The information was being sent to the DLVA office in Swansea through Parcelforce in response to a safety recall by manufacturers. The agency said, however, that the discs contained details on 7,685 vehicles and more than 6,000 drivers.

The DVA added that the discs were not encrypted and did not contain personal details on the drivers. The data included the driver's name, address, registration mark of the vehicle, chassis number, make and colour.

Public domain

On the same day Leeds Building Society sent an email to its staff, warning of the loss of all 1,000 employees’ salary and banking details after an internal move of its human resources and executive management team.

In the email, the building society said that, whilst every care had been taken, some information “is yet unaccounted” for in the move from the first to the fourth floor.

"This contains the details you receive on your payslip, some of which is already in the public domain (i.e. on cheques, in the telephone directory etc). We believe that the details are still in the building and are doing all that is possible to confirm this,” the company said.

It added that the missing information is not sufficient in itself to allow an unauthorised person to access a building society or bank account, but asked staff to be vigilant.

IT spending priorities 

Data security firm Check Point says that these leaks reinforce its recent research findings on vulnerabilities in UK businesses.

In November 2007 Check Point commissioned a survey of 140 senior IT staff, IT managers and directors in public and private UK companies. It asked if the child benefit data leak at HM Revenue and Customs would change their IT spending priorities.

Sixty-five per cent said the HMRC leak will not change their company IT spending priorities, whilst  just 11 per cent of respondents said that it would.

Nick Lowe, Check Point’s regional director for Northern Europe, says that a majority of the companies surveyed felt that they were safe against data loss. Over half of them did not have the basic security measures in place, however, to stop the type of employee behaviour that caused the leak at HMRC.

Solutions are easily available to control the use of CD drives and USB memory devices on PCs, for around £20 per computer or laptop. The solutions automatically encrypt ALL data being sent to these media, and cannot be disabled or got around by ordinary employees.

Encryption solution 

Lowe recommends that any sensitive data has to be protected wherever it is, by encryption. If the encryption is automated, then users cannot stop it, or affect it. This protects employees and organisations from their own security mistakes.

The survey revealed, however, that the organisations surveyed are still running the risk of data loss similar to HMRC.

Less than half of respondents (48 per cent) said their organisation had an encryption solution to protect sensitive data, while 40 per cent of the sample said their company did not have encryption, and a worrying 12 per cent did not know if encryption was in place.

The research also showed that business PCs, laptops and mobile devices are vulnerable to threats. Just 39 per cent of respondents said their company had an endpoint security solution, to protect PCs against unauthorised access or malware. 37 per cent did not have endpoint security, and 25 per cent were unable to say if they had or not.

The survey also showed that companies strongly agree (85 per cent) with mandatory notification of affected parties in the event of a data breach, as is the law in the US.

Just 9 per cent disagreed. 36 per cent of respondents thought immediate dismissal was appropriate for parties causing data leaks on the scale of the recent HMRC loss.

“Companies seem to be saying that ‘it can't happen here’, while not being able to stop it if it does,” Lowe concludes.

Related articles

• HMRC breach 'godsend' for security professionals
• Fasthosts aapologises after sites are hacked
• Half of employers now ban Facebook
• Online sales hit record in July

Related links

• DVLA
• Leeds Building Society
• Check Point