UK Privacy Debacles

From ORG Wiki

This page catalogues UK Privacy debacles, inspired by this (US-centric) article in Wired magazine: [1]

Summary	Records	Date	Organisation	Breach Type	Organisation Type
The Rural Payments Agency (RPA) has lost computer tapes containing the bank details, addresses, passwords and security questions of more than 100,000 farmers	100,000	2009-10-29	Rural Payments Agency	Lost Media	Government Department
The Ministry of Justice lost an encrypted memory stick containing budget spreadsheets which included the names, national insurance and employee numbers of 1,500 MoJ staff	1,500	2009-09-23	Ministry of Justice	Lost Media	Government Department
Demon Internet sent thousands of business and government subscribers an email containing 3,681 customer records on it Entries include names, emails, telephone numbers, user name and password.	3,681	2009-09-23	Demon Internet	Email	Company
NHS Education for Scotland have had a laptop stolen containg unencrypted data on 6,377 applicants for medical training positions The information included names, addresses, phone numbers and summaries of the applicants, as well as monitoring information relating to equality and diversity.	6,377	2009-09-10	NHS Education for Scotland	Theft	NHS
Wigan Council has lost unencrypted data on 43,000 school pupils, when a laptop was stolen	43,000	2009-09-04	Wigan Council	Theft	Council
Home Office lost the personal details of 377,000 people on a memory stick 250,000 of the records comes from the Drug Interventions Programme and is an estimate of the number of times the programme was accessed by individuals.	377,000	2009-08-27	Home Office	Lost Media	Government Department
East Sussex Council have lost the names, addresses and passport numbers of 73 East Sussex Youth Orchestra musicians in a ferry toilet	73	2009-08-26	East Sussex Council	Lost Document	Council
Surrey County Council's adult and children's services departments has had 11 laptops and five BlackBerry phones stolen Data affecting thousands of children and families is involved. Some of this was encrypted but at least 7,000 childrens records where not encrypted.	7,000	2009-08-24	Surrey County Council	Lost Laptop	Council
London Borough of Sutton has lost the details of over hundred people. These included the loss of a paper file which contained personal data relating to 73 individuals receiving social care and the theft of two unencrypted laptops. One laptop contained social care data of 39 individuals and the other contained information relating to nine children being taught by a teacher employed by the council.	100	2009-08-24	London Borough of Sutton	Lost Document	Council
North Somerset Council have had 13 laptops stolen over the past three years, no records kept on lost USB's or CDs No records where kept of what was on the machines so it is unknown how much confidential data has been lost.		2009-08-23	North Somerset Council	Stolen Laptop	Council
Personal details of 36,800 people with information of 1,900 driving convictions has been stolen from Repair Management Services A laptop was stolen from a packed car.	36,800	2009-08-21	Repair Management Services	Stolen Laptop	Trade Association
Sensitive patient information for more than 60 patients including physical and mental states has been lost by East Cheshire NHS The records where dumped in a skip, then turned up in a garden 20 miles away.	60	2009-08-19	East Cheshire NHS	Disposal Document	NHS
A disk has been lost containing details on approximately 20,000 patients of the Royal Free Hampstead NHS Trust’s cardiology department.	20,000	2009-08-15	Royal Free Hampstead NHS Trust	Lost Media	NHS
Children's details stored on a Lincoln play group's laptop stolen Abbey Play Group have not recovered the laptop but the thief has been prosecuted.		2009-08-08	Abbey Play Group	Stolen Laptop	Business
Medical data on 6,000 patients has been stolen from Imperial College when six laptops stolen	6,000	2009-07-30	Imperial College	Stolen Laptop	University
NHS Lothian have lost information on 137 patients on a USB left in a shop	137	2009-07-30	NHS Lothian	Lost Media	NHS
A laptop containing confidential information on 2,000 patients was stolen from Broomfield Hospital	2,000	2009-07-30	Broomfield Hospital	Stolen Laptop	NHS
A laptop containing the data of approximately 26,000 casino customers of London Clubs International Limited has been stolen	26,000	2009-07-28	London Clubs International Limited	Stolen Laptop	Business
Stolen laptops from the the Highland Council expose 1400 patient medical records	1,400	2009-07-23	The Highland Council	Stolen Laptop	Council
Manchester City Council have lost a laptop containing the personal details of 1,754 employees working at local schools	1,754	2009-06-22	Manchester City Council	Lost Laptop	Council
