The growth of identity theft and related fraud has turned a spotlight on security practices in all companies and organizations that deal with sensitive public data. Private sector practices in this regard are often severely lacking, but even organizations like the military have had difficulties. In May 2006, for instance, a serious American incident was covered in “ID Theft the Potential Reward for 26.5 million US Veterans.”
Now the UK Ministry of Defence has confirmed that a laptop stolen from a Royal Navy officer in Birmingham on the night of 9/10 January contained personal information relating to some 600,000 people who have either expressed an interest in, or have joined, the Royal Navy, Royal Marines and the Royal Air Force. In some cases, nothing more than a name would be present. In other cases, the data may include passport details, National Insurance numbers, drivers’ license details, family details, doctors’ addresses and National Health Service numbers.
The UK MoD did not immediately notify the public of the risk, on the grounds that the West Midlands Police felt it might impair the investigation, and the MoD’s apparent belief that it might be better not to make the potential value of the theft clear. That latter rationale can be defensible. Bluntly put, many thieves are not terribly bright; as an illustrative example, it’s quite possible for someone looking to score a quick payoff for a drug fix to miss a detail of this kind. Media reports made those rationales moot, however, and so an official admission has been made, along with contact information for a help line (0800 0853600). In the meantime, action had already been taken with APACS [Britain's Association for Payment Clearing Services] to inform the relevant banks and place a watch on potential accounts, and the UK MoD says that letters to the 3,500 people whose bank details were included on the database are in process. Meanwhile, the story will continue to play itself out in the media, and on the ground where investigations continue. UK MoD: “MOD confirms loss of recruitment data.”