London: The Ministry of Defence (MOD) reported a total of 7 serious personal data related incidents to the Information Commissioner’s Office (ICO), with the data loss impacting 4,331 people.
The data was recently published in the Ministry of Defence’s Annual Report and Accounts 2020-21, and analysed by the law firm Griffin Law, observing the volume of personal data incidents and the number of people affects between April 2020 and March 2021.
According to the report, a total of 4,331 people were affected by the 7 data loss incidents with each incident reported to the ICO via the MOD Security Incident Reporting Scheme (MSIRS).
The largest data incident impacted 4,142 people, revealing details of students and parents due to an email associated with MOD schools’ people being compromised for 72-hours in February 2021.
Another incident saw a personal email sent to external organisations and international media outlets disclosing the names and home addresses of Ministry of Defence staff, impacting 147 employees.
An unredacted copy of criminal allegations were incorrectly passed to the accused in an administrative error, revealing the identity of the victim and witness statements, affecting 5 people.
The other four incidents, including images from a logbook detailing a person’s injury being posted to social media, impacted a further 36 people.
A further 552 incidents were recorded by the Ministry of Defence internally but were not deemed serious enough for reporting to the ICO, with unauthorised disclosures constituting the majority of the data loss incidents.
Donal Blaney, founder, Griffin Law, said: “Our courageous soldiers, sailors and air force personnel are willing to sacrifice their lives – often working under cover and in extreme conditions – so we can live in safety and freedom. The least the Ministry of Defence could do is keep these brave heroes’ personal data safe and secure. Instead, their identities, and potentially the safety of their families and friends, have been put at risk by superannuated MoD pen pushers who are not fit to lick their boots. The Information Commissioner needs to investigate these breaches and bring those responsible to justice”.
Tim Sadler, Co-Founder and CEO of Tessian, added: "People are handling more data than ever before, and with that comes the inevitability of human error. Mistakes happen and, unfortunately, they can result in serious incidents which compromise data security and privacy. For example, emails being sent to the wrong person continue to be one of the leading causes of data breaches today. Organisations, therefore, must have security measures in place to prevent people's mistakes before they turn into data breaches, and they must find ways to support staff who have access to large amounts of valuable or sensitive data to lower the risk of regulatory violations. It is critical that employees are given the training they need to make the right cybersecurity decisions and that security teams have greater visibility to respond quickly to incidents as and when they happen."