A GP surgery in London has lost the details of 7,000 patients after burglars stole an external hard drive and backup tapes. The hard drive contained unencrypted files with sensitive information including names, illnesses and medical histories of the patients, it was reported. The backup tapes, containing more of the same information, were encrypted.	7,000	2009-06-16	Nightingale Practice	Stolen Media	NHS
Amicus Legal has had a laptop containing personal information relating to 100,000 customers stolen. The Laptop was not encrypted. The personnel information included sensitive information relating to legal advice.	100,000	2009-06-09	Amicus Legal	Stolen Laptop	Business
A laptop with data on 3,500 patients was stolen from Salford Royal NHS Foundation Trust.	3,500	2009-06-04	Salford Royal NHS Foundation Trust	Stolen Laptop	NHS
A USB memory stick containing patient letters and waiting list data for Bradford Teaching Hospitals has been lost. 5,650 patients whose details may have been stored on the device have been apologised to.	5,650	2009-06-04	Bradford Teaching Hospitals	Lost Media	NHS
A USB key containing the medical histories for 137 patients has been lost by NHS Lothian. The loss of data concerning copies of letters from June 2006 to June 2008 between family doctors and NHS Lothian.	137	2009-06-01	NHS Lothian	Lost Media	NHS
A memory stick with the names and dates of birth of 2,450 patients was misplaced by staff at Greenwich Teaching PCT, in south-east London, in January	2,450	2009-05-29	Greenwich Teaching PCT	Lost Media	NHS
A folder containing contact details and care packages of children was left on a wall by staff from an unidentified London Primary Care Trust		2009-05-29	Unidentified London Primary Care Trust	Lost Document	NHS
A laptop containing personal details of 109,000 members of the Pensions Trust stolen from a software company, NorthgateArinso. The computer was not encrypted, and live data was being used for training and software development.	109,000	2009-05-27	NorthgateArinso	Stolen Laptop	Business
One GP downloaded a complete patient database, including the medical histories of 10,000 people, on to an unsecured laptop. The laptop was then stolen from his home	10,000	2009-05-25		Stolen Laptop	NHS
The unencrypted medical histories of 2,300 cancer patients were compromised by Hull & East Yorkshire Hospitals NHS Trust after the theft of a desktop computer and a laptop	2,300	2009-05-25	Hull & East Yorkshire Hospitals NHS Trust	Stolen Laptop	NHS
500 files containing highly sensitive RAF vetting records containing details of affairs, debt and drug use have been lost from RAF Innsworth in Gloucestershire	500	2009-05-25	RAF Innsworth	Stolen Media	RAF
A memory stick containing the names and addresses of 80 children has been lost by a council-run nursery	80	2009-05-20	Leicester City Council	Lost Media	Council
the names of 175 new mums who gave birth by Caesarean section, was stolen from Aberdeen Maternity Hospital. Stolen data included mothers' names, dates of caesarean section, the time of the decision to carry out the section and time of birth. The data was removed from a "confidential waste disposal bag" which was awaiting shredding. The information was returned in an anonymous package on April 29.	175	2009-05-12	Aberdeen Maternity Hospital	Stolen Document	NHS
A CD-Rom containing more than 1.2million digitised receipts submitted by MPs as expenses over the last 5 years was lost by (or stolen from) the House of Commons and found its way to the Daily Telegraph, which published the details in excruciating detail in a series of articles.	645	2009-05-08	Parliament	Stolen Media	Parliament
Cambridge University Hospital lost of an unencrypted memory stick containing medical treatment details of 741 patients after a member of staff left it in an unattended vehicle The memory stick, which was privately owned, was discovered by a car wash attendant who was able to access the contents to establish ownership. The information was downloaded without the knowledge of the Trust.	741	2009-05-05	Cambridge University Hospital	Stolen Media	NHS
The North West London Hospitals NHS Trust reported the theft of two laptops and in a separate incident, the theft of a desktop computer, in total containing the details of test results and hospital numbers of 361 patients. The laptops were stolen from the audiology department of Central Middlesex Hospital whilst the desktop computer was taken from the Clinical Haematology offices at Northwick Park Hospital after the hospital security's swipe card system was disabled for maintenance. The laptops and desktop computer were password protected but not encrypted.	361	2009-05-05	Northwick Park Hospital	Stolen Laptop	NHS
Manchester University revealed the personal records of 1,700 people which included information on some students' disabilities, when a member of staff emailed an attachment to 469 students	1,700	2009-04-29	Manchester University	Email	University
