T 5.4 Theft

Theft of data media, IT systems, accessories, software, or data not only results in the expense of having to replace the equipment or restore it to working order, but also in losses resulting from a lack of availability. In addition, damage can arise from a loss of data confidentiality and the consequences of this loss.

Mobile IT systems, which are easy to transport inconspicuously, are often targeted for theft as well as expensive IT systems such as servers.

Examples:

• During the spring of 2000, a notebook disappeared from the US State Department. In an official statement, it was stated that the possibility that the notebook contained confidential information could not be ruled out. Nor was it known whether the machine was protected against unauthorised access by encryption or any other means. A warning had already been issued during security inspections about inadequate security checks.
• In a German government office, several break-ins occurred through the same unprotected window. Some mobile IT systems disappeared in addition to other valuable items. It was impossible to completely rule out the possibility that documents had been copied or manipulated.
• In the United Kingdom, there was a series of data privacy violations in which confidential documents were disclosed because the corresponding data media had been stolen. In one case, computer hard disks containing highly personal information recorded during security checks of the staff were stolen from the Royal Air Force.
• An employee of a call centre made copies of large amounts of confidential customer data shortly before he was forced to leave the company. After leaving the company, he sold the data to competitors. Since details of the incident eventually reached the press, the call centre lost many important customers.