In case anyone thought the U.S. government was the only one with problems protecting information, the British Ministry of Defense (MoD) experienced a breach of its own last September when three portable USB drives went missing.
The most interesting part, however, is not that data went missing – it’s the nature of the information itself. According to BBC News, the missing records included personnel information from the Royal Air Force (RAF) with details of extra-marital affairs, debt, drug abuse and prostitution involving senior officers.
The RAF apparently had the information because of the agency’s vetting procedures, which are designed to dig up information that could be used for blackmail. News of the details of the breach was leaked to the BBC by a former RAF officer.
“They’d ask you questions such as: is there anything unusual about your sex life? Have you had affairs? Used prostitutes? That sort of thing,” the officer told BBC. “If the information got into the wrong hands then it could leave people wide open.”
Initially, the MoD only acknowledged it lost names, addresses and some bank account information. Fortunately, the MoD says that there is no evidence criminals targeted the information, and everyone affected by the breach has been contacted.
Just why the drives apparently weren’t encrypted is anyone’s guess, and as Sophos Senior Technology Consultant Graham Cluley pointed out encryption would render the information essentially inaccessible if it fell into the hands of criminals or a foreign intelligence service. Encrypting all an organization’s devices may be time consuming, but it can also avoid potentially catastrophic disasters in the long run.