Cyber-Ark warned organizations of the need to constantly review their data protection procedures as news of another pair of CD-ROMs going walkabout from a UK government agency emerged over the weekend.
"The News of the World has revealed that a former contractor for the Department for Work and Pensions had two CD-ROMs containing details of thousands of benefit claimants in her possession for more than a year," said Calum Macleod, European Director with Cyber-Ark.
"Coming so soon after the HMRC CD-ROM Fiasco, this highlights several errors of procedure within a number of government departments.
It also highlights the need for all organizations, whether public or private sector, to control who has access to their data encrypt their company and client databases," he added.
The Department for Work and Pension CD-ROMs - which reportedly contained the names, addresses, DoB and NI numbers of up to 18,000 claimants - languished in the former contractor's possession after she left the government agency and forgot to return the disks.
"There are several significant errors of procedure here. Access to the data should only be possible with the permission of senior internal staff, the disks should have been encrypted, and should not have left the office without audit logging systems being applied, and should have been retrieved by the agency following the contractor's departure," said Macleod.
"It’s unlikely that anybody’s head will roll for this second CD-ROM database fiasco, but until such time as the public sector and the government invest in the technology that is readily available to avoid these repeated breaches of the data protection act they should put their national ID scheme on ice. Who knows what else is out there in the public domain," he added.