HM Revenue & Customs say stolen laptop data is secure with 'top level encryption'
News broke today that a worker at HM Revenue & Customs had their laptop stolen from a car. The laptop contained sensitive public information and was being used to conduct a routine audit of tax information from several investment firms. HMRC confirmed that a laptop was stolen and apologised to the public, but that it had “a complex password and top level encryption” was in place to protect the data on it. It’s a shame the print-out that was also stolen wasn’t so well protected… this document contained details such as passport numbers and home addresses, all of which now pose a security risk.
Tom de Jongh, product manager at mobile device encryption specialist SafeBoot, sees this case as a positive although the potential damage could have been catastrophic: “I sympathise with all those who’s data was on the print-out – to take such a sensitive document out of the HMRC office environment is not advisable. However, it is good to see that organisations are finally starting to think and are taking steps to remove the ‘human factor’ when it comes to data security.
“Although the laptop was left in what seemed a secure location [a locked car], the fact is whenever a piece of equipment leaves the corporate environment that business is putting its faith in the employee to look after it. What I call the’ human factor’ comes into play and with the best will in the world, the employee cannot guarantee that he or she will not fall victim of a crime. This is a great example of that. HMRC took all the correct security procedures by protecting the laptop with a robust password and content encryption protocol. Although the device has fallen into the wrong hands, the sensitive data will not.
“More companies need to follow this example and take a holistic view of their organisation’s assets, and assess the ‘human factor’ before its too late.”