A laptop computer with the names, addresses and dates of birth of 1,392 patients was taken from a locked office at Aberdeen Royal Infirmary	1,392	2009-04-24	Aberdeen Royal Infirmary	Stolen Laptop	NHS
British intelligence officer undermined a large anti-drugs operation in South America by leaving a computer memory stick on a bus said to contain a list of undercover agents' names and details of more than five years of intelligence work		2009-04-26	Serious Organised Crime Agency (Soca)	Lost Media	Police

It's in date reported to the public order at present.

• The Nightingale Practice, a GP surgery in Hackney, London had a safe stolen from its premises. The safe included full medical records of all patients which were apparently encrypted and a "computer storage unit" that was "not protected". The unit contained such information as "names of patients with certain diseases and referral letters on some patients with details of patient's medical history". (Information from letter sent out to patients) 2 April 2009
• A problem with the security of the ContactPoint database exposed personnel data for 55,000 vulnerable children ContactPoint's shielding system was supposed to remove all details of the estimated 55,000 vulnerable children - apart from the name, sex and age - from the database, which will be available to children's services workers across the country. However, a flaw in the system meant when certain records were updated, a duplicate was created where the details were not shielded.
• Computers containing 2,500 individuals' names, addresses and medical diagnoses were left beside a skip inside the grounds of St. Pancras Hospital in August 2008. The computers, which were no longer in use and were not encrypted, were removed from the scene without authorisation and were never recovered. 25 Mar 2009
• Edinburgh police loose memory stick with 750 vehicles "of interest" along with other intelligence. 9 March 2009
• 46,000 prescriptions containing a patient's name, address, NHS number, date of birth and details of the drugs they are prescribed where lost or stolen in England 2007-08 6 March 2009
• A encrypted memory stick containing the names, addresses and bank details of 1,385 Salisbury residents has been lost by Wiltshire County Council. The council, in breach of its own procedures, put the stick in an envelope and posted it to Salisbury District Council. The envelope ripped and the information, which relates to recipients of housing benefit was lost. 2 March 2009
• Glan Clwyd hospital in Denbighshire has lost 100 computer disks containing personal information about patients related to patient discharge summaries 25 February 2009
• Department for Work and Pensions admits 33 people accessed Customer Information System - containing 75 million citizen records - without justification 25 February 2009
• A database that contains a record of everyone in Britain who has a national insurance number as well as other benefits and employment data has been accessed illegally by at least 33 local authority staff 24 Febuary 2009
• One of the UK childcare voucher sites leaked email addresses, National Insurance numbers, bank account details, payment logs and service logs The scheme runs the scheme for organisations including Carlsberg, Halfords, South Yorkshire Police, the University of Southampton and Thames Valley Police. There is debate about how long the details where exposed for. 17 February 2009
• Confidential police documents allegedly including intelligence and surveillance reports have been found abandoned in a Norfolk car park. The police spokesperson is denying that the documents where sensitive. 12 February 2009
• Brent Teaching Primary Care Trust has lost two laptops containing nearly 400 confidential records 6 February 2009
• Names, addresses, date of birth, hospital number and contact details of 354 patients waiting for kidney transplants at the Royal Liverpool Hospital have been stolen from a car 4 February 2009
• Immigration officials have lost 17,208 files containing the personal details of overseas people and families seeking a safe haven in the UK It was not stated how they where lost other than "in transit between units". 3 February 2009
• Laptop stolen from secure area at Great Ormond Street Hospital containing information on 458 patients, including names and dates of birth 30 January 2009
• North East Strategic Health Authority has lost at least 175 patient records NHS chiefs admit they do not know the precise number of records - which can include anything from ex-directory phone numbers to a patient’s HIV status - that have gone astray. That includes 32 files from the Northumberland Care Trust being "lost in transit", relating to a CD containing the records being lost by Royal Mail. 25 January 2009
