List of UK government data losses

From Wikipedia, the free encyclopedia
Jump to: navigation, search

The following is a list of UK government data losses. It lists reported instances of the loss of personal data by UK central and local government, agencies, non-departmental public bodies, etc., whether directly or indirectly because of the actions of private-sector contractors. Such losses tend to receive widespread media coverage in the UK.


Date Department Number of
records lost
Narrative References
2013 Serious Fraud Office Documents related to the investigation of BAE Systems were lost accidentally. The data amounted to 32,000 physical pages of text, 81 tapes of audio, and other electronic media. [1]
2013 November Suffolk County Council An unencrypted USB memory stick was found containing information from the county’s adult and community services department. It had internal memos and copies of e-mails about forthcoming projects – and it also had tables containing the names of clients. [2]
2013 July NHS Greater Glasgow and Clyde 60 A folder containing patient records was found in a car park and handed in by a member of the public. [3]
2012 Greater Manchester Police over 1000 An unencrypted USB stick containing details of witnesses with links to serious criminal investigations that was being kept in a police officers house was stolen in a burglary. The force paid £120,000. [4] [5]
2012 South London NHS Trust 600 Records on 600 maternity patients and their newborn children were lost by misplacing unencrypted USB sticks. [6]
2012 May NHS Surrey 3,000 Computer used by the NHS was sold on auction website eBay without being properly cleansed of patient records. [7]
2012 February Office for Nuclear Regulation (ONR) A memory stick containing a safety assessment of a nuclear power plant in north-east England has been lost by an official. The unencrypted USB pen drive, containing a 'stress test' safety assessment of the Hartlepool plant. [8]
2011 February Powys County Council A file containing details of a child protection case was leaked accidentally. The council was fined £130,000. [9] [10] [11] [12]
2010 September Brighton General Hospital Hard drives containing patient data were stolen. [13] [14]
2008 November Department for Work and Pensions n/a USB memory stick, apparently encrypted and containing passwords for an old version of the Government Gateway, a website giving access to millions of records of personal data. [15][16]
2008 October Ministry of Defence 1,700,000 Hard drive being held by contractor EDS is found to be missing. [17] [18]
2008 September Service Personnel and Veterans Agency 50,500 Three USB portable hard drives with details of staff are allegedly stolen from a high security facility at RAF Innsworth. The Agency holds records on 900,000 current and former personnel. Stolen records included sensitive information about the private lives of senior staff. [19] [20] [21]
2008 September National Offender Management Service 5,000 A hard drive containing details of 5,000 employees of the National Offender Management Service was lost by EDS. [22]
2008 September Insolvency Service 400 Names, addresses and bank details of up to 400 directors of 122 firms were lost when four laptops were stolen from a Manchester premises. [23]
2008 September Tees, Esk and Wear Valleys NHS Trust 200 Memory stick with details of patients found in a public park. [24]
2008 August Home Office 84,000 PA Consulting lost an unencrypted memory stick containing details high risk, prolific and other offenders. [25]
2008 August Colchester Hospital University NHS Foundation Trust 21,000 A manager's unencrypted laptop holding patient addresses and treatment details is stolen from his car whilst on holiday in Edinburgh [26]
2008 January Royal Navy 600,000 A Royal Navy officer's laptop was stolen that contained the details of 600,000 applicants and others who had expressed interest in joining the Armed Forces including both the Navy, Marines and Air Force. [27]
2007 December Department for Work and Pensions 45,000 West Yorkshire benefit claimants' in data lost. [28]
2007 December Department for Work and Pensions 000s CDs with personal data found at the home of a former contractor. [29]
2007 November City and Hackney Teaching Primary Care Trust 160,000 "Heavily encrypted" disks containing details of children are lost by couriers. The loss prompted the agency to implement hard drive and USB memory stick encryption systems across all PCs. [30]
2007 November Foreign and Commonwealth Office 50,000 Details of visa applicants were made available on an FCO website. [31]
2007 November HM Revenue and Customs 25,000,000 Two CDs containing details of the families of child benefits claimants went missing in the post. HMRC's handling of data was described as "woefully inadequate" and staff were described as "muddling through" in a June 2008 Independent Police Complaints Commission report. [32] [33] [34] [35]
2007 July Ministry of Justice 5,000 Hard disk with details of HM Prison Service staff is lost on the premises of EDS. [36]
2007 May Driving Standards Agency 3,000,000 Hard disk with details of candidates for the driving theory test was lost in a premises in Iowa by subcontractors. [37]
2007 May Foreign and Commonwealth Office 50 Details of individuals made public after "unauthorised disclosure by a contractor" [38]