Leeds Council has apologised for losing a memory stick containing unencrypted details of 5,000 nursery-age children. The council originally believed the stick, which was found by a member of the public, contained no sensitive data. It was not encrypted or protected by a password. It contained names, addresses, dates of birth, …
Don't let then use fucking memory sticks EINSTEIN !!!!!!!!!!!!!
"“We take issues of information security very seriously..."
Now where have I heard that before? And how many times?
Flame because sooner or later, you know that someone is gonna get burned over the massive volumes of data lost by all levels of government...
We'll say there was nothing important on it, afterall no one will ever find it and hand it in, Doh!
.... DON'T BUY UNENCRYPTED MEMORY STICKS. And threaten to sack anyone who brings their own. It works well in the fairly large telco I work in...
are public sector employees allowed to download this type of information to memory sticks, at all?
"The council could not explain how, or why, the information was put on the memory stick in the first place."
No doubt they will put systems and safeguards in place to make sure this can never happen again until next time.
Now, what's this in my coat pocket?
"It contained names, addresses, dates of birth, phone numbers, child protection information, ethnicity and whether their parents are claiming benefits."
"it was understood that no sensitive or confidential data was on this stick"
Last time I checked, names, addresses, dates of birth, phone numbers, etc, was all confidential data.
It's not enough... they're in breach of the Data Protection Act... Heads MUST roll... If I was one of the parents involved, then I would be consulting a lawyer right now... Until the DP act sets out clear penalties for breaches that directly affect senior managers of responsible departments (ie they go to jail), then senior managers won't consider the consequences to their jobs/careers/freedom. Somebody ultimately was responsible for the data being on a memory stick... somebody must lose their job at the minimum...
If they broke such a serious policy and thus committed a criminal offence, someone should be sacked, or the organisation should be prosecuted, just as the Searchlight operatives who leaked the BNP list have been.
Words fail me
Can someone just point these muppets at Truecrypt?
Is another loss of info needed to help convince the rest that ID cards are not a good idea?
... every little helps!
Keep 'em coming
We are continually asked why we are insisting that our council staff pay £50 for a 1GB memory stick when they can pick up a bigger memory stick for a tenner down at Argos.
It's articles like this that help make our point.
I notice a suspicious lack of info regarding when it was reported lost, allowing us to know just how long it had been missing.
A couple of hours, mistakes can happen and the window for theiving the data is narrow. A few days and the chances of the data being duplicated before returning to a location goes up quite a bit.
hardware encrypted USB stick anyone
Note to any government office, use a hardware encrypted USB memory stick?!?!?!
We use them at our company as standard makes our data policy look like something off of 24. Seeing that if any of our company laptops, desktops and home or usb sticks were lost stolen they would be useless!
Paris as she is HOT!
Am I the only one?
Am I the only one who thinks what really happened here is something along the lines of:
"Oh bother, we've lost that memory stick with those kids details on it. Still, either no-one will ever find it or if someone does they'll most likely delete / refomat it and stick their own stuff on it, so we'll just claim there was nothing important there and forget about it".
Then whoever found it did hand it in (presumably after looking at the data to see who's it was, unless there was a label on the outside), and the plan derailed all wheels.
TBH as long as organisations allow staff to use computers which are either connected to the Internet and/or have sockets for things like memory sticks, leaks and losses will continue unchecked. It would be possible to install totally secure networks with no external connections and no USB ports or removable disk drives - but the staff would probably then complain they couldn't do their jobs properly, and given the amount of work lots of people in things like education seem to take home with them, that could well be right.
and yet again they lose more data, and this time it's KIDS!
every government agency / civil servant office, should yank the USB ports off the systems, take out all the CD Writers and instantly fire ANYONE that takes data offsite without reason. there's no excuse for losing data with todays levels of encryptions, oh but of course, they're still not using that despite how much public data has been lost over the past couple of years, so, you still all think this ID card is a good idea, I think they'll just have more data to lose by more morons.
flames because they can all BURN!
<quote>A Leeds City Council spokeswoman, said: “We take issues of information security very seriously and are very sorry that this breach has occurred. We have guidance in place which seeks to prevent such incidents occurring including advice on using memory sticks.</quote>
Hmm, if they really did care about security they would block the use of memory sticks, or at least use encryption.
When is some independent body going to fine these councils and government organisations (say £100 per record lost). When that happens maybe they will sit up and take notice.