• British Council has lost a disc containing 2,000 employees bank details, names, National Insurance numbers and salaries The disk was lost in transit with TNT. 25 January 2009
• 5,000 patients medical records have been stolen on a laptop from Singleton Hospital in Swansea. The loss occured last April but only reported today. 24 January 2009
• Tees, Esk & Wear Valleys NHS Foundation Trust have lost a memory stick containing undisclosed amount of patient information 24 January 2009
• Private data, including some medical data, has been lost for 6,360 prisoners from HMP Preston The information was encrypted but a password to get around the security was also attached to the device. It ws lost by a member of staff Central Lancashire Primary Care Trust on December 30 2008. Reported 9 January 2009
• A memory stick containing confidential information about vulnerable children has been lost. Neath Port Talbot council are not giving out any details. 22 December 2008
• A laptop used by an educational psychologist dealing with some of Leeds's most troubled children has been lost. Unknown size of dataloss This the second loss of sensitive personal data reported in a week from Leeds. 11 December 2008
• The names, dates of birth, ethnicity and contact details for about 5,000 nursery-age children living in the Leeds area were found on a memory stick dropped by a council worker. It also contained confidential information about child protection and whether or not the children's parents claimed state benefits. 8 December 2008
• Names, addresses and contact details and other details of 7,851 children, parents and carers stored unencrypted on a laptop have been stolen Surrey County Council collected the information as part of the Home to School Provision Scheme. 27 November 2008
• Names and addresses of crime suspects sent to 150 farmers in police gaffe. Members of a 'farm watch' scheme were sent an email attachment containing the names, dates of birth and addresses of dozens of alleged offenders in their area. The document also outlined what action the force intended to take against the 51 suspects. 20 November 2008
• BNP membership list has leaked onto the web. Names, addresses, jobs and phone numbers. More than 10,000 people. 18 November 2008
• Royal London has lost the personal details of about 1,600 people in the Greater Manchester area. Lost hand-held computer. Names, addresses and policy and contact details of customers. 18 November 2008
• The details of 1,800 patients were contained on two computers stolen from Hull and East Yorkshire Hospitals NHS Trust No encryption. The records contained the names, addresses, treatment and diagnosis of renal and urology patients. 17 November 2008
• A USB containing the details of 80 children and their families has gone missing from a nursery. Details thought to be on the stick, including names, addresses, dates of birth and telephone numbers. 14 November 2008
• DWP loses a memory stick containing user names and passwords for a key government computer system. The stick, which was subsequently discovered in a pub car park, could have allowed hackers to access the personal details of 12 million people registered on a government website. 2nd November 2008
• Students signing up for an NUS discount card at the University of Leicester were emailed their personal details along with the personal data of the other 3,396 students who had also signed up for the card The email was sent out by the local students' union and included course information as well as phone numbers and dates of birth. 31 October 2008
• MoD loses unencrypted portable hard drive. The portable drive contained the names, addresses, passport numbers, dates of birth and driving licence details of around 100,000 serving personnel across the Army, Royal Navy and RAF, plus their next-of-kin details. It also held data on 1.7 million individuals who had enquired about joining the armed forces. 10th October 2008 (updated 13th October 2008)
• The details of up to 50,000 serving and ex-service personnel are at risk after three USB portable hard disc drives were stolen from an RAF station, the Ministry of Defence has admitted The drives were being stored in a double-secured area of the Service Personnel and Veterans Agency's offices at Innsworth Station, Gloucestershire. The agency holds files on all the serving members of the RAF, veterans and their dependents. A Ministry of Defence spokesman admitted that data on the entire RAF personnel and their families was at risk. 27th September 2008
• 11,000 teachers details on missing disk. Data was encrypted. Went missing after being sent from Rotherham via Parcelforce to its Birmingham office. 25 September 2008
• A laptop computer containing personal details of about the 122 company directors of bankrupt companies has been stolen, from the Insolvency Service. 17 September 2008.
