Lost USB drive leads to lost contract

Filed Under: Data loss, Law & order

USB memory stick

PA Consulting, the firm that misplaced a USB memory stick containing the unencrypted personal details of convicted British criminals, has had its £1.5 million contract with the UK government terminated.

The British Home Office sent the sensitive data via email to PA Consulting in encrypted form, but it was then copied - unencrypted - to a USB data stick that was subsequently lost.

Home Secretary Jacqui Smith says that PA Consulting's remaining contracts - worth some £8 million a year - would be reviewed.

"Our investigation has demonstrated that although the information was transmitted in an appropriately secure way to PA Consulting and fed to a secure site, it was subsequently downloaded on to an insecure data stick and that data stick was then lost," she was reported to have said.

It's no surprise that the Home Secretary is taking a "zero tolerance" approach to firms being careless with personal information, after a string of high profile incidents.

Internal documents from the Association of Chief Police Officers (ACPO) leaked to The Daily Telegraph newspaper have revealed that the USB memory stick was lost after it was put in an unlocked drawer over the weekend by a female employee of PA Consulting.

A confidential briefing note from ACPO president Ken Jones to Andrew Hooke, the chief operating officer of PA Consulting, "expressed his deep dismay at the loss of such data and highlight the potential risks to the public that this may bring."

Too right mate. It is alarming how many of these accidental data loss incidents are coming to light - all of which could be mitigated by best practices such as ensuring that all sensitive information is properly encrypted.

* Image source: James F Clay's Flickr photostream (Creative Commons 2.0)

You might like

About the author

Graham Cluley is an award-winning security blogger, and veteran of the anti-virus industry having worked for a number of security companies since the early 1990s. Now an independent security analyst, he regularly makes media appearances and gives computer security presentations. Send Graham an email, subscribe to his updates on Facebook, follow him on Twitter and App.net, and circle him on Google Plus for regular updates.