When will these T0$$erS learn... YES Nu Labour i`m talking about you & your database state. As a parent with a child that will end up on one of these _great_ database's that are Sooooo secure that some Twat will dump to a flash drive & then loose.
There is absolutely no excuse in this day and age. FFS google TRUECRYPT or PGP you useless T0$$ers.
To the parents in Leeds, send your letters off to the Information Commissioners Office. You have my sympathies.
/Reg readers - sry 4 Rant but how long will they allow this to continue. Our so called masters are EXEMPT from ID cards, Databases, etc but we have to put with their $hite...
/Coat - Coz hese f00ls need to collect theirs on their way out.
Here we go again
Beano annuals down the backs of the trousers for Leeds city council.
Just how long will it be before these and other government departmental dorks grasp the painfully obvious?
Is there really a need to carry around this sort of data on a memory stick? Haven't people heard of remote access should they require it?
Same goes for all the "sensitive information" that seems to be placed on laptops and allowed to leave Military bases...
OK putting this information on there is not the best but if I found something like the dossier that was left on the tube. First stop is a internet cafe with 20£-40£ for photocopying and scanning, then upload to Wikileaks, and finally an envelope so it can be mailed back to some gov't office.
If this process is carried out it would not take long for the gov't to get thier ass in gear and stop this practice of hiring complete idiots.
Leeds City Council...
...is a joke as it is. Fuck-ups like this aren't surprising to me in the slightest, I have to say.
re Laughable security
Fine them? why should the good people of leeds have to cover the cost of their incompetance via increased council tax bills...
just sack the person who lost the stick... sack the head of IT and then sack a randomly selected member of any other team.
Instantly. No ifs. no Buts. Just clear your desk and leave.
See how quickly this kind of stuff stops then.
"The council could not explain how, or why, the information was put on the memory stick in the first place."
Why not just ask the person who reported it as lost? Maybe they were selling it to the local peadophiles.
Dead letter drop
That's what it sounds like to me - A copies the stuff and leaves it in a pre-arranged location ready for B (whom he does not know and will never see) to pick up.
Except that Joe Q Public finds it first - always a risk in such a scenario.
for once a law is needed
which relates to statutory penalties for loss of data.
The only reason our legislation happy government wont do it, is because they know they are the first fall foul of it.
At what point will people realise they work in a position of authority and power when they deal with people's data. That bring responsibility.... unfortunately most people follow the facebook definition of privacy and data security.
People should be fired for this.
fines for councils...
If they imposed severe financial fines on the council for the loss of the data then we'd only end up paying for it by increased taxes, council tax bills, reduced services due to budget dents.
the only way that some of these muppets will learn is if it hits them directly both in the pocket personally and in time spent in prison.
having said that we'd still be paying for them to stay in prison anyway :(
More lies and empty apologies
As the old adages have it, "words are cheap", and "actions speak louder than words."
Clearly Leeds council has people in charge who don't know what they are doing (aka "muppets"), which seems to be a common problem in the UK today. But instead of letting the buck stop on someone's desk (and thereby cause their firing tout le suite), all they do is issue mealy-mouthed apologies which do little other than anger the people affected by this lackadaisical approach to data security.
The thing I wonder about: are these ridiculous data losses a specialty of the UK, or is it just that in other countries they are more successfully kept under wraps? Somehow, I suspect the former, and somehow I have a funny feeling that it's intimately tied up with NuLabour's insane fixation on creating databases. Somebody (lots of somebodies) simply hasn't awakened to the fact that the more data you hoard, the more will be lost.
For added piquancy, there's a suspicion that way too many management types in the UK public sector are hired for their political connections or for reasons of political correctness.
Is Leeds council in the grip of NuLabour, by any chance?
Flame because, yes, I'm ranting.
"We take issues [...] very seriously"
I finally got what they mean by that: "We very seriously keep on trying to provoke such issues".
Should we tell them that leaking personal data is supposed to be a *bad* thing?
I work for a local council and we noted early on that USB drives are a security risk.
We now use Ironkey (hardware encrypted USB pen/key drives) and certain teams (i.e mine) are allowed to use Truecrypt on USB harddrives where necessary.
The interesting thing is, today I was setting up a public access terminal and we noticed that USB drives could be used (I had to work out a way of disabling access to them and found a way of disabling usbstore under Windows).
