Military personnel data disappears into the wild blue yonder

RAF aircraft book

A theft at a Royal Air Force base has left British authorities, already red-faced after a series of high-profile data breaches (click on each word), with another sticky situation.

This weekend it was revealed that three USB portable drives, containing the details of serving and former military personnel, have been stolen from the Service Personnel and Veterans Agency’s offices at RAF Innsworth in Gloucestershire.

The agency provides support services to some 900,000 people, either currently serving within the Ministry of Defence or retired, but it is unclear how many servicemen and women have been put at risk by this security breach.

According to an MOD spokesperson, “Two of the drives are believed to have contained potentially sensitive personal data relating to personnel who served in the Royal Air Force in recent years; the third hard drive did not contain any personal data. An investigation is being conducted by the MOD Police, with the support of Gloucestershire Police, and it would be inappropriate to give further details of the circumstances of the incident at this stage.”

Notice what is missing? Yep, there is no mention of whether the data on the drives was encrypted or not. In my view it would have been extremely appropriate to mention that in the MOD statement, as if proper encryption had been used then at least services staff would have some comfort that it would be very difficult for crooks to get up to shenanigans with the data.

* Image source: Bowbrick’s Flickr photostream (Creative Commons 2.0)