Ministry of Defence reports more than 1, 500 data loss incidents in the last five years

[Jake Kouns <jkouns () opensecurityfoundation org>]

http://www.scmagazineuk.com/ministry-of-defence-reports-more-than-1500-data-loss-incidents-in-the-last-five-years/article/167919/

More than 1,500 incidents of the loss of confidential or personal data
have been reported by the Ministry of Defence in the last five years.

In a wash-up debate in parliament last week, Angus Robertson, Scottish
National Party MP for Moray, asked Bill Rammell, Minister for the
Armed Forces, how many incidents of the loss of confidential data held
by his department have been reported in each of the last five years,
and in each of the last 12 months.

Rammell confirmed that a total of 1,705 incidents were reported
between 2005 and 2009, with a high of 1,099 in 2008. He said: “The
Ministry of Defence (MoD) takes any attacks on, or misuse of, its
information, networks and associated media storage devices very
seriously and has robust procedures in place to mitigate against and
investigate such occurrences.

“Furthermore, new processes, instructions and technological aids are
continually being implemented to mitigate human errors and raise the
awareness of every individual in the department with regards to cyber
security.”

In its defence, the MoD said that ‘in a number of these cases the
documents were historical and so the original protective marking would
have been eligible to be considered for downgrading' and would reduce
any risk of compromise.

As to how they were discovered, it said a number of these incidents
came to light as a consequence of thorough housekeeping activities and
revised MoD data management practices. It also said that it was likely
that a large number of instances relate to records of the destruction
of documents not being accurately maintained, rather than documents
actually having gone missing.

It said: “The surge in reported incidents from 2008 is largely
attributable to two factors. Firstly, there is an increased awareness
of the need to report data loss across the Department. Secondly, since
the publication of the Data Handling Review and Burton Report, the MoD
is now auditing its holdings of both personal data and removable
media.

[..]
_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/

Get business, compliance, IT and security staff on the same page with
CREDANT Technologies: The Shortcut Guide to Understanding Data Protection
from Four Critical Perspectives. The eBook begins with considerations
important to executives and business leaders.
http://www.credant.com/campaigns/ebook-chpt-one-web.php