• West Midlands Police have lost a data stick that allegedly contained information on terror suspects The Independent Police Complaints Commission has launched an independent inquiry into the loss of a memory stick. The loss of the data stick is being treated as "an extremely serious matter", according to Len Jackson, the IPCC commissioner. 16 September 2008
• Personal details of 18,000 staff 'lost in the post'. Four computer discs containing the details of 17,990 current and former staff were lost in July 2008 when they were sent between Whittington Hospital NHS Trust in north London and McKesson, a firm providing IT payroll services. They contained the names, dates of birth, national insurance numbers, start dates and pay details of all staff of Whittington Hospital NHS Trust, Islington Primary Care Trust, Camden Primary Care Trust and Camden and Islington NHS Foundation Trust. They also contained the addresses of some staff. 15th September 2008.
• Unencrypted data of 15,000 patients stolen from Winchester GP surgery. The data of 15,000 patients was lost after a thief stole unencrypted backup computer tapes from St Paul’s surgery in Winchester. The tapes were not encrypted but instead had password protection. 11th September 2008.
• Unencrypted memory stick lost by the MoD. An unencrypted memory stick containing times, locations and travel and accommodation details on 70 soldiers from the 3rd Battalion, Yorkshire Regiment was discovered on the floor of a Cornish nightclub. 10th September 2008
• A portable hard drive holding the names, dates of birth, national insurance numbers and prison service employee numbers of up to 5,000 prison staff were lost as long ago as July 2007. However, staff only realised the data was missing in July 2008. The drive is thought not to be encrypted. 6th September 2008
• Millions of confidential patient records 'at risk'. A study, of 105 doctors at a London teaching hospital, found that 90 per cent carried USB memory sticks. Two thirds of the disks carried sensitive patient information but just five were protected by a password. The article failed to mention whether any of the USB sticks were encrypted. 4th September 2008
• The Bank account numbers and sort codes of people in the Charnwood Borough Council area where found on a computer sold on eBay 27 August 2008
• The personal details of more than a million high- street bank customers have been found on the hard drive of a computer sold on eBay for £35.. The information on customers of NatWest, the Royal Bank of Scotland and American Express included mobile phone numbers, bank account numbers, mothers' maiden names and signatures. 26th August 2008
• Unencrypted memory stick lost by the Home Office. It contained personal details and intelligence on 33,000 serious offenders, dossiers on 10,000 “priority criminals” and the names and dates of birth of all 84,000 prisoners in England and Wales. 21st August 2008
• Ministry of Justice loses 45,000 personal records, information included dates of birth, national insurance numbers, criminal records 16 August 2008
• Unencrypted NHS laptop stolen. It containing medical details of several thousand patients and was stolen from the car. The details included names, dates of birth, postcodes and treatment plans. 30 June 2008
• Home Office lost data on 3,000 seasonal farm workers. Names, nationalities, passport numbers and dates of birth were lost when an unencrypted disk disappeared in the post. 12th August 2008
• Personal data of 250 children lost by BBC. The personal data of the children, who had applied to take part in a television programme, was lost when a memory stick containing the data was stolen. 9th August 2008
• MoD mislays 87 classified memory devices Ministry of Defence staff have reported 87 USB data storage devices containing classified data lost or stolen since 2004. 17 July 2008
• More than 150 incidents of data being lost at NHS trusts across Wales North East Wales NHS Trust - 53 incidents, Carmarthenshire NHS Trust - 24 incidents, Cwm Taf Trust - 10 incidents, North West Wales NHS Trust - 10 incidents, Pembrokeshire & Derwen NHS Trust - eight incidents, Cardiff & Vale NHS Trust - six incidents. 17 July 2008
• Daily Mail and General Trust have lost their employee info, names, addresses, bank accounts and sort codes Yet another lost laptop. 7th July 2008
• Unencrypted NHS laptop ontaining medical details of several thousand patients from Colchester University Hospital stolen The details included names, dates of birth, postcodes and treatment plans. 30 June 2008
