14 DAY TRIAL // A leaked Royal Air Force memo has again attracted the media's attention to the data breach incident at the RAF Innsworth base in Gloucestershire, from September last year. The BBC reports that personnel data stored on the stolen USB drives also included answers to vetting questionnaires with very personal questions, which can easily be used to blackmail officers.
Back in September 2008, we reported about a security blunder at the Service Personnel and Veterans Agency offices from the RAF Innsworth base, when three USB storage devices disappeared from a secure location. Ministry of Defense spokespersons said that the devices were stolen and that two of them contained appraisal records on more than 50,000 retired and active military personnel.
Such data includes a person's name, service number, address, birth date, where they served, what promotions they got and why, as well as what medals they were awarded. However, according to an RAF internal memo sent by a wing commander and obtained by the BBC, "details of criminal convictions, investigations, precise details of debt, medical conditions, drug abuse, use of prostitutes, extra-marital affairs including the names of third parties" also went missing with the hard drives.
Such details are gathered during a process called vetting, which is used to establish if an officer is given security clearance to highly sensitive information. The questions are very personal and hard to answer, but they serve as indication of whether the officer can be later blackmailed or not. "By not declaring that highly sensitive vetting information has been lost, I am concerned that we, the RAF, will be accused of attempting a cover up," the unnamed officer also wrote in the letter.
Ironically, this same information can now be used by whoever stole the drives to do exactly what the RAF feared when gathering it – blackmail. The Ministry of Defense (MoD) did not inform the Information Commissioner's Office or the Parliament about such data being contained on the lost devices and, when asked about it, said it handled the incident very seriously and informed everyone affected in person.