View all newsletters
Receive our newsletter - data, insights and analysis delivered to you

Glasgow council criticised after laptop theft exposes bank details

Unencrypted laptop stolen during burglary shows need for strong data protection, say security experts

By Steve Evans

Glasgow City Council has warned nearly 40,000 customers that their personal details may be at risk after a laptop was stolen during an office break-in.

Local police and the Information Commissioner’s Office (ICO) have been informed of the incident.

The council has confessed the laptop, which was one of two stolen during a robbery last month, was password protected but not encrypted.

Information on the laptop relates to 17,692 companies and 20,143 individuals. The council is now writing to all affected parties to warn them of the danger. The bank details of 10,382 companies and 6,069 individuals were included in the stolen data.

Affected customers are council suppliers and people who receive winter fuel payments and care grants.

"We are in the process of writing to the people affected by this theft to alert them to the data loss and offer them advice about what steps they might need to take," the council said in a statement.

"We are sorry that this has happened and apologise for the inconvenience it has caused. Anyone with any information on the theft should contact Strathclyde Police. Customers should remember that no one from the council would ever call at their home or telephone them to ask for personal information, such as banking details. A bank will never ask for a customer’s PIN or for a whole security number or password," the statement added.

Content from our partners
Unlocking growth through hybrid cloud: 5 key takeaways
How businesses can safeguard themselves on the cyber frontline
How hackers’ tactics are evolving in an increasingly complex landscape

Chris McIntosh, CEO of security firm ViaSat, says the case shows the need for businesses to have strong data protection policies in place.

"This recent data breach shows that the safeguarding of personal information is still a major issue, particularly within the public sector. While the council was only made aware of the breach last Wednesday, this will come as little consolation to the 16,451 customers whose bank account details are now in the public arena and at risk of theft. The fact that some of those affected were customers already looking for additional financial support from the council compounds this point and puts these individuals at greater risk," he said.

"It is imperative that all organisations have a rigorous data protection policy in place to avoid situations like this one and that sensitive customer information is stored securely and wherever possible encrypted. If avoidable cases of data breaches like these continue to happen, the public sector risks substantial fines from the ICO as well as irrevocable damage to its reputation," McIntosh added.

Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how New Statesman Media Group may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.