The Ministry of Justice (MoJ) has exposed a colossal amount of sensitive public data over a period of 12 months, according to data found in MoJ’s annual report for 2019/20.
Hundreds of thousands of sensitive files have been leaked by MoJ, mostly due to human error, in the past year.
Reports sent to the Information Commissioner’s Office (ICO) by the UK MoJ contained 17 serious data breaches in total over the 12 months, affecting more than 120,000 people.
It was stated that the incidents reported mostly came down to “sloppy and reckless behavior – e.g lost unencrypted USB drives, emails being sent to the wrong people, or equipment such as smartphones and mobile phones being stolen from official vehicles or even homes.”
And one involved “technical error related to a sub-processor. This incident has made various files on a staff training database briefly accessible to unauthenticated users. The database was downloaded twice, once fully and once partially.”
Astonishingly, separate to the 17 serious incidents, it has been revealed that the MoJ allegedly recorded 6,425 additional data incidents, which it described as “not substantial enough to report to the ICO”. 5,445 incidents were described as “unauthorised disclosure”, with left 823 classified as loss of ‘inadequately protected electronic equipment, devices or paper documents’.
Tim Sadler, CEO at Tessian said accidents are “human nature”. It’s up to organisations to make sure the risk of error is minimal, and they can do that by putting in place proper measures. He said:
“As organisations expect people to be responsible for more and more sensitive data, measures must be in place to prevent the mistakes that compromise security. Failure to do so could result in regulatory fines and ruined reputations,” he said.