A disturbing discovery was made when a USB stick found on the pavement of a London street turned out to contain elaborate Heathrow airport security information.
While it is worrying that so much critical information had been collated within a single USB, it is perhaps more troubling that the files it contained were not encrypted, and no password protection was in place.
The shock of the find is further enhanced by recently heightened security concerns following a string of major terrorist incidents, with the data on the USB pertaining directly to anti-terror measures.
It has been reported that the device was found by a passer-by who checked the contents of the drive, proving that truly anyone could have come across the information. The device also contained information regarding the movements of the Queen and Ministers when they are using the airport.
Richard Stiennon, Chief Strategy Officer, Blancco Technology Group, said: “The EU is moving toward a remarkably strong data privacy regulation. There is nothing in the works in the US that will provide equivalency to the EU GDPR which goes into effect this coming May 25. My take for EU businesses that need to engage with US data processors is not to trust them. For that matter you should never trust any organization that handles your data. You should encrypt that data as soon as possible. You should store and protect the encryption keys. And you should be able to systematically erase any data at any time in any place.
– Going digital ranks as #1 priority among banking CIOs
– Bloodhound: A day at the supersonic races with Oracle
– North Korea to blame for NHS WannaCry attack – UK Government
With GDPR soon arriving, no organisation should be handling data so carelessly, whether it is security information that protects human lives, or customer information that could lead to fraud or theft.
Tony Pepper, CEO and co-founder of data security company, Egress, said: “What is so concerning about the leak of these files from Heathrow is just how highly sensitive this data is and how serious the consequences could have been had the the leak not been discovered, or if the information had gotten into the wrong hands. It’s unclear if the USB that the data was found on was intentionally leaked, or if this is simply a case of data security negligence. Whichever the case, what we know for sure is that once again data has been exposed not through by malicious external hacker but through an inside source – and the consequences could have been disastrous.”