Three laptops containing Metropolitan Police payroll details have been stolen from LogicaCMG, the UK IT services firm.
The burglary took place last Thursday evening, but was discovered by staff arriving for work at Logica's Southwark offices on Friday morning. Approximately half of the Metropolitan Police's employees are thought to have been affected. The Metropolitan Police is in the process of notifying its employees of the theft.
LogicaCMG processes the Metropolitan Police payroll and pensions. The Metropolitan Police declined to comment on exactly what details had been stolen, or confirm how many employees had been affected, due to the nature of the ongoing investigation. Sources close to the inquiry have claimed that the laptops contained the payroll and pension details of over 15,000 Metropolitan Police officers.
A man has been arrested in connection with the burglary, which police believe was opportunistic, not targeted, and perpetrated by somebody external to the company.
According to the Metropolitan Police, a risk assessment of the data on the laptops has been conducted, and they believe staff face little risk of identity theft.
"We believe the risk of staff members falling victim to either fraudulent activity or identity theft is minimal," said the Metropolitan Police in a statement.
However, the theft is sufficiently serious that UK fraud prevention service CIFAS, payment services organisation APACS and credit reference agencies have been consulted about what action to take to safeguard staff against becoming victims of fraud.
ZDNet UK understands that Logica will set up a helpline for those affected by the theft.
The Metropolitan Police declined to say whether the data on the laptops was encrypted, or whether security procedures had been followed at LogicaCMG.
LogicaCMG UK confirmed that an opportunist break-in had occurred at one of its premises last Thursday.
"We have taken immediate action to mitigate any further risk arising from this incident and are co-operating fully with the Metropolitan Police investigation," said Logica in a statement.
"The risk of the data on the three laptops being used for either fraud or identity theft is minimal and every measure is being taken to protect those affected. We will provide further information as this becomes available," Logica added.
LogicaCMG refused to say whether security procedures had been followed, whether the laptop data was encrypted, or whether the company had the ability to remotely destroy the data, due to it being an "ongoing investigation". The company also declined to comment on whether it is reviewing its security procedures.
Metropolitan Police officers from the Burglary Squad based at Peckham are investigating the crime, supported by the Specialist Crime Directorate.
LogicaCMG has offered the Metropolitan Police Commissioner an unreserved apology, according to the police.
The burglary follows the theft of a laptop containing customer details, stolen from Nationwide Building Society earlier this month.
Encryption firm PGP Corporation warned that this type of security breach may become more common in future.
"If criminals are willing to steal laptops from the police, is any organisation safe from this type of data theft?" asked Jamie Cowper, PGP Corporation European marketing manager.
Talkback
In an age where stealing a 5 pound laptop is more lucrative than stealing a Mercedes Benz, it’s not surprising that we see this type of crime on the rise. Depending on the data stored on a machine, a thief can garner more from a laptops sensitive information than simply pawning the machine.
Most people can take some very basic steps to <a href="http://www.essentialsecurity.com/news.htm?id=41" target="_blank">prevent laptop theft</a> like, not leaving laptops unattended in plain view. If you're forced to leave your laptop in the car, take an extra moment to lock it in the trunk. In the U.S., this is often how many machines are nicked.
Sometime in 2007 I’m predicting a colossal failure of e-privacy that will affect a large number of people in a real way. We’ve seen a handful of flare-ups such as this laptop being stolen, theft of customer credit card info, release of peoples search terms on Google and that’s not even bringing up the US administration’s assault on privacy in the name of national security. Some time in 2007, carelessness, stupidity, greed or maybe even hate will put thousands or even millions of personal records either out in the open, or into the wrong private hands. The cost of cleaning up this data spill will be huge. Unfortunately, it is going to get worse before it gets better.
David Karp, Ipswitch