Lost data total nears 30 million records

Missing laptops, USB sticks and CDs take their toll

In the last 12 months a series of data security lapses have seen personal data on as many as 29 million people lost by a variety of government departments and other public sector bodies. silicon.com takes a look back at how the data was lost.

Much of it was lost on portable devices such as laptops and USB sticks and CDs. Or course, this only covers the data leaks that have been made public, which is why silicon.com is calling on the government to consider legislation that would require organisations which suffer information security breaches to alert their customers if there is a chance the breach has put their personal data at risk.

Here silicon.com looks at some of the most high profile data losses in the last 12 months.

September 2008: General Teaching Council (GTC) for England loses details on 11,423 members after a disk containing registration update forms was lost en route to one of the GTC's contractors.

September 2008: Three hard drives are stolen from a secure RAF facility in Gloucestershire. Two of the drives contain details on personnel who had recently served with the Air Force. One report puts the number of records lost at 50,000.

September 2008: News emerges that the details of 5,000 prison staff were contained on a drive lost by EDS in 2007.

silicon.com's Full Disclosure campaign - what we are asking for...

silicon.com wants the government to review its data protection legislation and improve the reporting of information security breaches in the public and private sectors.
We are calling for greater public debate and for the government to consider legislation that would require organisations that suffer information security breaches to alert their customers if there is a chance the breach has put individuals' sensitive personal data at risk.
We want to hear your views about this campaign and the issues it raises. Make your voice heard by leaving a Reader Comment below or emailing us at editorial@silicon.com.

September 2008: Four CDs containing the details of almost 18,000 staff are lost as they are moved between the wages department of Whittington Hospital NHS Trust and payroll company. The CDs are found again later that month.

August 2008: PA Consulting loses a data stick holding records on 84,000 prisoners, a breach that subsequently sees the contractor lose its lucrative contract with the Home Office.

July 2008: The Ministry of Justice reveals data on 45,000 people, including criminal records and banking and court information have been lost or compromised in the preceding 12 months, following the loss of laptops, portable storage devices and papers containing information on recruits, offenders, court appellants and suppliers.

June 2008: A laptop containing unencrypted details of 21,000 patients stolen from the car of a manager at Colchester University Hospital NHS Foundation Trust.

March 2008: The Ministry of Defence confesses 11,000 military ID cards have been lost or stolen over the last two years.

February 2008: A laptop bought on eBay is found to originate from the Home Office and arrives containing an encrypted data disc from the government department.

January 2008: Some 600,000 records on members and would-be members of the Royal Navy, Royal Marines and Royal Air Force are lost after a laptop belonging to the Ministry of Defence is stolen.

January 2008: A CD which holds the names and addresses of 160,000 children is lost by the City and Hackney trust.

December 2007: Northern Ireland's Driver and Vehicle Agency loses data on 7,685 motorists after two CDs containing their details are sent by courier but never turn up.

December 2007: HMRC follows its massive data November breach with the news that a data cartridge with details on 6,500 pensioners got lost in transit that September.

December 2007: Another large scale data breach rocks the government - the Driving Standards Agency admits losing more than three million learner drivers' details after a hard disk goes missing from a contractor's secure facility in Iowa City, Iowa.

December 2007: Department for Work and Pensions fails to receive a disk containing the records of 40,000 housing benefit claimants after a West Yorkshire council attempts to courier it to the department clued up.

November 2007: In what amounts to one of the most colossal data breaches in the public sector, HM Revenue and Customs admits 25 million records containing the names, addresses, dates of birth and National Insurance numbers of the entire HMRC child benefit database have gone missing after a junior member of staff sent MRC databases unrecorded and unregistered through courier TNT to the National Audit Office. The databases never arrived.