Ministry of Defence under fire over 18 percent rise in data breaches

MoD logs 546 incidents of potential data breaches in the most recent financial year

Posted 18 January 2021 by Christine Horton

The Ministry of Defence (MoD) has seen an 18 percent rise in incidents of personal data loss, according to official figures.

In total there were 546 reported incidents of potential data breaches in the most recent financial year, up from 463 in the previous year (2018/19). In addition to these figures, seven incidents were so serious they have been reported to the Information Commissioner’s Office (ICO) for further investigation.

The data was contained in the Ministry of Defence’s recently published annual report and analysed by the Parliament Street Think Tank.

Breaking down the data, there were 49 reports classified under ‘loss of inadequately protected electronic equipment, devices or paper documents from secured Government premises’, in the most recent financial year, with an additional 19 incidents reported from outside of government premises. There were also 454 incidents logged under the general category of ‘unauthorised disclosure’.

The most serious seven incidents were reported to the ICO and the MOD Security Incident

Reporting Scheme (MSIRS) for further analysis. In July 2019, a sub-contractor incorrectly disposed of MOD originated material, leading to unauthorised disclosure of the personnel and health data of two former employees. Meanwhile in December 2019, criminal investigation files were lost during an archiving process, potentially putting 16 people at risk.

In February 2020, a recorded delivery package containing the claim for forms of five individuals was lost in transit between two stations, containing personnel and health data. Additionally, in March 2020, a whistleblowing report that had not been properly anonymised was issued. Although the document was deleted 32 hours after issue, it put the personal security of at least nine individuals at risk.

“Time and time again we see how simple incidents of human error can compromise data security and damage reputation,” said Tim Sadler, CEO of cybersecurity firm, Tessian. “The thing is that mistakes are always going to happen. So, as organisations give their staff more data to handle and make employees responsible for the safety of more sensitive information, they must find ways to better secure their people.

“Education on safe data practices is a good first step, but business leaders should consider how technology can provide another layer of protection and help people to make smarter security decisions, in order to stop mistakes turning into breaches.”