A monumentally silly clerical error led to the personal details of all the prisoners serving at HMP Cardiff being emailed to three of the inmates’ families. Data watchdogs at the Information Commissioner’s Office (ICO) have slapped a £140K fine on the Ministry of Justice over the serious data breach, which was only discovered …
A large amount of data transferred between systems?
On an unenctypted floppy disk? Correct my ageing dust filled mind, but if I remember this right, a floppy disk could only handle 1.44Mb? So not that large (in termms of filesize) after all?
Unless it was a zio disk, or if it was spanned across 20 of aforementioned post modern drinks coasters.
Re: A large amount of data transferred between systems?
You forget in the article it mentions that this is a text file. You can fit a lot of prisoners details in a 1,44MB text file...
Re: A large amount of data transferred between systems?
Two full copies of War and Peace with a fair bit of space left.
Have a drink for your aging, dust-filled mind. :-)
Dostoyevsky's Crime an Punishment ?
"The police and a member of the prison’s staff were sent to the recipients’ home addresses following the incident to ensure the files had been deleted."
How did they do this exactly?
It is not hard to save a file to a USB stick for later use...
I would be extremely cautious at allowing anyone access to my systems, I am not responsible for emails people send me, if they send me the wrong thing, fine I don't care I can filter to spam... If they want me to ensure it is deleted it after they sent it to me, there will be a very large fee involved...
Suppose the info was emailed to 80,000 people. What then?
The files don't need to be encrypted....
...sticking it on a floppy is protection enough. After all, how do you read from one of those things again? I tried putting it in my "combo" drive and it made a horrible noise as I slammed the drawer shut.
Just goes to show that the weakest element of security in any system is the human element.
Once is careless, but three times?
Are they absolutely sure this is a mistake?
Re: Once is careless, but three times?
Oh we are so close to an Oscar quote:
"To lose one parent is unfortunate. To lose two starts to look like carelessness"
-The Importance of Being Earnest.
Govt fines itself - taxpayer pays additional cost of process
But is the Permanent Secretary or other "Senior" "Responsible" officer going to take any pain?
Answers on a postcard or unencrypted email to be left in a pub toilet. Closing date: the week after the publication of MoJ performance bonuses
Isn't recursiveness fun? Case in point: the government fining itself...They must really hate getting a fine from themselves...and having to shift the taxpayer's money from the left pocket to the right pocket!
Which means there's now no more money left for (re)training...
I used to do this floppynet thing between two machines for exactly the same supposed security reasons back in... 1988? Fortunately it was only a high security MoD site (ordnance factory) with highly restricted movements of chemicals and suchlike in, out and around the site. Not a care about me taking my work home every night though.
It's OK, they will probably appeal...
Thank you for providing another example on my long list of examples of why we need to keep DLP controls on, regardless of the few times emails are held incorrectly.
Outgoing mail filter idea...
... how about diverting all outbound mail that contains, either directly or in an attachment, more than N historical dates, postcodes or NI numbers to another department for checking before sending.
It would be a start. I'm sure we can come up with a regex ...
Having spent x2 years going through our accreditation, how the hell did they get through any audit with a floppy drive enabled?
Re: Accredited Network?
In a former workplace, our RESTRICTED network had (carefully controlled and heavily firewalled) internet access. And yes, there was probably a few old PCs on there that still had floppy drives.
Secure file transfer?
"The only way the information can be transferred from the Quantum system to the biometrics system is to carry out a ‘profile dump’ of all inmate details. The transfer is done at the start of each day by the booking clerk who locates the text file via Windows Explorer on the Quantum system and then, using the ‘copy and paste’ function, places the file on an unencrypted floppy disc.
The disc with the copy file is then removed from Quantum and physically placed in the biometric system to load the copy file to facilitate the update, which takes place by checking for differences between that file and the biometric system’s own database. Following the transfer the copy file is erased from the disc. The disc is then stored securely in a locked drawer."
"A floppy disc is no longer used. In its place an encrypted memory stick is used for the data transfer. The method used for placing the data on the USB stick is to locate the text file and use the ‘send to’ function, not the ‘copy and paste’ method.
Therefore the file is not retained on the ‘clipboard’, which the data controller considered to be a key factor in this case. Following the successful update, the PC used to copy the file is rebooted to clear any temporary files and this is checked by trying a ‘paste’ in a Word document"
Re: Good Grief!
Please, please tell me you made that up as an exercise to see how badly you could screw up a procedure that short. It's like one of those 'What's wrong with this picture?' cartoons in "Highlights For Children" that shows a playground full of kids doing stuff like using a walrus as a slide and roller skating on lime wedges.
In both cases my first reaction was to wonder what kind of children could face any difficulty seeing the issues at hand...
"Each recipient confirmed in writing that the email message had not been disseminated further and that it had been fully deleted. For two of the recipients, access was allowed to their email accounts for confirmation of their actions. The other recipient had already double-deleted the message and attachment. "
Presumably means 'deleting' in the mail client which really means putting in a folder called Deleted Items or some such. Then deleting from there. So the data is gone from the mail client. Of course there are ways in which the data might still be recovered, but the likelihood of this happening seems remote.
Excuse me sir!
"Bit of a cock-up on the clerical front. Do you mind if we come in and have a little chat with you about your responsibility to delete the aforesaid clerically cocked up stuff?"
"Good consternoon afterble, by all means, do bumble in, Occifer."
"We wuzh jusht 'avin' a liddle afshternoons refrejmunts. S'not aginst der law izzit?".
"Ha, ha - ha ha".
(Cue much merriment at no. 23 Acacia Avenue - curtains twitching left right and centre)
"And afjter oll, if you've got somethin' wrong, you've done somethin' to hide." (Burp!)
(Wide eyed loon smile from Mrs. Parker [Nosey to her friends, but that's just because of her rather large facial appendage]).
"Come in. Come in!".
Officer Afterble bumbles upstairs to the familial computer viewing wing of the house.
Little Milly and little Billy are gathered around the screen. Eyes agog, mouths ajar. Motionless, save for a slight almost imperceptible shake. Body temperatures slightly lowered. Faint bluish tinge to lips. (It's true what they say - you never forget your first bodily mutilation video - but there'll be plenty of time for sweet reminiscing later on in their little lives)
"We wuzh juzt washing one of dem der dee dee capitation viddyos, Occifer. On zer gud book".
"Snot againsht da lawz izzit?".
"Ha ha, ee eeh." (Cough, hackup and splutter - gobules hitting the screen where poor old Ahmed Amrilliwollah's head used to be, making him look as if he has [or rather had] an extremely bad case of the Afghani Flu)
"Ah, hum yes", proffers Occifer Afterble. "I mean, No, no. Not against the law. Not yet, anyway".
(Not until you start enjoying it too much anyway, he silently thinks to himself, but thinks better of saying out loud)
He faintly smiles.
"Yes, I understand you were recently sent something by mistake...."
"Oh fuck it, I will have that drink after all - make it a double 'n all!"
Can anyone else see what is wrong with this picture?
Just what have we come to? Really. What have we become?
Is there any fucking hope at all for humanity at this point?
- Just TWO climate committee MPs contradict IPCC: The two with SCIENCE degrees
- 14 antivirus apps found to have security problems
- Feature Scotland's BIG question: Will independence cost me my broadband?
- Apple winks at parents: C'mon, get your kid a tweaked Macbook Pro
- FTC to mobile carriers: If you could stop text scammers being jerks that'd be just great