Troop secrets on lost USB stick found on nightclub floor

Graham Cluley
Graham Cluley
@[email protected]

In July I blogged about how the British Ministry of Defence has lost over 120 USB flash drives since 2004. A tabloid newspaper has now revealed the latest careless incident involving a USB stick, in this case the portable drive outlined a military training exercise for 70 soldiers.

Details of locations, travel and accommodation for the troops from the 3rd Battalion, Yorkshire Regiment, were included on the device which was found on the floor of a nightclub in Newquay, Cornwall. A clubber found the memory stick and passed it on to the national press.

In June, the Ministry of Defence published a report by Sir Edmund Burton identifying weaknesses in the British army, and ways in which it needs to do more to protect data on its laptops and USB sticks. The Burton review was instigated by a number of high profile and embarrassing data losses for the British authorities, including the theft of a Royal Navy laptop containing the personal information of 600,000 people in January.

Sign up to our free newsletter.
Security news, advice, and tips.

This latest incident of a USB stick being lost predates the publication of Sir Edmund’s report, but has only just come to light.

From these latest reports it sounds like while a soldier was enthusiastically doing the Macarena, the thumb-sized USB stick must have dropped out of his pocket and onto the disco floor. This wouldn’t matter of course, if the data was properly encrypted. If the information on the drive had been properly encrypted then the clubber who picked it up would never have known that the garbled data on it belonged to the military, and the newspapers wouldn’t have had their story.

What’s that? You don’t believe that soldiers do the Macarena?

Military Macarena
(Image source: Soldiersmediacenter’s Flickr photostream.)

Boogying soldiers aside, the litany of stories of lost data are not just a PR nightmare for the organizations involved. They also put the identities and – in some cases – lives of individuals at risk. Everyone, whether they be a home user or an employee at a multinational, needs to ensure that they are doing what they can to reduce the chances of identity theft.

* Image source for USB stick: Nedko’s Flickr photostream (Creative Commons 2.0)

Graham Cluley is an award-winning keynote speaker who has given presentations around the world about cybersecurity, hackers, and online privacy. A veteran of the computer security industry since the early 1990s, he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows, makes regular media appearances, and is the co-host of the popular "Smashing Security" podcast. Follow him on Twitter, Mastodon, Threads, Bluesky, or drop him an email.

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.