Memory stick found in pub had details of 26,000 tenants
Neither company was fined, despite around 800 instances of customers' bank details being on the memory stick
Your support helps us to tell the story
From reproductive rights to climate change to Big Tech, The Independent is on the ground when the story is developing. Whether it's investigating the financials of Elon Musk's pro-Trump PAC or producing our latest documentary, 'The A Word', which shines a light on the American women fighting for reproductive rights, we know how important it is to parse out the facts from the messaging.
At such a critical moment in US history, we need reporters on the ground. Your donation allows us to keep sending journalists to speak to both sides of the story.
The Independent is trusted by Americans across the entire political spectrum. And unlike many other quality news outlets, we choose not to lock Americans out of our reporting and analysis with paywalls. We believe quality journalism should be available to everyone, paid for by those who can afford it.
Your support makes all the difference.Personal information belonging to tens of thousands of people, including bank account details, were on a memory stick found lying in a pub, it has emerged.
The details, held unencrypted on the USB memory stick, related to more than 26,000 tenants of two London housing companies, Wandle Housing Association and Lewisham Homes, both of which were found to be in breach of the Data Protection Act by the Information Commissioner’s Office (ICO) yesterday.
Neither company was fined, despite around 800 instances of customers’ bank details being on the memory stick, which was lost by a contractor working for Lewisham Homes and 20,000 of the people whose details were lost were their customers. He had previously worked for Wandle.
Sally-Anne Poole, the ICO’s acting head of enforcement, said: “Saving personal information on to an unencrypted memory stick is as risky as taking hard copy papers out of the office. This incident could so easily have been avoided if the information had been properly protected.”
Graham Cluley, a security expert with Sophos, said: “The key is that they seem to have leaked multiple types of data. The more information you have about a person, the easier it is to put the pieces of the jigsaw together and commit identify theft.
“The potential for harm is quite considerable. Put simply, organisations should be encrypting information. Even if it falls into the wrong hands, it is useless.”
Mark Fullbrook of security company Cyber-Ark, said: “Firms need to ensure the same high level of security used within the organisation is used to defend its information in the outside world.”
Both companies have agreed to ensure that data held on all portable devices are encrypted in the future. A spokesman for Lewisham Homes said “In March 2011, without our knowledge one of our contractors took confidential information and put it onto a data stick, which he subsequently lost.
“This was in breach of our Data Protection procedures and as a result of this breach the contractor has now been dismissed." The stick, the company said, was immediately handed to the police.
Join our commenting forum
Join thought-provoking conversations, follow other Independent readers and see their replies
Comments