Turns out, disk encryption wasn't turned on.
The Ministry of Justice was fined about $300,000 for losing a device with prison records, after not realizing one must turn on disk encryption for it to function, the Financial Times reports.
This was a repeat offense for the department, following a similar case in October 2011, when an unencrypted hard drive containing the details of 16,000 prisoners was lost.
The most recent incident in May 2013 involved an unencrypted back-up hard drive at a jail in Wiltshire that contained confidential information on about 2,935 inmates, including details of links to organized crime, health data, and material about visitors.
The thing is, the Prison Service in May 2012 had issued new hard drives with encryption capabilities to each of its 75 prisons in England and Wales – to prevent this very sort of incident.
Read the rest at ThreatWatch, Nextgov’s regularly updated index of cyber breaches.
And find out even more on “NG Cybersecurity,” our new iPhone app.