Thousands of Worcestershire County Council employees have become victims of data theft after a laptop containing sensitive personnel information was stolen in a street robbery.
According to a report in the Worcester News, 16,000 employees are affected by the robbery, the victim of which was an employee from the council's IT contractor Serco. The lost information includes individuals' bank and national insurance details, according to the newspaper's report.
"Last week a laptop owned by Serco Solutions was taken in a street robbery. The stolen laptop, which contained sensitive information relating to some of our staff, was reported to the police," said Patrick Birch, Worcestershire County Council's director of corporate services, in a statement. "We have sought guidance from the Information Commission [sic] and we are continuing to work with staff, senior managers and unions to give concerned staff our full support and guidance. Our first priory in this matter is to protect the confidentiality of our staff and to do everything possible to protect them. We will continue to monitor the situation with the police."
At the time of writing, Worcestershire County Council was unable to tell ZDNet UK where the laptop was stolen, and it could not confirm the number of employees affected.
The local police force, West Mercia Police, confirmed that the laptop had not been stolen within its area of responsibility, which covers Worcestershire, Herefordshire and Shropshire.
Mark Vaughan, head of communications at Serco, told ZDNet UK: "A laptop was stolen. I cannot tell you any more. Talking about this any further increases the risk of the data being used for unlawful purposes." Vaughan did not elaborate on whether security procedures such as encryption were in place.
Worcester News reported that the laptop only had password protection, which many security experts argue is not an appropriate level of protection to secure a mobile device containing sensitive data.
Organisations face heavy penalties for not preventing the theft of sensitive information, aside from any reputational damage they may incur. The Financial Services Authority fined Nationwide nearly £1m earlier this month for poor security controls, which led to the loss of one of its laptops containing customer information.