‘A huge national security risk’: Thousands of government laptops, tablets, and phones are missing and nowhere to be found

The UK government has lost over 2,000 laptops, phones, and tablets within the last two years, according to a freedom of information disclosure.

Figures first published by The Guardian show that, combined, the lost devices are worth more than £1 million, but experts told ITPro that the real issue is the cybersecurity risk they pose.

Devices reported as either lost or stolen from the Department for Work and Pensions totaled 240 missing laptops and 124 missing phones in 2024.

The Ministry of Defence recorded 103 missing laptops and 387 missing phones, while the Cabinet Office is said to have lost or had stolen 66 laptops and 124 phones.

Missing devices were recorded across 18 Whitehall departments and public authorities in the last year, which included the Bank of England, HM Treasury, and the Home Office.

The Bank of England told The Guardian that it “takes the security of devices and data very seriously and has suitable protection in place”.

ITPro has approached the UK government for comment, but in a statement given to the publication, said: “We take the security of government devices extremely seriously, which is why items such as laptops and mobile phones are always encrypted so any loss does not compromise security.”

Lost government devices are a security nightmare

While the financial cost of this loss is substantial, the greater concern is the cybersecurity risk presented by the loss or theft of these devices, according to James Castro-Edwards, counsel for multinational law firm Arnold & Porter

“Sophisticated hackers can break into such devices, potentially opening a ‘back door’ to government departments,” Castro-Edwards told ITPro. “This is particularly concerning when hackers are not only organized criminal gangs, but hostile nation states.

“Where the affected government department handles sensitive information, for instance, the Ministry of Defence or the security services, this creates a huge national security risk.”

Castro-Edwards said it’s crucial that all organizations implement “rigorous technical security measures” such as encryption and strong password protection to ensure devices remain secure.

Stolen devices play a crucial role in the cyber criminal economy, according to Boris Cipot at cybersecurity firm, Black Duck, underlining the dangers posed by lost government hardware.

"Stolen hardware is often ‘refurbished’ and then sold as used devices,” he explained. “This is because modern encryption software on these devices makes it difficult to access the data stored on hard drives or other storage media.”

“However, even the most advanced encryption is ineffective if the encryption key or user password is weak,” Cipot added.

With this in mind, Cipot said organizations should not solely rely on the “technical capabilities of protection software”. Passwords used to access and disable encryption must be robust.

“For government-issued laptops and phones, it is particularly recommended to implement MFA,” he said. “MFA can take the form of digital methods, such as biometric verification, or physical methods, such as a USB key or ID card.”

“This additional layer of security significantly enhances the protection of sensitive data and reduces the risk of unauthorized access, further ensuring uncompromised trust in software."

MORE FROM ITPRO

• Cyber attacks have rocked UK retailers – here's how you can stay safe
• What good laptop security looks like today
• The NCSC wants developers to get serious on software security