• The Scottish Ambulance Service has lost a disc containing the encrypted 999 call details of almost one million people. The disc was reported lost last week by courier TNT ... the disc had been encrypted ... Data lost included name of the caller and person they called on behalf of, the date of birth of the person called on behalf of, the location of the incident, and the phone number used to call for assistance. The names of the ambulance-service staff who dealt with the call, including the call taker, dispatcher and names of the responding crew. 24 June 2008
• Virgin Media has lost a CD containing 3,000 customers' bank details 20 June 2008
• London hospital loses 20,000 unencrypted patient files The six laptops in question belonged to the cardiac department, and contained information about some 20,000 patients, including their name, date of birth and postcode. 18 June 2008
• 11,000 patient records from Wolverhampton hospital lost. On the same day that the Tooting hospital data loss was reported, it was discovered that a Wolverhampton GP had reported a laptop stolen. 18 June 2008
• Disc containing more than 38,000 NHS patient records lost by courier. The disc was supposed to be delivered to a software company in London from Sandown Health Centre on the Isle of Wight -- to be backed up in case the data was lost. 21 May 2008
• A disc containing personal and protectively marked material relating to the Rosemary Nelson Inquiry has been lost The inquiry said it deeply regretted "this serious breach of secure data handling protocols". The compact disc went missing on 6 May 2008
• 10,000 customers affected by laptop losses from Bank of Ireland. 22 April 2008
• Personal data about members of the public has been lost or wrongly revealed by 13 London councils in the last year 13 April 2008
• HSBC loses customers' data on a disc 370,000 customers affected. The disc was sent using ordinary Royal Mail services. customers' details included their names, dates of birth, policy number, if they where a smoker and their levels of insurance cover. 7 April 2008
• 'Home Office highly confidential' CD found in laptop sold on eBay Police are investigating after the disc - which was hidden between the keyboard and circuit board - was discovered by computer repair technicians in Bolton. Luckily the CD was encrypted, it's not reported how. 28 February 2008.
• Skipton Financial Services lost an unencrypted laptop containing personal information on 14,000 customers The laptop, which contained names, dates of birth, National Insurance numbers and investment amounts, was stolen from an SFS contractor. The Information Commissioner's Office has ruled they have breached the Data Protection Act. 21 February 2008
• Information on 20,000 people including their bank account numbers and health details left in squat Documents included names, phone numbers and addresses, dates of birth, pay slips, bank forms and details of private interviews with benefit claimants. ...The Haringey Council files many stamped "Confidential" - date from the 1980s to 1993. 18 February 2008
• 5,000 medical records stolen, latop A laptop containing the medical records with information on 5,123 patients has been stolen from a Black Country hospital. 14th February 2008
• NHS get warning after more patient data goes missing, including data on 1.7 million patients, hard drives dumped in skip, disc lost, information left in pub, laptop stolen from locked room and and doctor's name linked to patients' details via 'google' search. 27th Jan 2008
• Personal details of more than 1,000 students in Scotland have gone missing in the post 26th Jan 2008
• Royal Navy officer had a laptop stolen which had held the personal details of 600,000 people. It contains data including passport numbers, National Insurance numbers and bank details. They relate to people who had expressed an interest in, or joined, the Royal Navy, Royal Marines and the RAF. More details in the Burton review 19 January 2008
• NHS lose 4,000 medical and personal details on a USB drive Stockport Primary Care Trust (PCT) admitted it had not informed the thousands affected after it lost their names, dates of birth and details of medical conditions in December. The details, which also included NHS numbers and details of GPs, was on a USB drive that was dropped by an employee. 18 January 2008
• Police data including names, addresses, telephone numbers and ranks of employees of Devon and Cornwall Police found on computer disk that had been thrown out 26 December 2007
