Identification, Infosecurity

USB stick containing massive prisoner data lost

By Alice Kok | 9 October 2008

Unencrypted data on all 84,000 prisoners in England and Wales has gone missing after a Home Office contractor lost a USB stick on which it had been stored. “Rigorous” searches had failed to uncover the whereabouts of the memory stick and its cachet of sensitive information.

View photos

Related Categories

• IDENTIFICATION
• INFOSECURITY

From this Section

• NEWS

The missing USB stick contains data relating to all prisoners in England and Wales—84,000 names, dates of birth, and in some cases, expected prison release data and date of Home Detention Curfew, data relating to prolific and other priority offenders (approximately 10,000 individuals’ names and dates of birth, but not addresses), and Drug Interventions Programme data with offenders’ initials but not full names.

The Home Office issued a statement saying that they were aware of the security breach and that the “data was held in a secure format on the contractor’s site”. The information was downloaded onto a memory stick for processing purposes which has since been lost.

It refused to comment on whether security measures should have been in place to prevent unencrypted data being transferred onto a USB stick, and what security requirements the Home Office has for external contractors who handle sensitive data.

David Smith, Deputy Information Commissioner said, “It is deeply worrying that after a number of major data losses and the publication of two government reports on high profile breaches of the Data Protection Act, more personal information has been reported lost. Personal information can be a toxic liability if it is not handled properly and reinforces the need for data protection to be taken seriously at all levels.”