A report by Glasgow City Council has revealed a series of security failings that have potentially put sensitive data at risk after an internal audit.
Scotland's largest council carried out an audit of its IT estate following the theft of two laptops in May, only to find that some 286 laptops and 487 desktop PCs were unaccounted for, as well as close to 100 other items, such as smartphones and memory sticks. According to the report, an additional nine incidents of theft involving 37 pieces of equipment were recorded from council departments throughout the city.
Perhaps more startling is the revelation that the council does not encrypt data held on its desktop PCs and laptops as a matter of course. The two computers stolen earlier in the year contained details of approximately 17,000 bank accounts belonging both to major businesses and individuals.
Organisations should act as responsible custodians of sensitive information they are charged with.
A spokesman for Glasgow City Council admitted to IT Pro that the report shows the council has been poor at keeping accurate records of its IT equipment.
"We are now dealing with that situation and with the unencrypted IT equipment," he said.
This is not the first high profile data loss suffered by the UK's third city. In 2009, a similarly unencrypted USB stick containing personal details of listed sex offenders was lost and found its way into the hands of the media.
Chris McIntosh, CEO of security and communications specialists ViaSat UK said this latest report is merely the latest in a string of data leaks suffered by the public sector.
"A recent FoI request from the ICO found that local government accounts for a disproportionate amount of data breaches: Glasgow City Council's loss of 750 devices ... supports these findings by demonstrating a seriously flawed approach to protecting the sensitive information of customers and constituents," said McIntosh.
"Organisations should act as responsible custodians of sensitive information they are charged with and ensure that any contractors or external organisations they work with are held to the same level of accountability. Furthermore, data should be secured and wherever possible encrypted to ensure audits like these no longer throw up such dour surprises in future," he added.
-
What is polymorphic malware?Explainer Polymorphic malware constantly changes its code to avoid detection, making it a top cybersecurity threat that demands advanced, behavior-based defenses
-
Outgoing Kaseya CEO teases "this is just the beginning" for the companyOpinion We spoke to Fred Voccola who remains a key figurehead at the firm as it enters its next chapter...
-
Capita tells pension provider to 'assume' nearly 500,000 customers' data stolenCapita told the pension provider to “work on the assumption” that data had been stolen
-
Gumtree site code made personal data of users and sellers publicly accessibleNews Anyone could scan the website's HTML code to reveal personal information belonging to users of the popular second-hand classified adverts website
-
Pizza chain exposed 100,000 employees' Social Security numbersNews Former and current staff at California Pizza Kitchen potentially burned by hackers
-
83% of critical infrastructure companies have experienced breaches in the last three yearsNews Survey finds security practices are weak if not non-existent in critical firms
-
Identity Automation launches credential breach monitoring serviceNews New monitoring solution adds to the firm’s flagship RapidIdentity platform
-
Neiman Marcus data breach hits 4.6 million customersNews The breach took place last year, but details have only now come to light
-
Indiana notifies 750,000 after COVID-19 tracing data accessedNews The state is following up to ensure no information was transferred to bad actors
-
Pearson fined $1 million for downplaying severity of 2018 breachNews The SEC found the London-based firm made “misleading statements and omissions” about the intrusion
