Ministry of Defence under fire over 18% rise in data breach episodes
18 January 2021
THE MINISTRY of Defence (MoD) has seen an 18% rise in incidents potentially involving personal data loss. According to official figures, in total there were 546 reported incidents of potential data breaches in the most recent financial year, up from 463 in the previous year (2018-2019). Seven incidents were so serious that they had to be reported to the Information Commissioner’s Office (ICO) for further investigation.
The data, contained in the MoD’s recently published Annual Report and analysed by the Parliament Street Think Tank, raises fresh questions about security risks facing public sector organisations.
Breaking down the data, there were 49 reports classified under ‘loss of inadequately protected electronic equipment, devices or paper documents from secured Government premises’ in the most recent financial year, with an additional 19 incidents reported from outside Government premises. There were also 454 incidents logged under the general category of ‘unauthorised disclosure’.
In July 2019, a sub-contractor incorrectly disposed of MoD-originated material, leading to unauthorised disclosure of the personnel and health data of two former employees.
Meanwhile, in December 2019, criminal investigation files were lost during an archiving process, potentially placing 16 individuals at risk.
In March last year, a whistleblowing report that had not been properly anonymised was issued. Although the document was deleted 32 hours after issue, it placed the personal security of at least nine individuals at risk.
Commenting on this news, cyber security expert Tim Sadler (CEO at Tessian) stated: “Time and time again we see how simple incidents of human error can compromise data security and damage reputations. The thing is that mistakes are always going to happen. As organisations give their staff more data to handle and make employees responsible for the safety of more sensitive information, they must find ways to better secure their people.”
Sadler concluded: “Education on safe data practices is a good first step, but business leaders should consider how technology can provide another layer of protection and help people to make smarter security decisions in order to stop mistakes turning into data breaches.”
Founded in 2011, Parliament Street is one of the UK’s leading Think Tanks. Its cyber security team liaises with leading lawyers, politicians and industry experts to identify security risks posed to UK businesses.
*For further information visit www.parliamentstreet.org