British MoD Screws 600,000 Recruits

The bad news is that 600,000 people may have their personal information exposed because one idiotic recruiter left his unencrypted laptop in his car overnight and it was stolen.

The good news is that the MoD seems to know how to cut through red tape and get things done when it needs to. It recalled all laptops and made sure they were using disk encryption if you can believe this article here by the Register:

Defence minister Des Browne has admitted that the Ministry of Defence (MoD) has lost not one, but three laptops containing unencrypted information since 2005.

Last week, it emerged that the MoD had lost a laptop containing the personal details of 600,000 people who had expressed an interest in joining the armed services.

The laptop was stolen from a junior Naval officer, who had left the machine in a car parked overnight in Edgbaston, Birmingham. West Midlands police are investigating the theft.

Talking to Parliament yesterday, Browne said: “It is not clear to me why recruiting officers routinely carry with them information on such a large number of people or why the database retains this information at all.”

Ministers were told of the theft on 11 January, but believed at the time that the data was encrypted. They were told it was not encrypted on 14 January. By 18 January all other MoD laptops were recalled and secured.

The reason I am suspicious that all laptops were recalled and secured is that it would take a massive effort to strip the laptops from its officers, apply new disk encryption software or verify that security measures are in place. In the US, the military can’t even agree on a single standard, and each branch of the military uses different security software.