The Home Office is investigating the apparent sale of one of its laptops, along with an encrypted data disc, on eBay.
The laptop had been bought on the auction site then taken to an IT company near Manchester for repairs. The technicians at the repair centre, at Leapfrog Computers in Westhoughton, subsequently found an encrypted Home Office disc underneath the keyboard.
Leapfrog sales manager Jonathan Parry told ZDNet.co.uk on Thursday that the person who had bought the laptop had brought it into the shop on Monday because "it wasn't working properly".
"Underneath the keyboard in the laptop was a CD labelled 'Home Office: Private and Confidential'," Parry said. "We tested it and it was fully encrypted, and so was the laptop. We contacted [the police] and they seized the equipment."
Parry pointed out that, as optical disc drives are sealed units, "the only way that disc can get there is by taking the laptop keyboard off and putting the disc in there". He added that the presence of a CD underneath the keyboard was probably linked to the laptop not working.
"We understand that encrypted IT equipment has been handed to Greater Manchester Police," a Home Office spokesperson said on Thursday. "Both the laptop and the disc were encrypted, thus safeguarding any information that might be stored on them. Investigations are now underway. It would be inappropriate to comment further while they are ongoing."
Security companies were quick to issue statements on the discovery. "The good news with this latest data breach is that the data was encrypted," said Lumension Security vice president Alan Bentley on Thursday. "However, encryption alone is not infallible — computer hackers are determined individuals with the potential to crack one layer of security. We certainly shouldn't be relying on one line of protection when it comes to our national security."
"With the statistics showing that nearly 500 government devices have gone missing since 2001, it was only a matter of time before a confidential disc inadvertently ended up on eBay," said Brian Spector, the general manager for content protection at Workshare. "Luckily, the public sector finally seems to be learning from repeated mistakes, as the laptop and disc were encrypted. Unfortunately accidents like this are not going to stop happening so we can only hope that other government departments follow the Home Office's lead and adopt full disc encryption."
Governmental departments have suffered a spate of laptop thefts in recent years, recently leading to a Whitehall-wide ban on the the movement of unencrypted data.