• Nhs bosses in the north-east have admitted losing confidential patient information on eight separate occasions in the last five years. Patient information kept on the health board's databases was lost and never retrieved and it was unable to confirm how many individuals had been affected by the breach. 24 December 2007
• Sensitive details about adults and children were lost in 10 incidents at Nine separate NHS Trusts. Cases include the loss of a CD holding 160,000 children's names and addresses by a Trust in East London and the loss of 244 cancer patients' details by the Maidstone and Tunbridge Wells health trust in Kent. THE TRUSTS: Bolton Royal Hospital, Sutton and Merton, Maidstone and Tunbridge Wells (two incidents), Sefton Merseyside, City and Hackney, Mid Essex, East and North Herts, Norfolk and Norwich, Gloucester Partnership Foundation Trust 23 December 2007
• details of 6,500 pension firm customers lost by HMRC. Names, addresses, DoB, NI Numbers and pension contributions 18 December 2007
• The details of three million candidates for the UK driving theory test. Names, addresses and phone numbers - but no financial information - were among details on a computer hard drive which went missing in the US. 17 December 2007
• Norwich Union has been fined £1.26m for failing to protect customers' personal details after fraudsters were able to steal £3.3m from policyholders. 74 polices worth a total of around £3.3m. In a series of telephone calls to Norwich Union Life the fraudsters obtained confidential information and were able to change customers' details so that policies were paid out to the wrong accounts. 17 December 2007
• The details of up to 3,000 NHS patients could have been on a laptop stolen from a doctors' surgery The laptop contained patients' names, addresses, dates of birth and phone number. 14 December 2007
• The personal details of 160,000 children have been lost at a London hospital. A computer disc containing the data was sent to St Leonard's Hospital in Hackney but failed to reach the right department - even though it was signed for by hospital staff. The disc contained their names, dates of birth and addresses. (Encryption was used on the discs) 12 December 2007
• Sefton PCT leaks personal details of 1800 staff 12 December 2007
• Leeds Building Society has mislaid information containing the personal details of its 1,000-strong workforce 11 December 2007
• The Driver and Vehicle Licensing Agency in Northern Ireland has lost the personal details of 6,000 people, on two discs after being sent to the agency's headquarters in Swansea. The information was not encrypted. 11 December 2007
• A laptop computer containing personal details of up to 60,000 people has been stolen from the Citizens Advice Bureau in Belfast (Thankfully the computer was encrypted) 7 December 2007
• Concern over use of post for patient records Two Primary Care Trusts use the regular post to deliver GP records to “fringe practices”. 6 December 2007
• The DVLA has sent out 1,215 questionnaires including drivers’ names, addresses, birth dates, licence numbers and motoring offences records to the wrong people 6 December 2007
• The Department for Work and Pensions has lost another computer disc containing the personal financial details of 40,000 housing benefit claimants 2 December 2007
• At least ten discs holding personal information about millions of people have yet to be accounted for after they had been sent from Revenue and Customs’ offices there are actually ten missing discs, including the two sent from offices in Washington, Tyne and Wear, to the National Audit Office in London and six lost in transit from tax offices in Preston 26 November 2007
• Frank Milford, whose company was hired in 2006 by the Department of Constitutional Affairs to overhaul its administration, said he had asked for a list of its suppliers. He received a package from a firm called Liberata, which handled the department’s finances, containing two discs listing personal details of every person, business or company paid by the department over the past five years. He told The Sun newspaper that the discs were neither encrypted nor password-protected. 26 November 2007
• HMRC loses almost half the nation's data in the post also see Discgate‎
• Data on 15,000 pension policy holders, sent on CD has been lost The lost disc contained names, national insurance numbers, dates of birth, addresses, and pension data. Information such as this would easily lend itself to abuse by crooks if it fell into the wrong hands. The data was not encrypted 5 November 2007
