Troop secrets on lost USB stick found on nightclub floor

Filed Under: Data loss

In July I blogged about how the British Ministry of Defence has lost over 120 USB flash drives since 2004. A tabloid newspaper has now revealed the latest careless incident involving a USB stick, in this case the portable drive outlined a military training exercise for 70 soldiers.

Details of locations, travel and accommodation for the troops from the 3rd Battalion, Yorkshire Regiment, were included on the device which was found on the floor of a nightclub in Newquay, Cornwall. A clubber found the memory stick and passed it on to the national press.

In June, the Ministry of Defence published a report by Sir Edmund Burton identifying weaknesses in the British army, and ways in which it needs to do more to protect data on its laptops and USB sticks. The Burton review was instigated by a number of high profile and embarrassing data losses for the British authorities, including the theft of a Royal Navy laptop containing the personal information of 600,000 people in January.

This latest incident of a USB stick being lost predates the publication of Sir Edmund's report, but has only just come to light.

From these latest reports it sounds like while a soldier was enthusiastically doing the Macarena, the thumb-sized USB stick must have dropped out of his pocket and onto the disco floor. This wouldn't matter of course, if the data was properly encrypted. If the information on the drive had been properly encrypted then the clubber who picked it up would never have known that the garbled data on it belonged to the military, and the newspapers wouldn't have had their story.

What's that? You don't believe that soldiers do the Macarena?

Military Macarena
(Image source: Soldiersmediacenter's Flickr photostream.)

Boogying soldiers aside, the litany of stories of lost data are not just a PR nightmare for the organizations involved. They also put the identities and - in some cases - lives of individuals at risk. Everyone, whether they be a home user or an employee at a multinational, needs to ensure that they are doing what they can to reduce the chances of identity theft.

* Image source for USB stick: Nedko’s Flickr photostream (Creative Commons 2.0)

You might like

About the author

Graham Cluley runs his own award-winning computer security blog, and is a veteran of the anti-virus industry having worked for a number of security companies since the early 1990s. Now an independent security analyst, he regularly makes media appearances and gives computer security presentations. Send Graham an email, subscribe to his updates on Facebook, follow him on Twitter and App.net, and circle him on Google Plus for regular updates.