Sir Edmund would co-operate with the investigation into the loss of 25 million child benefit details by the HMRC.

Names, passports details, national insurance numbers, drivers' licence details, information on family, doctors' addresses and NHS numbers were included on the Royal Navy laptop stolen on 9 January.

The MoD has also contacted 3,700 people whose bank details were on the machine and relevant banks have been warned.