• Hundreds of people could be at risk of identity fraud after a laptop holding sensitive information was stolen from an HM Revenue and Customs worker 8 October 2007
• Dudley Group of Hospitals NHS Trust sold one of its computers full of confidential medical information on eBay 14 September 2007
• http://www.computerweekly.com/blogs/tony_collins/2007/09/npfit-security-warning-after-n.html 50 NHS staff view celebrity record. 18th Sep 2007
• A computer database containing thousands of top secret telephone records from police investigations into terrorism and organised crime has been stolen 11 August 2007
• A laptop containing salary details, addresses, dates of birth, national insurance and phone numbers of some 26,000 M&S employees has been stolen 9 May 2007
• Marks & Spencer loses 26,000 staff details after a laptop containing unencrypted data was stolen Marks & Spencer (M&S) now has until 1 April 2008 to ensure all laptop hard drives are fully encrypted. The Information Commissioner's Office have served the enforcement notice on 23 January after M&S refused to allow the watchdog to publish the changes it demanded in data security at the company. April 2007
• Talking CCTV cameras - this still takes my breath away. 4 April 2007
• TJX revealed that UK shoppers at its stores have had their personal and financial data stolen, which could be used for fraudulent transactions 30 March 2007 The theft, already one of the world's largest incidents of corporate data theft, has so far seen US-based retailer TJX admit that 45.7 million credit and debit cards was stolen from the company in a computer data security breach over an 18-month period. 30 March 2007
• Children's details taken in theft Health bosses in Nottinghamshire have issued a warning after a laptop containing information on about 11,000 young children was stolen. 27 March 2007
• A Halifax building society employee last week had data on 13,000 mortgage customers stolen from his car. 27 March 2007
• Thousands of Worcestershire County Council employees have become victims of data theft after a laptop containing sensitive personnel information was stolen in a street robbery 16,000 employees, one laptop and no encryption. 28 February 2007
• Met Police in laptop theft security flap Three laptops, containing the payroll and pension details of more than 15,000 Met Police officers, have been nicked from the offices of LogicaCMG, the outsourcing firm that handles the payments. 22 November 2006
• The UK Building Society Nationwide has admitted that a laptop containing account records of possibly more than 11 million customers has been stolen from an employee's home. They did not tell customers for more than 3 months. 18 November 2006
• Newcastle City Council has mistakenly released the private details of more than 50,000 credit and debit card customers 27 July 2007
• Natwest/RBOS allegedly dump customer details in bins [2] 18 August 2006
  • Did this lead to major consequences?
• HSBC knew about security loophole in online banking One of Britain’s biggest high street banks knew about a security loophole in its online banking service that left millions of accounts open to fraud and did nothing about it for almost two years. 11 August 2006
  • It appears that this was not such a huge problem as the Guardian made out as keylogging software was required to effect the "hack"[3]
• http://www.computerweekly.com/Articles/2006/07/11/216882/nhs-trust-uncovers-password-sharing-risk-to-patient.htm Leeds teaching hospital uncovers 70,000 cases of "inappropriate access" to systems, including medical records, in one month 11th Jul 2006
• UK National DNA database shared overseas 7 June 2006
• CRB check "false positives" - while not a privacy issue precisely, this resulted in people losing employment opportunities. 21 May 2006
• Identities of Network Rail and DWP staff stolen and used to defraud the Tax Credits system 19 January 2006
• Old 'Phantom Withdrawals' issue with UK banking system: [4] and [5] 21 October 2005
• Castlereagh police station raid - Suspected inside job; Denis Donaldson (IRA informant) turns up dead later, though this is tied up with the Stormont Spy Ring affair. 24 May 2002
• Individual Learning Accounts fraud 10 October 2001
• Powergen security breach shock A major security breach involving the disclosure of personal details (including names, addresses and credit card information) on as many as 7,000 customers has occurred on the Powergen web site. 20 July 2000