Stolen personal details of 400,000 witnesses and defendants at Salford Magistrates Court found for sale on eBay
The £1,200 server was returned but police found insufficient evidence to find the thief
Your support helps us to tell the story
From reproductive rights to climate change to Big Tech, The Independent is on the ground when the story is developing. Whether it's investigating the financials of Elon Musk's pro-Trump PAC or producing our latest documentary, 'The A Word', which shines a light on the American women fighting for reproductive rights, we know how important it is to parse out the facts from the messaging.
At such a critical moment in US history, we need reporters on the ground. Your donation allows us to keep sending journalists to speak to both sides of the story.
The Independent is trusted by Americans across the entire political spectrum. And unlike many other quality news outlets, we choose not to lock Americans out of our reporting and analysis with paywalls. We believe quality journalism should be available to everyone, paid for by those who can afford it.
Your support makes all the difference.A magistrates court computer server containing hundreds of thousands of files with sensitive personal information including details of witnesses and victims was put up for sale on eBay.
The Information Commissioner’s Office (ICO) has been investigating the security breach after being alerted to the theft of the device in June 2012. It declined to comment on the progress of the inquiry.
Justice Minister Helen Grant confirmed the blunder in an answer to a written Parliamentary question by Labour’s Andy Slaughter after details emerged in the Ministry of Justice’s annual report.
The network server was stolen during the decommissioning of Grade II listed Salford Magistrates Court which had operated in the city since 1825 until its closure in 2011 as part of the Government’s cost-cutting plans to shut 142 courts and tribunals.
Mrs Grant said that the £1,200 server had been returned but a police investigation found insufficient evidence to identify who had stolen it and no charges were brought. None of those whose details were included in the 400,000 files had been notified.
“Files recovered from non user-accessible areas of the server contained personal and sensitive data, including court documents and emails, but a detailed forensic analysis and audit did not identify any access to the files during the time the server was not under the control of MOJ and therefore no action has been taken to inform those affected,” she said.
The analysis revealed that an attempt had been made at reformatting the server and Windows OS installed via a web browser.
Mr Slaughter criticised the way the investigation had been handled and the failure to contact those whose private data might have been compromised. “Details of hundreds of sensitive files which could put victims and witnesses in criminal trials at risk have been stolen,” he said.
The ICO has recently issued a number of hefty fines to public bodies for breaching data rules. In July it fined NHS Surrey £200,000 after 3,000 patient records were found on a second hand computer that was bought on eBay. It described the breach as “truly shocking”.
In June North Staffordshire Combined Healthcare NHS Trust was fined £55,000 by the watchdog when sensitive medical details of three patients were accidentally faxed to a member of the public.
Join our commenting forum
Join thought-provoking conversations, follow other Independent readers and see their replies
Comments