The latest entity to report the loss of a laptop with sensitive data is Her Majesty’s Royal Navy. The BBC reported that police are investigating the theft of a laptop from a Royal Navy officer that had the personal details of 600,000 new and potential recruits to the Royal Marines, Navy and Air Force. The data included doctors’ addresses for people who submitted an application to the forces, national insurance numbers, family and passport details; and bank details on at least 3,500 people.
Early reports are that the data was not encrypted.
This latest news comes as I’m finishing up a feature for Information Security magazine on laptop encryption. The main lesson, security experts tell me, is that these missing laptops would not rate a headline if only they had full-disk encryption.
Putting encryption on every laptop isn’t easy if you’re a company with limited financial resources and bandwidth. But in my view, there’s no excuse for an organization the size of the British Royal Navy to be putting unencrypted laptops in the field.
Now they get to learn the lesson the hard way.