The stolen MoD recruitment laptop computer held at least 605,757 addresses
In some cases the record may be no more than a name, but I am advised that for about 153,000 people who progressed as far as submitting an application form to join the forces, more extensive personal data are held, including passport details, national insurance numbers, driver’s licence details, family details, doctors’ addresses and national health service numbers; for about 3,700 people, banking details were also included.
Yesterday's Parliamentary Written Answer admits to 605,757 addresses
28 Jan 2008 : Column 37WDepartmental Personal Records
Angus Robertson: To ask the Secretary of State for Defence how many of those individuals who had their personal details lost as a result of the theft in Edgbaston on 9 January of an MOD computer from the vehicle of a Royal Navy Officer are domiciled in (a) Scotland, (b) Wales, (c) Northern Ireland, (d) England and (e) elsewhere. [182396]
Des Browne: Where a record of domicile is held, the following figures were recorded on the database at the time of the entry of the record.
Number Scotland 59,553 Wales 37,546 Northern Ireland 14,223 England 459,778 Elsewhere 34,667
So, in fact, the vast majority of the stolen records consist of at least a name and address, and are not merely "no more than a name"
This unencrypted data security breach could easily pit the lives of serving or former members of the armed forces, and their families, at risk from terrorists and foreign intelligence agencies. Even people who never actually joined the armed services, but just expressed an interest in doing so, could be at risk, especially if they have, say, easily identifiable Muslim names, or an address in an area that is familiar to fanatics.
Comments
They should of used T r u e C r y p t
Free open-source disk encryption software for Windows Vista/XP , Mac OS X, and Linux
Main Features:
* Creates a virtual encrypted disk within a file and mounts it as a real disk.
* Encrypts an entire hard disk partition or a storage device such as USB flash drive.
* Encryption is automatic, real-time (on-the-fly) and transparent.
* Provides two levels of plausible deniability, in case an adversary forces you to reveal the password:
1) Hidden volume (steganography).
2) No TrueCrypt volume can be identified (volumes cannot be distinguished from random data).
* Encryption algorithms: AES-256, Serpent, and Twofish. Mode of operation: XTS.
This software is widely used by individuals and groups to foil any future RIPA III S.49 requests!!
Posted by: nobody | February 6, 2008 6:43 PM