Spy Blog - SpyBlog.org.uk

In some cases the record may be no more than a name, but I am advised that for about 153,000 people who progressed as far as submitting an application form to join the forces, more extensive personal data are held, including passport details, national insurance numbers, driver’s licence details, family details, doctors’ addresses and national health service numbers; for about 3,700 people, banking details were also included.

Yesterday's Parliamentary Written Answer admits to 605,757 addresses

28 Jan 2008 : Column 37W

Departmental Personal Records

Angus Robertson: To ask the Secretary of State for Defence how many of those individuals who had their personal details lost as a result of the theft in Edgbaston on 9 January of an MOD computer from the vehicle of a Royal Navy Officer are domiciled in (a) Scotland, (b) Wales, (c) Northern Ireland, (d) England and (e) elsewhere. [182396]

Des Browne: Where a record of domicile is held, the following figures were recorded on the database at the time of the entry of the record.

	Number
Scotland	59,553
Wales	37,546
Northern Ireland	14,223
England	459,778
Elsewhere	34,667

So, in fact, the vast majority of the stolen records consist of at least a name and address, and are not merely "no more than a name"

This unencrypted data security breach could easily pit the lives of serving or former members of the armed forces, and their families, at risk from terrorists and foreign intelligence agencies. Even people who never actually joined the armed services, but just expressed an interest in doing so, could be at risk, especially if they have, say, easily identifiable Muslim names, or an address in an area that is familiar to fanatics.

Posted by at 9:17 AM | Permalink | Comments (1)

Secretary of State for Defence Des Browne's statement to the House of Commons this afternoon on the stolen MoD recruitment laptop computer scandal

See: Commons Hansard 21 Jan 2008 : Column 1225 MOD (Data Loss)

• 153,000 people who submitted detailed application forms
• 5.700 bank account details
• Initial belief that the data was encrypted
• Dubious claim that "the level of encryption used by the Ministry of Defence on its computers is stronger than that used for commercial applications"
• Dubious implication that MoD encryption systems can actually be broken in practice
• Admissions that the data was not encrypted at all
• Blames the media for reporting the leaked information scandal
• No mention of Army recruits' data, despite the Army handling the data for all three armed services
• Dubious claim about "no indication" that the data has fallen into terrorist or foreign intelligence agency hands
• Admission about 2 previous stolen recruitment data laptops
• Useless Cabinet Office review of data handling
• Yet Another Review - Sir Edmund Burton
• No resignations by Ministers or senior MoD staff

Some comments on some extracts from the statement:

Continue reading "Des Browne now admits to 3 stolen, unencrypted Ministry of Defence recruitment laptop computers" »

Posted by at 10:47 PM | Permalink | Comments (2)

The Ministry of Defence appears to have been infiltrated by Data Traitors:

MOD confirms loss of recruitment data

[...]
The Ministry of Defence can confirm that a laptop was stolen from a Royal Navy officer in Birmingham last week, on the night of 9/10 January, and as a result, a large quantity of personal data has been lost.

[...]

The stolen laptop contained personal information relating to some 600,000 people who have either expressed an interest in, or have joined, the Royal Navy, Royal Marines and the Royal Air Force

The information held is not the same for every individual. In some cases, for casual enquiries, the record is no more than a name. But, for those who progressed as far as submitting an application to join the Forces, extensive personal data may be held, including passport details, National Insurance numbers, drivers' licence details, family details, doctors' addresses and National Health Service numbers.

The Ministry of Defence is treating the loss of this data with the utmost seriousness. We are writing to some 3,500 people whose bank details were included on the database. Action has already been taken with the assistance of APACS [Association for Payment Clearing Services] to inform the relevant banks so that the relevant accounts can be flagged for scrutiny against unauthorised access.

[...]

Given all the recent publicity over the still not yet resolved HMRC data privacy and security scandal, there is no possible excuse of ignorance for the Ministry of Defence generally, and their Recruitment bureaucracy in particular, to have allowed this latest data security breach, involving a stolen laptop computer, which, for no good reason, contained over 600,000 people's records.

These are not just random members of the public, they are people who have expressed some interest, or who have actually supplied extensive personal details, as part of the process of being recruited into our Military frontline and support forces.

After all the HMRC and other recent data security and privacy breach publicity, this incident cannot be the result of ignorance.

There must be some malice involved, an actual betrayal of trust and national security which potentially puts people's lives at risk i.e. the people responsible are Data Traitors

Have they been bribed or coerced, or are they working to deliberately put such data at risk, for ideological reasons ? Is this the work of Al Quaeda or Taliban sympathisers, or of Russian or Chinese spies ?

Continue reading "Ministry of Defence 600,000 recruitment records on stolen laptop - ignorance or "Data Traitor" malice ?" »

Posted by at 6:40 AM | Permalink | Comments (7)