Category Archives: Data Loss

Data loss overtakes physical theft in global business community

Businesses from around the world are now more likely to suffer from data loss and digital theft, than the actual appropriation of material assets, according to a report conducted by Kroll.

The latest Annual Global Fraud Report found that 27.3 per cent of firms have announced the theft of data during the last year. In 2009 this figure was just 18 per cent, showing that there has been a significant increase.

There has been a smaller drop in the number of businesses reporting the theft of material goods, with 2009’s level of 28 per cent, falling to 27.2 per cent in 2010.

Kroll’s Richard Plansky, said that he anticipates this to be a continuing trend that is gathering momentum. He puts this down to the fact that information is now the lifeblood of the global economy and as such, businesses place greater importance on concepts rather than tangible products.

Speaking to Infosecurity Magazine, Mr Plansky explained that the move towards the digital age was both beneficial and a hindrance. While giving greater access to important information can improve productivity, he also said that this allows those with malicious plans a greater chance to influence and corrupt data.

The survey concluded that it was those businesses in the financial sector that had seen the most significant increase in the number of data theft incidents, up to 42 per cent from 24 per cent in 2009. Media and telecoms firms were also hit with a big increase which saw 37 per cent report data theft incidents in 2010.

The increasing complexity of network infrastructures is being labelled as the key cause for heightening the threat of security breaches by 28 per cent of those questioned as part of the survey. In turn nearly half of all firms are going to invest in data protection within the coming year, which is actually a drop of three per cent compared to the previous 12 month period.

Only firms with revenues in excess of half a billion dollars were included in this survey, so the significant threat of data theft is clearly being felt on a global scale in all industries.

Sellafield nuclear site has secrets leaked after data loss

The Sellafield nuclear site has suffered an embarrassing data loss incident after secret details about its operation were left on an unencrypted USB storage device which was found in a hotel room in Cumbria.

While this loss could have been catastrophic had the data found its way into the wrong hands, the Sellafield bosses can at least take some comfort in the fact that a member of the public handed in the USB drive to the authorities.

Amongst the information stored on the USB drive were details of how employees are going to be transferred from Cheshire to sites across Europe as part of a deal with Urenco.one, a firm specialising in uranium.

Security expert Sean Glynn, said that this significant data loss could be seen as an indication to the UK’s foes, that it is relatively easy to steal highly sensitive information from within organisations like Sellafield.

Mr Glynn said that it did not take much intellectual power to work out that while USB storage devices are incredibly useful across many forms of business, without proper data protection they are at great risk of becoming compromised.

Encrypting USB storage is the best solution, as this makes it difficult for third parties to access the stored data, even if it is lost by an employee or stolen, according to Mr Glynn. He pointed out that the UK is currently seeking to invest millions in fighting cyber crime and terrorism under a sustained threat from foreign forces, which should give firms the incentive to better safeguard data which is of importance to national security.

The USB device was found by a coach driver who was staying in the Cumbrian hotel, unaware at the time that he was handling data which could be extremely valuable to international criminal groups. On discovering the significance of his find, the driver is said to have remarked that the potential for misuse of its contents was staggering.

An investigation into how the USB drive was left in a hotel room has been launched by Sellafield and further action is likely to occur as a result.

Fines issued over NHS data loss

Fines are being issued by the Information Commissioner’s Office (ICO), after it found the NHS-regulated Healthcare Locums agency to have been in breach of the rules of the Data Protection Act (DPA), with regards to data loss prevention and information security.

The agency in question was responsible for large amounts of data relating to doctors working for the NHS and the ICO implemented fines after a data loss incident exposed details on certain medical practitioners.

The ICO was alerted to malpractice within the agency when an online auction site was used to sell a hard drive, which was packed with data relating to doctors’ visas and security information.

Although Healthcare Locums reported the incident and notified the ICO, it could not explain to the regulator how such a serious breach of data handling practices was possible. Further investigations revealed that the storage device had been either lost or stolen during transit from Skipton to Loughton.

The ICO identified that the agency had failed to record the reason for the transfer or the specific data that was held on the hard drive, which subsequently went missing. The only reason that it was able to detect that the data loss had occurred at all, was because a private citizen alerted them to the sale.

The ICO’s Sally Anne-Poole, said that this latest data loss from within an organisation linked with the NHS, identified the significance of compliance with the rules of the DPA, in relation to the proper transportation of private details.

She went on to explain that the recruitment agency had since made sure that its policies on data handling and transport were improved, so that further breaches of the DPA would not occur.

Healcare Locums’ Mo Dedat, committed to ensuring that future incidents of data loss are not possible within the firm. This includes not only losses resulting from actions of direct employees of the agency, but also any third party firms which it uses in the process of managing, storing and transporting data.

Microsoft reports data loss dip in 2010

A new study from software giant Microsoft, has found that the number of data loss incidents which have occurred in 2010 is considerably lower than those registered in 2009. This suggests that businesses and organisations are gradually reducing their chances of becoming the victims of scandalous security breaches or the misplacement of private information.

