British MoD Stunned By Massive Data Loss

Master of Transhuman writes "Seems like nobody can keep their data under wraps these days. On the heels of the World Bank piece about massive penetrations of their servers, the British Ministry of Defense has lost a hard drive with the personal details of 100,000 serving personnel in the British armed forces, and perhaps another 600,000 applicants. This comes on the heels of the MoD losing 658 of its laptops over the past four years and 26 flash drives holding confidential information. Apparently the MoD outsources this stuff to EDS, which is under fire for not being able to confirm that the data was or was not encrypted."

Hardly 3 hours

[Anonymous Coward]

Hardly 3 hours since the last post on /. about
UK Govt wanting to spy.

Combine this with the immediately preceding story

[kaos07]

Enough said.

Re:No, no, no

[drsquare]

What exactly is the MoD doing sending out sensitive data to foreign private contractors? In fact, why are they giving anyone data at all?

Fuck Labour.

Re:Hardly 3 hours

[Goldberg's Pants]

They want to spy more so they can gather more information to lose.

Seriously, lately it seems not a week goes by without some ridiculous data leak in the UK. Whether it be thumbdrives that automatically log into private networks, laptops being stolen, documents being left on a train, confidential information being lost in the post etc...

They won't need the Data Protection Act much longer in the UK because there'll be no data left to protect as it'll all have been leaked.

Re:No, no, no

[Zsub]

Are you just an idiot?

How does the fact that this company loses the gov'ts data not imply that the gov't loses data? Please tell me if this logic is flawed...

And does it actually matter who loses the data? I mean, I don't live there, I can't be arsed, it's not my private information but the whole point of my post was that the UK gov't loses data. Who exactly magically makes the disks or flashdrives disappear is besides the point.

Re:No, no, no

[i'm lost]

So the problem is actually that the MoD is stupid enough to entrust their data with a private company that's too incompetent to avoid losing data? That's just as bad, I'm not sure what you're defending here.

Re:No, no, no

[cyber-vandal]

But the overuse of external subcontractors is a political decision. Fuck New Labour and fuck the Tories who started it all.

Re:Hardly 3 hours

[Dr. Hellno]

"I'm just looking forward to when the data gets lost."

From the summary of that post. 3 hours ago.

...Holy Crap.

We know they're abusing their power. We know that they're incompetent!
And it never changes! It just happens again and again and again!
I don't know whether to laugh or cry or scream or kill or just give up anymore. I just don't know.

Re:No, no, no

[hdparm]

Why are you so apologetic on behalf of the British government? The drive was the responsibility of MoD. This includes the choice of people and/or organisations who do the handling. Likewise, even if the EDS was not the minister's choice, he should have been sacked because he hasn't made the decisions of this magnitude his choice.

Re:Hardly 3 hours

[Firehed]

We know they're abusing their power. We know that they're incompetent!

And it never changes! It just happens again and again and again!

Isn't that the definition of a government?

Re:No, no, no

[Anonymous Coward]

Sorry, are you implying that EDS are not an incompetent shower of useless bastards who routinely fail to deliver, deliver late or deliver wildly outside the scope of what was contracted?

Re:No, no, no

[tendrousbeastie]

It seems resonable to assume that the MoD are not putting sufficient emphasis on data security when placing contract with private companies. There have been several instances of private companies losing government data. The common factor is the government involvement. Seems that their procurement contract ought to be drawn up in such away to put safeguards against this happening. That is why it is the UK Govternment's fault.

Re:Encrypted or not? HAH!

[leenks]

His point was that if someone wants the data, eg they actively stole the hard drive, then they are likely to steal or obtain the mechanism to decrypt the data too.

I think /. needs to change its FAQ

[MagdJTK]

"Slashdot is U.S.-centric. We readily admit this, and really don't see it as a problem. Slashdot is run by Americans, after all, and the vast majority of our readership is in the U.S. We're certainly not opposed to doing more international stories, but only if we're slagging off other countries. Positive stories about anywhere other than the US are frowned upon."

Mod Parent +1 Correct

[ozphx]

The MOD must demand from it's subcontractors a certain level of service, and be responsible for it. "Well it wasn't our fault, it was that guy" doesn't cut it when it comes to state secrets.

Get better subcontractors next time or DIY, retards.

Re:No, no, no

[bwcbwc]

And before you go blaming those dam' foreigners, EDS is in this business in the UK because they bought the large UK contractor Scicon back in the 1990's. So regardless of the ownership, the people responsible for the operational f-ups that caused loss of the drive are probably home-grown.

Re:Government Incompetence?

[lysergic.acid]

there's no inherent reason for the government to be incompetent. but it's always those who want to cut down on public infrastructure and social welfare programs that are incompetent themselves. of course when you elect such people into government they make a complete mess of things and use their own incompetence as an excuse to hand these roles over to the private sector.

i mean, how can you put people who don't believe in public infrastructure in charge of public infrastructure? it's a self-fulfilling prophecy.

MOD PARENT UP

[BenEnglishAtHome]

This:

how can you put people who don't believe in public infrastructure in charge of public infrastructure?

is one of the best questions I've ever seen posted on Slashdot. With an election looming, it's a question that every voter should ask themselves. Whoever modded it flamebait is a dufus.

Re:No, no, no

[mpe]

No member of -- or person directly employed by -- the UK Government lost this data. EDS, a long-established, privately owned subsidiary of Hewlett Packard, lost this data.

If anything this is worst than someone employed by the British Government losing the data. Security was breached when they let a foreign owned company have access to it. That that company lost the media is just the icing on the cake.
This is like the driving theory test data, lost from somewhere it should never have been in the first place.
There are only 11 locations in the US that the British Government has any business at all sending this kind of data.

Re:Government Incompetence?

[byronf]

I wont go into excess detail (which, by itself, would be a violation of our security rules) but suffice it to say that if you wanted to steal and get data off an IRS laptop, you'd have to mug the user, get their password list, know their internal ID (which no one writes down because we use it constantly) then mug a different person with local machine administrator credentials, get logons and passwords from that person, then know exactly where to type all of them in without making more than three mistakes to lock up the machine.

What if I find a disenfranchised employee, and offer money?