Data Breach Exposes RAF Staff to Blackmail
Posted using ShareThis
Executive summary of the article: Audio recordings of security clearance interviews are stored on an un-encrypted hard drive that goes missing…
This illustrates a break down in not just one system, but several. The obvious failure to protect physical security is bad. The hard drive should have been a controlled item, with proper labeling, and inventoried with the rest of the equipment.
The infosec controls were bad. You’ve got sensitive data on a drive, you should encrypt the drive.
The admin controls were also bad. Why is the material recorded? Why are the recordings kept?
All this badness combines to create a really horrible problem for the RAF. Someone, somewhere, now has audio of RAF employees that can be used to discredit the service or to exploit the individuals. Even if the RAF pulls the clearances and re-assigns the employees, now the RAF has to scramble to replace people in trusted positions. It’s a bad day for the RAF…