In the Microsoft Security Intelligence Report (MSIR), a small section was dedicated to data loss. Figures from industry analysts were quoted, showing that between 2008 and 2010, the number of data loss incidents made public, fell consistently over each intervening period of six months.

In the first half of this year, 232 data losses were reported, compared to 414 during the same period two years previously.

Microsoft used the MSIR to explain that there is one likely influence on these declining figures – the continued slowdown of activity caused by the global recession which coincides with this period.

While data loss is still largely facilitated by portable storage devices, mobile phones and laptops being lost, in 2010, the decline in the number of such incidents was at a significant 46 per cent.

A spokesperson for Microsoft, said that a greater awareness amongst the general public was allowing businesses and organisations from around the world to better protect the data for which they are responsible.

The spokesperson also indentified that security firms and businesses have to think creatively and continually ‘up their game’ in order to keep on a level footing with the cybercriminals who are intent on stealing data or benefitting from its accidental loss.

Despite the apparent decrease in data loss incidents, Microsoft used the MSIR to publish statistics which suggest that the proliferation of malware is on the rise. 6.5 million computers had harmful software removed via the Malicious Software Removal Tool, which represents a total increase of 100 per cent compared to 2009 levels.

Any data loss statistics need to be taken with a pinch of salt, as most believe that there is a discrepancy between the number of businesses which suffer from data loss and those which are then able to detect them and subsequently alert the proper authorities.

Portable devices pose problems for UK IT managers

A new study has found that those in charge of IT management in the UK are failing to keep tabs on the various mobile and portable devices which are used within a given business or organisation, increasing the risks of data loss or theft.

Seventy-five per cent of respondents to a survey conducted by Absolute Software, said that within larger businesses they could not reliably give the precise location of their laptops at a given time. Within SMEs (small and medium-size enterprises) this figure was at the 50 per cent mark.

Sixty-five per cent of those questioned said that they had at one point or another lost or mislaid their mobiles. This is said to show that it is becoming increasingly difficult for IT managers to track and monitor the usage of portable devices, as they are more prolifically employed across businesses of all sizes.

Absolute Software’s Dave Everitt, said that an overall improvement to the management of IT assets was clearly a necessity in the majority of businesses and organisations, to help prevent data loss or theft of mobile devices.

Mr Everitt continued by saying that there was a greater reliance on mobile and portable devices to help increase productivity within businesses in both a working and home environment. He said that this proliferation of portable devices capable of storing sensitive data, meant that IT managers would need to increase their awareness of not only where employees are using such devices, but also how they are being used to avoid disaster.

Forty-four per cent of respondents revealed that the use of both PC and Mac technology, meant that in many cases it was impossible to track both platforms when in use on a single network.

Various significant statistics relating to the loss of portable and mobile devices from within big businesses and organisations, have been released in recent times, with the BBC, The Ministry of Justice and others forced to admit large losses, because of requests put in under the Freedom of Information Act.

ICO seeking greater investigative and punitive powers

The Information Commissioner’s Office (ICO) is seeking to earn greater powers to help curtail the actions of those individuals and businesses which breach the terms of the Data Protection Act (DPA), through inadequate security, data loss or theft.

The latest news from within the organisation is that it will be requesting the ability to impose custodial sentences on offenders, rather than the current fines, which are the maximum applicable penalty for such an incident.

The ICO has been approached by the Ministry of Justice in order to provide it with details of how data protection legislation currently operates. It announced that there need to be greater deterrents in place to ensure that the private information of normal citizens is not being abused or handled irresponsibly by businesses and public sectors organisations.

In a statement, the ICO said that offences involving selling or bartering with sensitive personal data should be punishable by a prison sentence in the most extreme examples.

It explained that the circumvention of data protection policy within organisations was most regularly carried out by lone agents, but complained that the threat of fines was insufficient to prevent future loss or theft under the current DPA rulings.

As well as highlighting the inadequacy of fines in combating DPA breaches, the ICO said that its current investigative abilities are underwhelming and inappropriate for the task in hand, when it is asked to examine a particular organisation.

The ICO said that at the moment it is only able to investigate those directly involved in handling data if they allow it. As such, the Information Commissioner is said to be in the process of collecting evidence which indicates the frequency with which those responsible for data refuse to co-operate with an ICO investigation.

The ICO said that it is the private sector in which this refusal of involvement is most regularly found and, ideally, the Ministry of Justice will be convinced of this when it has been given the opportunity to look over the evidence provided in the coming weeks.

Our Customers

  • ATOS
  • Age UK
  • Alliance Pharma
  • Liverpool Football Club
  • CSC
  • Centrica
  • Citizens Advice
  • City of London
  • Fujitsu
  • Government Offices
  • HCL
  • LK Bennett
  • Lambretta Clothing
  • Leicester City
  • Lloyds Register
  • Logica
  • Meadowvale
  • National Farmers Union
  • Network Rail
  • PKR

Sales question? Need support? Start a chat session with one of our experts!

For support, call the 24-hour hotline:

UK: 0800 999 3600
US: 800-220-7013

Or, if you've been given a screen sharing code:

Existing customer?

Click below to login to our secure enterprise Portal and view the real-time status of your data protection.

Login to Portal