main
Report a problem

Pension details of 109,000 members on stolen laptop

Sam Alderwick   on 28 May 2009 - 18:13 · 30 comments & 4743 views

Advertisement (Why?)
A laptop which contained the personal details of 109,000 pensioners in the UK has been stolen, according to an article from the BBC. The laptop was stolen from an office in Buckinghamshire, and was not encrypted, although it was protected by a password, the Pensions Trust said.

The office was owned by NorthgateArinso, who provide the Pensions Trust with software.

The Pensions Trust made a press release regarding the incident, and in it said "we can confirm that a laptop containing some confidential data of The Pensions Trust's has been stolen from the Marlow office of our external software providers, NorthgateArinso."

"The view of the police and NorthgateArinso is that this was an opportunistic theft and that the laptop itself was the thief's target. NorthgateArinso has assured us that the data was password protected and as such, not easily accessible."

The theft has been reported to the Information Commissioner, as well as CIFAS, the UK's fraud prevention service. In addition, each pensioner has had a letter sent to them explaining the situation.

According to the BBC article, the database contained the names, addresses, dates of birth, employers, national insurance numbers, salary information, and even bank details for members who were actually receiving pensions. This is the latest in a string of confidential data losses that the government has faced, although in this case the incident took place at an external company's office. The laptop was stolen on 23 March, presumably kept quiet as a security precaution.

Share this Article

  • Technorati
  • Magnolia
  • Stumble upon it
  • Reddit
  • Blink List
  • Delicious
  • Slashdot
  • Furl
  • Facebook
  • Windows Live
  • Google
  • Newsvine
  • Yahoo
  • RawSugar
  • Netvouz

About the Author

Full name: Sam Alderwick
User name: Sazz181
Contact: via forum PM
Submissions: View All
More: View Bio   New!

Related news

 

Post a comment · Send to friend Comments · There are 30 additional comments
(4 replies) #1 starburst1980 on 28 May 2009 - 19:01
Password? Can be cracked in modern day times in max a day.
#1.1 Sazz181 on 28 May 2009 - 19:09
Yep, I left my opinion of the security of that out of the article, but maybe they have some other system in place too, that they didn't mention.

This is what happens when we get external sources to do government work. Even if it costs less, events like this don't make it worth it.

My 2c of course
#1.2 CFer on 28 May 2009 - 21:45
government is not efficient, that's why they contract projects. One way they can improve on these spillages, is to have requirements for contractors; security standards and overall ways of doing business.
#1.3 UHYVE on 29 May 2009 - 03:00
Technically, that's already part of UK law. According to the UKs Data Protection Act; personal information stored by a company has to have "adequate security". Otherwise the company leaves themselves open to a rather large lawsuit... you know like in this case... where there are 109000 people who are victims of a company's stupidity.

I mean really. Storing 109000 people's information on a LAPTOP. Laptops are MEANT to be portable, at least store confidential data on something that can't be easily stolen.
#1.4 vvtunes on 29 May 2009 - 14:12
If this was just an opportunistic theft, then why leak this information to the press? That laptop's value has just skyrocketed. Otherwise, the hard drive's data could have been unsuspectingly erased. Hope that encryption algorithm is really strong.
And still keeping sensitive information in laptops... what were they thinking?
(2 replies) #2 +stevember on 28 May 2009 - 19:11
Gordon Browns fault, he should been watching it.
#2.1 Sazz181 on 28 May 2009 - 19:19
I hope you were being sarcastic
#2.2 +stevember on 28 May 2009 - 21:26
Sazz181 said,
I hope you were being sarcastic


Yes, but he'll get blame.
(1 reply) #3 eblkheart on 28 May 2009 - 19:51
I just don't get why this information is being kept on Laptops. This is complete stupidity recklessness.
#3.1 smooth_criminal1990 on 28 May 2009 - 20:02
thing is, they probably aren't willing to implement/come up with a better solution, as it would cost money...although they could have at least encrypted it I suppose, to slow down any potential cracking attempts.
(1 reply) #4 4tehlulz on 28 May 2009 - 19:59
The password is "12345".
#4.1 s3n4te on 28 May 2009 - 20:37
Hey how did you know my Neowin account password?
(6 replies) #5 Randomiser on 28 May 2009 - 20:16
Why can't they store the data on a remote server and access it over a vpn :/
#5.1 Popcorned1 on 28 May 2009 - 20:35
That's logical
#5.2 _dandy_ on 28 May 2009 - 21:28
Popcorned1 said,
That's logical


...and there's your answer. Governement and logic can't be used in the same sentence.

