T 0.16 Theft of Devices, Storage Media and Documents

The theft of data storage media, IT systems, accessories, software or data, on the one hand results in costs for the replacement and restoring operational status. On the other hand, there are losses due to lack of availability. If confidential information is disclosed due to theft, this can result in further damage. Besides servers and other expensive IT systems, also mobile IT systems, which are unobtrusively and easily transported, are frequently stolen. However, there are also cases in which data storage media like documents or USB-Sticks were purposefully stolen to access confidential information stored there.

Examples:

• A notebook computer disappeared from the U.S. Department of State in the spring of 2000. In an official statement, it was not ruled out that the device could contain confidential information. Nor was there information given as to whether the device was protected by cryptographic or other measures against unauthorised access.
• A German Federal Office was repeatedly broken into through the same unsecured windows. Mobile IT systems disappeared along with other valuables. It could not be ruled out without a doubt that files were copied or manipulated.
• There were a number of data leaks in Great Britain, in which confidential documents were disclosed because data storage media were stolen. In one case, several computer hard disks were stolen from the British Air Force which contained personal information, collected by employees for security screening purposes.
• An employee of a call centre prepared copies of a large set of confidential customer data shortly before he had to leave the company. After leaving the company, he then sold this data to competitors. Since details about the incident were then published by the press, the call centre lost many important customers.