The UK’s Home Office had to revise its estimates regarding a data breach from last year. A USB memory stick with prisoner data was lost by a consulting firm, resulting in 130,000 prisoner records. The memory disk did not make use of USB drive encryption like AlertBoot endpoint security systems, which could have prevented the breach from becoming big news.
It would have also prevented the need for the Home Office to restate its figures. According to a report, the data breach by PA Consulting actually affected 377,000 records. That’s nearly three times the originally reported figure! Talk about being way off….
PA Consulting, which was at the time involved in the UK’s National ID Card scheme, saw its contract with the government terminated over the incident.
All because of a lost USB flashdrive. Who would have entertained the thought that something the size of a pack of gum would result in a cancelled contract, probably in the millions of dollars?
This, however, is the risk a company takes when it does not have the proper security controls in place. If whole disk encryption had been used, the loss of the device may not have had such a dire consequence for the consultant, even if the theft itself may have been a calamity. (Yes, a calamity. That’s what the loss of 130,000 sensitive records happens to be.)
Related Articles and Sites: