Government contractor loses data on entire UK prison population

Another month, another high profile government data breach. This time the blame lies with a contractor, PA Consulting, which mislaid a USB storage device containing unencrypted data on the entire population of the UK’s prisons.

According to a Home Office spokesperson, amongst the data were the home addresses of 30,000 repeat offenders and 10,000 “prolific and priority offenders.”

The data came from the government’s JTrack system, which allows police to monitor the whereabouts of convicted criminals and for which PA Consulting provides support. The breach lends weight to research conducted by Verizon Business that found that business partners and outsourcers are the number one data security threat.

PA Consulting informed the Home Office that it had lost the data on Tuesday. The Home Office contacted police yesterday.

Ironically, PA Consulting was in 2004 selected as consulting partner for the government’s controversial ID card scheme.

High profile data breaches such as the above are seen by ID card opponents as evidence that the government cannot be trusted to run an identity database, while proponents argue they underline the need for a centrally-managed identity control system.

Further reading

Vast scale of illegal data trade exposed in Germany

The business partner risk
Business partners should be regarded as the greatest security headache, according to recent research

The return of the ID card debate
The UK government’s embarrassing loss of 25 million citizens’ personal details has reignited the ID card debate

Find more stories in the Security & Continuity Briefing Room

Pete Swabey

Pete Swabey

Pete was Editor of Information Age and head of technology research for Vitesse Media (now Bonhill Group plc) from 2005 to 2013, before moving on to be Senior Editor and then Editorial Director at The...

Related Topics