Sign up to our newsletter
This weekend British tabloid newspaper The Sunday Mirror warned of a potential “risk to national security” after a memory stick containing sensitive information about Heathrow airport was reportedly “found in the street.”
If the report is to be believed, an unnamed unemployed man found a USB stick lying amid the leaves on Ilbert Street, in Queen’s Park, West London – miles away from Britain’s busiest airport.
At least 174 documents were said to be on the unencrypted USB drive, including some marked as “restricted” or “confidential” detailing the precise route used by the Queen when she uses the airport, and security measures in place to protect government ministers and foreign dignitaries.
Other information allegedly contained on the device included details of:
According to The Sunday Mirror the unnamed man only realised what was on the memory stick when he took it to the library a few days later:
“I was curious about what it contained so a few days later, when I went back to the library, I plugged it into the computer. All these files were there. I couldn’t believe it.”
He’s right. It is hard to believe.
The United Kingdom is on high alert to be on the lookout for potential terrorist acts, and high security at high-risk targets such as Heathrow airport would be expected to be in place.
A Heathrow spokesperson said security was being reviewed in light of the incident:
“Heathrow’s top priority is the safety and security of our passengers and colleagues. The UK and Heathrow have some of the most robust aviation security measures in the world and we remain vigilant to evolving threats by updating our procedures on a daily basis. We have reviewed all of our security plans and are confident that Heathrow remains secure. We have also launched an internal investigation to understand how this happened and are taking steps to prevent a similar occurrence in future.”
Some obvious questions come to mind:
The answers to these questions may never be made public, and it is possible we will never know how the sensitive data ended up lying unencrypted on a London street.
But that’s no reason for other companies not to take a long hard look at what they are doing to prevent sensitive data from leaving their network, to ensure that if confidential data is placed on memory sticks that they are protected by strong encryption, and to put tighter controls in place to avoid unauthorised access to your organisation’s secrets in the first place.
Author Graham Cluley, We Live Security