But that's exactly right. A laptop is not the place to keep 100K+ records--why were they there to begin with?
#5.3 aarste on 28 May 2009 - 22:50
Cos UK bandwidth is slow and costly? LOL.
#5.4 McDave on 29 May 2009 - 00:15
Well if they spent that money keeping our data secure instead of pools in their second home...
#5.5 Neo Razgriz on 29 May 2009 - 01:17
aarste said,
Cos UK bandwidth is slow and costly? LOL.


Ha! Have you been to Australia lately?
#5.6 _dandy_ on 31 May 2009 - 14:26
aarste said,
Cos UK bandwidth is slow and costly? LOL.


Bandwidth has little to do with it. You leave the data on the server and get the server to do the work for you. If you have to pull the data down to your machine (100K records at a time), you're doing something wrong.
#6 Lock on 28 May 2009 - 20:53
big company + important data = lapse security
#7 xSuRgEx on 28 May 2009 - 22:18
Why can't they store the data on a remote server and access it over a vpn :/

becasue that would reqire the person asscessing the database to havemore than 2 brain cells. + it means havging to "train the monkey" and that costs money, money which isnt there to spend becasue the loca MP spends it on light bulbs and a morgage he / she "forgot" had been paied for.

information like this needs to be kept off portable computers and properly incrypted why this data wasnt is something of a Joke and who ever was responsible for the data on that laptop needs to be fired.

they said the data was password protected, what with exctly? a microsoft Access password? LMAO
#8 n_K on 28 May 2009 - 23:01
AGAIN, this is the what, 15th time this has happened to the government and all they have on it is a 'password'. Oh **** it could be an access password for all we know which can be viewed without even having to crack it, seeing at they are probably still using office 2000.

They do NOT learn, the entire government system needs to be scrapped and replaced.

EDIT: I just read the post above me, "a microsoft Access password? LMAO", haha, so true! =P
#9 McDave on 29 May 2009 - 00:10
Think the goverment should actually hire people that know a thing or two about IT, saying its ok we use a password is the stupidest thing I've heard.

The goverment keep track your cars, give you ID cards, moniter internet usage etc. Then when we object they say it's ok the data is safe. Sorry there is more chance of believing pinocio.
#10 carmatic on 29 May 2009 - 06:22
now you see the fuss about this 'big brother' society that people seem to be talking about?
id cards, databases, monitoring, etc...

getting more and more data != keeping the data secure
#11 Erikas on 29 May 2009 - 06:40
Isn't there software available that tracks the laptop via a wireless access points the moment it is turned on (without the need to log-on)? I am sure I have read about stuff like that. Maybe something to invest in for laptops that contain vital information.
(2 replies) #12 xSuRgEx on 29 May 2009 - 09:05
yes there is software that does escatly that, IIRC most modern dell laptops have a tracking feature built into the bios. the dell inpiron 1300 i used to own had this feature.

even if the software was given to them for FREE i doubt they would use it. this is our data the have in their hand and if they cant protect it properly then some thing has to be done about it.

who here would leave the door to their home unlocked when they leave and not bother to enable the alarm system that was already fitted when you moved. ?
#12.1 CheeseFart on 29 May 2009 - 10:05
doesn't stop a person from removing the hard drive and using an external case
#12.2 xSuRgEx on 30 May 2009 - 09:54
CheeseFart said,
doesn't stop a person from removing the hard drive and using an external case


whats that got to do with anything, if the damn hdd was encrypted the data on hdd would be totaly useless to the person who stole it.

their are FREE tools available to download from the internet that encrypt a users HDD so there is no excuess in todays socioity.

its just lazy ass end users who dont bother to use them, even a windows xp login pass word isnt enough to protect the system.

thinking back to the artical they said it was protected with a password well most of us here would know how to get around that small problem. That is not
what id call adequate security.
#13 PredatoUK on 29 May 2009 - 17:56
As a Security Manager, one of the biggest problems is financing technologies such as encryption. Most businesses know the risk, but they still put it to the back of the queuedue to the cost of implementation.

Laptop users still have a responsibility to keep their device secure and quite often its down to them being lazy.

Perhaps the only benefit is its one of many problems that keep people like me employed
#14 kerneltie on 30 May 2009 - 04:40
Don't worry guys, it had a password!

Commenting has either been disabled on this article or you are not logged in. Click here to login or register, its free!

Note: Anonymous commenting is disabled in order to keep the quality of responses to a high standard.

Advertisement (Why?)
News powered by Neowin Management System (Build - 5.0.1387) © 2000 - 2008 Neowin.net