Leicester City Council has confirmed it has put security at risk by mislaying a memory stick containing medical information and home security codes for thousands of elderly people in the Midlands.
The thumb drive contained personal medical details of 4,000 elderly people who use the council's care service, LeicesterCare. Some 2,000 key codes which can be used to gain access to their homes were also on the device, which went missing from the council building.
The council launched an operation to reset all the codes after admitting it lost the data more than two weeks ago in a massive security bungle. Council staff only reported the information missing to the Information Commissioner’s Office (ICO) four days after it disappeared.
A spokesperson for the council said it was investigating the “possible loss of a data device,” adding there was no reason to suspect the information had been removed deliberately.
“However, whilst we have been assured by our supplier that the information on the device is not accessible to anyone who may find it, we are taking every precaution to maintain the security of our LeicesterCare users,” the spokesperson assured.
The ICO has now launched an investigation of it’s own as well as alerting the police of the breach which will no doubt cause a lot of worry for vulnerable people and their families. The rules issues by the ICO require councils to keep digital information adequately encrypted. In severe cases of data loss, the ICO can levy fines of up to £500,000 although it is yet to do so. The outfit's response to this latest revelation remains to be seen.