All the latest UK technology news, reviews and analysis
|
|
|
11 Aug 2008
The BBC has admitted the loss of the details of a number of children who had applied to take part in a in a new BBC1 kids cooking show called Gastronauts.
It is thought the personal details of around 250 children being stored on a memory stick was stolen from a car belonging to a member of staff at Objective Productions, the production company making the show, while parked at Ikea.
The device contained the names, addresses and mobile phone numbers of children, as well as dates when families were planning to be away.
The BBC has since informed the parents of those affected and apologised for the incident. The broadcaster has also said that, thus far, there is no indication that the data has been used for malicious purposes.
"This data was not lost by the BBC itself, but stolen from an independent production company working for CBBC. However we took the issue very seriously," said a BBC spokesman.
However, security experts have slammed the breach, saying that both parties should have ensured that the data was properly protected before being put on the memory stick.
"This loss of data clearly highlights an issue for businesses when sharing sensitive information with third parties," said Greg Day, security analyst for IT security company McAfee.
"Large organisations may feel confident in their own security practices, but problems can arise when information is being shared with third parties who may not have implemented sufficient security settings."
"This loss of information would not have posed any kind of threat if the memory stick had been encrypted. As a result of weak security procedures, the stolen data has in fact provided valuable information with which to perpetrate both virtual and physical crime."
Similarly, Jamie Cowper, director of marketing at data protection expert PGP Corporation in EMEA, believes that "previous incidents should have served as a warning" to the BBC, which should have reviewed security procedures before the event occurred.
"If there were any lessons to be learned from HMRC, it’s that data stored on removable media – be it CDs or USB sticks – is just as susceptible to loss or theft and should by no means be forgotten when it comes to enforcing corporate data security policies," said Cowper.
Latest stories from Security
Related articles
Related jobs
Poll
What is the most important IT priority for your company this year?
Connect with V3.co.uk
This paper focuses on a series of best practices and techniques for development teams looking to improve their software development processes
Why good data management at all levels is essential in the modern business (video, 6mins)
Business Analyst urgently required with a background...
We have an opportunity for an experienced Business Architect...
Leading Institutional Investment Manager require an individual...
Leading Institutional Fund Manager require a Senior IT...
Keep up to date with the latest products, services and technologies from the world's leading IT companies. IThound.com brings you over 2,000 white papers, case studies and analyst reports.
Do you agree?
Endpoint Security
The BBC's name has yet again been tainted as they confirmed the loss of a USB stick containing confidential data on child competition entrants, reinforcing the point yet again that endpoint security needs to be taken more seriously by businesses entrusted with confidential information. However, this particular case highlights the need to ensure that not only are all the network access points in one organisation secure, but for this level of security to be present in every company the organisation does business with, be they suppliers, partners or resellers. This is because, whilst the BBC may have had the appropriate security measures in place, the production company with whom they were working obviously did not. It is not their name though that is bearing the brunt so publicly, it is the BBC's. Organisations need to ensure that companies who they contract with are taking measures that are as effective as theirs to protect endpoints, such as assessing the risk posed by devices connected to the network, and password-protecting areas that might be at any risk. It is only by making sure that everyone in the business chain has their endpoints covered, that an organisation can begin to feel secure. Yours truly, David Vella Director of Product Management GFI Software
Posted by: David Vella 13 Aug 2008