MP’s briefcase containing laptop and iPad stolen from pub in 'worrying' security
An MP had his briefcase containing a laptop and parliamentary-supplied iPad stolen from a pub, newly released files show.
The police and IT support were called in after the member reported in the early hours of the morning that the digital devices had been taken.
The incident is among a list of hardware lost by MPs and Lords which has been disclosed by the House of Commons to Metro.co.uk.
A log compiled by the Parliamentary Digital Service (PDS) dated to 00:11 on February 23 last year refers to a call from security control raising the alarm.
The report indicating that the MP’s work had been affected also shows the incident was reported to the police, who assigned a reference number.
The location is redacted but is listed as ‘pub’ in a separate document supplied by the House of Commons under the Freedom of Information Act (FOIA). The ‘affected user’ is not named but has an official @parliament.uk email address and the entries confirm that the iPad was being used for his work duties.
The theft was still being dealt with by the PDS at 7.22am when it was confirmed that the personal device contained a sim card and the police had been informed.
A list of almost three dozen items which were lost or stolen from MPs and Lords over the last year also includes a laptop which was stolen from an office on the parliamentary estate.
A separate disclosure by the Commons last month revealed that an MP arrived on a Monday morning to find the device, which potentially contained constituency information, had vanished from a desk.
The partially redacted logs concern devices supplied by the PDS, which provides IT support for MPs and Lords, which have been lost or stolen in the year up to November 2022.
The disclosure comes at a time of heightened concern over cybersecurity at Westminster, where the IT network is part of the Critical National Infrastructure. Data security protocols have reportedly been tightened at parliament over the past few months, with the network facing a high level of threat from cyber-attacks which could damage the national interest if the defences are breached.
Last month, it emerged that a Chinese tracking device capable of transmitting location data was discovered inside a UK government car used to carry diplomats and senior officials.
Oli Pinson-Roxbugh, CEO of cyber security provider Bulletproof, told Metro.co.uk: ‘A stolen device is worrying news for a business, and even more concerning when it’s the higher levels of government.
‘While we can be hopeful that data on the device was encrypted, unless the device was rigorously kept updated, there’s always the possibility of security flaws being disclosed, forming a potential entry point for cybercriminals.
‘When the bad guys have unrestricted physical access to a device they can hack it at their leisure.
‘If it was an opportunistic theft, the best outcome is that the device will just be wiped and any sensitive data lost. Otherwise, there are concerns around constituent data and even national security.’
Mr Pinson-Roxburgh suggested that the houses of parliament needed to review their basic cyber-security policies and procedures.
‘No matter what the outcome, it’s a serious breach,’ he said.
‘Whilst technological solutions can help keep data safe in these situations, there’s no substitute for getting the basics right.
‘With so many parliamentary devices lost over the course of the last year, I’d say a review of basic policies and procedures is long overdue.
‘That the theft happened in the pub just reaffirms the importance of having remote working and bring your own device policies that actually caters for how your staff are using their devices. Your security defences are at their best when security is seen as an enabler, not a blocker.’
In its FOIA response, the Commons’ Information Compliance Team states that all devices supplied by the PDS are encrypted.
A UK parliament spokesperson said: ‘We provide advice to users – including members of both Houses – to make them aware of the risks and how to manage their equipment safety, however we do not comment on specific details of our cyber or physical security controls, policies or incidents.’
Do you have a story you would like to share? Contact [email protected]
For more stories like this, check our news page.
Source: Read Full Article