It has just been reported that that the RAF data theft in September 2008, was far worse than original reported and includes of drug use, debts and affairs about RAF officers, which is not just embarrassing but could also be used to blackmail people.
To compound the problem this part of the data loss has only just been admitted.
According an “unnamed” Wing Commander who contacted the BBC the data theft not only include the usual information that we expect the government to lose, names, addresses, and bank details, but also “”details of criminal convictions, investigations, precise details of debt, medical conditions, drug abuse, use of prostitutes, extra-marital affairs including the names of third parties“.
This information would be there as it was part of the vetting procedure for those who work in classified areas. During the vetting procedures questions are asked about an individual’s personal life, so that detailed background checks can be made, the answers to those questions were stored on 500 files, it is these 500 files which were included in the theft of the USB drives.
Such detailed information would be excellent use for those who wish to threaten and/or blackmail RAF officers. The RAF did not inform parliament, or the ICO, that such a data loss/data theft has occurred or possibly the police, though this not clear at this point.
In its typically bland statement the MoD stated that “All individuals identified as being at risk received personal one-on-one interviews to alert them to the loss of the data, to discuss potential threats and to provide them with advice on mitigating action,” the statement says….There is no evidence to suggest that the information held on the hard drive… has been targeted by criminal or hostile elements.”
While the statement does not reveal much it does tell us that the data was not encrypted, and thatthe RAF does not think a targeted theft of USB drives is criminal activity.
Again, the question has to be asked: If secret information about those who handle top secret information, from AWACs communications to battle plans for wars, is not encrypted and protected, what do they encrypt?
This is not the first time the MoD has lost data, nor failed to use encryption.