SecurityBrief Asia - Technology news for CISOs & cybersecurity decision-makers
Story image
Ministry of Defence reports 546 potential data breaches over the year
Tue, 19th Jan 2021
FYI, this story is more than a year old

UK's Ministry of Defence (MoD) is under fire due to a recent rise in data breaches.

In fact, the MoD has experienced an 18% rise in incidents of personal data loss, according to official figures.

In total there were 546 reported incidents of potential data breaches in the most recent financial year, up from 463 in the previous year (2018/19).

In addition to these figures, seven incidents were serious enough that they have been reported to the Information Commissioner's Office (ICO) for further investigation.

The data, contained in the Ministry of Defence's recently published annual report and analysed by the Parliament Street Think Tank, raises fresh questions about security risks facing public sector organisations.

Breaking down the data, there were 49 reports classified under ‘loss of inadequately protected electronic equipment, devices or paper documents from secured Government premises', in the most recent financial year, with an additional 19 incidents reported from outside of government premises.

There were also 454 incidents logged under the general category of ‘unauthorised disclosure'.

The most serious seven incidents were reported to the ICO and the MOD Security Incident Reporting Scheme (MSIRS) for further analysis.

In July 2019, a sub-contractor incorrectly disposed of MOD originated material, leading to unauthorised disclosure of the personnel and health data of two former employees.

Meanwhile in December 2019, criminal investigation files were lost during an archiving process, potentially putting 16 people at risk, the company reported.

In February 2020, a recorded delivery package containing the claim for forms of five individuals was lost in transit between two stations, containing personnel and health data.

Additionally, in March 2020, a whistleblowing report that had not been properly anonymised was issued on the subject of the report.

Although the document was deleted 32 hours after issue, it put the personal security of at least nine individuals at risk.

Cyber security expert Tessian CEO Tim Sadler says, "Time and time again we see how simple incidents of human error can compromise data security and damage reputation. The thing is that mistakes are always going to happen.

"So, as organisations give their staff more data to handle and make employees responsible for the safety of more sensitive information, they must find ways to better secure their people."

Sadler says, “Education on safe data practices is a good first step, but business leaders should consider how technology can provide another layer of protection and help people to make smarter security decisions, in order to stop mistakes turning into breaches."