MoD and Home Office declare almost 1000 lost and stolen devices

Apricorn, a manufacturer of software-free, 256-bit AES XTS hardware-encrypted USB drives, has announced annual findings from Freedom of Information (FoI) requests submitted to 14 government departments into the security of devices held by public sector employees.

The Home Office has declared 469 lost and stolen devices between September 2021 and September 2022, with the Ministry of Defence (MoD) not far behind with 467 mobiles, tablets, and USB devices unaccounted for.

Additionally, Her Majesty’s Revenue and Customs (HMRC) declared 635 lost and stolen devices including 387 mobiles, 244 tablets, and 4 USB drives, a 45 per cent increase on the numbers shared for the same period in 2020-2021 (346) and 40 per cent more than 2019-2020 (375).

Further to that, the Department of Business, Energy, and Industrial Strategy admitted to 204 lost and stolen devices, almost double the 107 declared in the previous year. The Prime Minister's Office also reported 203 misplaced devices.

Jon Fielding, Managing Director, EMEA Apricorn said, “We have asked these same questions via these FoI requests for the last 3 years and whilst it’s not surprising to see devices unaccounted for, we would hope to see the numbers declining as cybersecurity becomes more established. Robust, regularly reviewed, and tested policy and practice, with appropriate technology choices and implementation, supported by education and comprehensive backup and recovery strategy, is a must for optimum protection.”

Research into the MoJ Annual Report which covered April 2021-March 2022, uncovered many breaches declared to the ICO including the disclosure of a COVID status spreadsheet of 1,800 staff and offenders sent by email to all staff within a prison. This contained confidential data for offenders and staff, including health data. Another 1400 MoJ employees were potentially affected when a compromised Office 365 account allowed access to personal data.

Further to that, there were 5,782 security incidents that were not deemed necessary to report to the Information Commissioner’s Office for 2021-22, including loss or theft of information assets from secured government premises and outside secure premises, as well as insecure disposal of inadequately protected electronic equipment, devices, or paper documents.

Jon said, “it’s worrying to think that a government entity that holds so much responsibility and retains so much sensitive and personal information, can pose this much risk. The number of recorded security incidents, whether reported to the ICO or not, should alarm security teams. A good place to start would be through education and awareness. It’s not simply about putting critical policies in place, but equally ensuring that awareness is maximised among employees so that the risks associated with applications, actions, and devices are understood.”

The Foreign, Commonwealth, and Development Office (FCDO) Annual Report for 2021-22 recorded 117 personal data incidents between March 2021 and April 2022 - 96 were considered personal data breaches under the UK General Data Protection Regulation (UK GDPR), 76 of which were deemed human error 76, 2 were tech issues, 10 resulting from partners across government (PAG) and supplier and 8 were deliberate contraventions. The FCDO also had 16 incidents considered serious enough to be reported to the Information Commissioner’s Office.

The Department for Education (DfE) confirmed the loss and theft of 356 devices, including 296 USB drives. With so many USB devices unaccounted for, it further highlights the importance of encryption on portable drives to keep data safe when moving beyond the confines of the government network.

Despite the number of devices missing in action, when questioned on the security of these devices, all the government departments asked, and confirmed the missing devices were all encrypted as standard.

Jon added, “the good news is that encryption is obviously recognised, and in the case of government departments, mandated, as a critical component of device security. Hardware encrypted storage devices should be provided as standard to ensure that any sensitive data held on them should always be unintelligible if they happen to be misplaced and fall into the wrong hands. Additionally, encryption should be combined with the automation and enforcement of security policies through technology wherever possible.”

More News
9 hours ago
Data management more complex as cloud deployments diversify
Nutanix, experts in hybrid multi-cloud computing, has announced the findings of its fifth global Enterprise Cloud Index (here) survey and research report, which measures enterprise progress with cloud adoption.
12 hours ago
Offploy selects Conga to cut paperwork
Conga, experts in scalable revenue lifecycle management solutions, has announced that Offploy, a UK-based social enterprise, has implemented Conga solutions, including Conga Composer, Conga Grid, and Conga Sign, to build a software system that supports the company’s mission of supporting the rehabilitation of people with criminal records.
13 hours ago
Optoma launches trio of new laser projectors
Optoma, a manufacturer of visual solutions has announced three new ultra-compact, short-throw DuraCore laser projectors designed to bring high brightness, dependability, and cutting-edge image technology into conference rooms, boardrooms, and other corporate spaces.
1 day ago
A quarter of UK retailers now exclusively offer digital receipts
New research of UK retail outlets has revealed that 84 per cent of stores now offer digital receipts and 24 per cent no longer offer paper alternatives at all.
1 day ago
New ISO/IEC 19770-1 certification program announced
Less than one month after launching the ISO/IEC 19770-1 certification scheme for IT asset management, the ITAM Forum has announced a new program to help end-user organisations achieve ISO ITAM certification.
1 day ago
M-Files achieves record growth in 2022
M-Files, experts in information management, has achieved 33 per cent year-over-year (YOY) growth in subscription revenue and 40 per cent growth in new customer sales in 2022.
1 day ago
Financial institutions transition to net-zero economy with Normative
Financial institutions face some of the strictest climate disclosure requirements of any sector. Normative’s new product update automates the process of accurately calculating financed emissions private equity firms, VCs, and other financial institutions.
2 days ago
Call centre provider to integrate ChatGPT into service offering
Communication software and cloud solutions provider Daktela has become the first call centre as a service (CCaaS) provider to integrate ChatGPT directly into its platform.
2 days ago
Legrand to transform workspace furniture with Incara
Legrand UK & Ireland has announced the launch of Incara, a new product range of multi-functional, economic power devices for the modern workspace.
2 days ago
Maximising productivity in a remote work environment
The experts at, whilst researching the work-from-home culture, discovered that 66 per cent of women preferred working from home and 54 per cent of men preferred working from home.

Login / Sign up