recommended reading

Threatwatch

UK Anti-fraud Agency loses 32,000 pages involving BAE probe

Insider attack; Misplaced data

The Serious Fraud Office mistakenly sent thousands of confidential files from an investigation into British weapons-maker BAE Systems to the wrong person.

It took the office a year to realize the files had been misplaced.

An SFO spokeswoman said: "The SFO has a duty to return material to those who supplied it, upon request, after the close of an investigation. In this instance the party requesting the return was sent additional material which had in fact been obtained from other sources." Officials said the recipient was not BAE.

Around 32,000 pages of documents, 81 audio tapes and computer records went to the unidentified individual.  

About 60 sources had provided the office with the materials. The office is not disclosing the contents of the mishandled files.

The documents were compiled during a six-year, high-profile investigation into allegations that BAE paid bribes to secure lucrative arms contracts around the world.

Eddie Cunningham, one of the whistleblowers who gave confidential information to the SFO during its probe, said: "I am quite astounded. My concern is who got this information and whether it has been copied. This gives one a lot of concern about passing information to a government body that had been so lax."

The government notified Cunningham about the breach on August 8, more than a year after the incident.  “He received a letter on Thursday from the SFO which admitted that the data could have been copied or shown to others.”

The missing data accounted for 3 percent of all the data in the probe. About 98 percent of the contents have been recovered so far.

Labour MP Emily Thornberry, shadow attorney general, said:  “How did this happen? What category of documents are we talking about here? Who received them by mistake? How much of the evidence has been destroyed? What is the government doing to ensure that this never happens again?”

sector

Defense Industrial Base; Government (U.S.); Government (Foreign); Government (International)

reported

August 8, 2013

reported by

The Guardian

number affected

Unknown

location of breach

UK

perpetrators

Employees

location of perpetrators

UK

date breach occurred

Some point between May 2012 and October 2012

date breach detected

May 2013