Personal information of hundreds of workers at the famous Eden Project in Cornwall were on a laptop stolen from the car of an employee working for Moorepay, the company that looks after the Project's payroll. Data included names, addresses, bank details, and pay rates relating to 500 employees.
"Suffice to say we are appalled at the lapse of security and are making sure that our personal data is never put in such a vulnerable position again,' Eden Project creator Tim Smit was reported as saying of the theft, which occurred on June 1.
Laptops have become the bane of the average security officer's life. Recent examples in the UK have included a remarkably similar one involving an outsourcing company that lost a laptop holding information on 16,000 employees of Worcestershire Council.
The most important in recent times, however, was the loss by the Nationwide Building Society of millions of customer account details on a laptop, stolen from an employee's house. The Financial Services Authority (FSA) made an example of the lapse, fining the company a record £980,000, even though there was no evidence that the data had been exploited.
Encryption specialist PGP jumped on the Eden theft as yet another example of the dangers of outsourcing complacency, especially where data was held in unencrypted form.
"Enterprises need to be more cautious regarding third-party companies that they share sensitive information such as payroll details with. Without a thorough assessment of the threat status of companies such as Moorepay, existing security policies can easily be rendered useless," said PGP Corporation's Jamie Cowper.
"Despite the fact that laptop thefts continue to occur, many companies are still ignoring their responsibilities towards stakeholders' personal information," he said.