Lost USB drive leads to lost contract

Graham Cluley
Graham Cluley
@[email protected]

USB memory stick

PA Consulting, the firm that misplaced a USB memory stick containing the unencrypted personal details of convicted British criminals, has had its £1.5 million contract with the UK government terminated.

The British Home Office sent the sensitive data via email to PA Consulting in encrypted form, but it was then copied – unencrypted – to a USB data stick that was subsequently lost.

Home Secretary Jacqui Smith says that PA Consulting’s remaining contracts – worth some £8 million a year – would be reviewed.

Sign up to our free newsletter.
Security news, advice, and tips.

“Our investigation has demonstrated that although the information was transmitted in an appropriately secure way to PA Consulting and fed to a secure site, it was subsequently downloaded on to an insecure data stick and that data stick was then lost,” she was reported to have said.

It’s no surprise that the Home Secretary is taking a “zero tolerance” approach to firms being careless with personal information, after a string of high profile incidents.

Internal documents from the Association of Chief Police Officers (ACPO) leaked to The Daily Telegraph newspaper have revealed that the USB memory stick was lost after it was put in an unlocked drawer over the weekend by a female employee of PA Consulting.

A confidential briefing note from ACPO president Ken Jones to Andrew Hooke, the chief operating officer of PA Consulting, “expressed his deep dismay at the loss of such data and highlight the potential risks to the public that this may bring.”

Too right mate. It is alarming how many of these accidental data loss incidents are coming to light – all of which could be mitigated by best practices such as ensuring that all sensitive information is properly encrypted.

* Image source: James F Clay’s Flickr photostream (Creative Commons 2.0)

Graham Cluley is an award-winning keynote speaker who has given presentations around the world about cybersecurity, hackers, and online privacy. A veteran of the computer security industry since the early 1990s, he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows, makes regular media appearances, and is the co-host of the popular "Smashing Security" podcast. Follow him on Twitter, Mastodon, Threads, Bluesky, or drop him an email.

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.