Please don't tint all public service/councils are incompetant retards, some of us work to solve these problems, not to create them.
Posting anonymous as I don't think my employers would appreacte this.
Meh, business as usual.
Stupidness is the way of things, it's only ballsups like this that shake a little sense into people. Until the next time.
I just grabbed a couple of HP boxes (P4 and Celeron D, one with Sony SCSI tape drive) with hundreds of people's CVs, VPN settings, logins, emails, assorted other company data, and XP Pro keys. From the bushes by the car park of my block of flats.
Should be a tidy couple of hundred, once erased + formatted of course.
So the employee lied too?
“The loss was immediately reported by the employee concerned ... it was understood that no sensitive or confidential data was on this stick, so no further action was taken. ...once recovered, it became apparent the memory stick did have sensitive information on it that should not have been there."
So the council employee lied to cover up their fecklessness and disregard for peoples privacy and the law? Surely that's a fireable offence.
There is no privacy
The flying spaghetti monster know all.
His noodley appendage has access all areas!
And now the data mining begins
With a quick SQL INNER JOIN statement, we can see how many 2 year olds are members of the BNP...
A Leeds City Council spokeswoman, said: “We take issues of information security very seriously.....
This is, of course, totally untrue. If they really took these crimes seriously, they would not occur.
Immediate sacking and prosecution for any officer who behaves in this irresponsible manner would get the message home.
Even PH would know to use encryption on sensitive data.
advice on using memory sticks
Company-wide policy at the OS level forbidding USB to work, plain and simple.
True security is not leaving any leeway for mistakes to happen.
What they really need is control
Mobile Device and Media Control. Sanctuary. Control Guard. McAfee Device Control.
You have to remember that, unless enforced with technology, you're still pissing in the wind.
These Muppets (Local Authorities) are to be given access to the data stored in the National Identity Database.
If this weren't so serious, I'd cry / laugh / kill.
Group policy editor
Why is it so complicated?
ffs - AGAIN?!!?!?!?
@ "'s not enough... they're in breach of the Data Protection Act... Heads MUST roll... If I was one of the parents involved, then I would be consulting a lawyer right now... Until the DP act sets out clear penalties for breaches that directly affect senior managers of responsible departments (ie they go to jail), then senior managers won't consider the consequences to their jobs/careers/freedom. Somebody ultimately was responsible for the data being on a memory stick... somebody must lose their job at the minimum..."
hear hear, the overpaid managers at the top MUST take responsibility. they get the over-inflated pay from cushty council jobs yet never seem to have to take the flak when their people mess up.
until its a prison sentence for leaking data they wont give a damn. i for one would love to see some of the useless local council idiots taken to court over their constant failings of society.
if i accidentally break the law im still punished in the same way as if i intended to break the law. yet they break laws through incompetence and nothing ever happens. of course this would set a precident where MPs might also have to be
@ "When is some independent body going to fine these councils and government organisations (say £100 per record lost). When that happens maybe they will sit up and take notice." sod that! that would mean our council tax would go up or services would get worse. as i said before taking records without permission == theft, losing it == publication of secret materials. should be prison time. if they think they can arrest me and give me upto 15 years in jail for posession of pot then how is stealing and leaking sensitive info not a crime that can give prison sentences!?
Am I the only one....
...who is getting sick of the knee-jerk reaction on these comment boards that problems like this are the fault of the party in government? (And in passing, NuLabour just looks stupid.)
I think that whether Leeds City Council are Tory or Labour has very little to do with the incompetence of their IT staff, and the stupidity of their employees.
And if any of you think that if or when the Tories win the next election, they'll get rid of the database culture, you're just being naive.
ITYF that all that info is publicly available - see the phone book, electoral register, birth certificates...
NOBODY EVER LEARNS
NOBODY EVER LEARNS - Full of fking idiots this country is.
The employee needs firing, their manager needs firing and the ICT dept need a right bollocking for not making sure that encription/ paswording of documents was a policy for memory sticks.
- 'Windows 9' LEAK: Microsoft's playing catchup with Linux
- Infosec geniuses hack a Canon PRINTER and install DOOM
- Game Theory Half a BILLION in the making: Bungie's Destiny reviewed
- Review A SCORCHIO fatboy SSD: Samsung SSD850 PRO 3D V-NAND
- Was Earth once covered in HELLFIRE? No – more like a wet Sunday night in Iceland