Digital Transformation

Staff at GEOAmey fall victim to data theft

A stolen laptop has meant the personal information of staff working at a security firm may have been compromised.

As many as 795 staff at security firm GEOAmey have had their data stolen after an employee took a laptop containing personal information home.

The unnamed member of staff had left the device at his house when it was taken by a burglar who broke in, although it is not believed it was directly targeted.

Among the unencrypted information being stored on the laptop were bank account details, addresses and phone numbers, so the people involved could have been left vulnerable to identity theft and having their personal accounts emptied of funds.

Staff at GEOAmey are responsible for the security of prisoners, as the firm has a government contract to transport criminals to and from courts.

A spokesperson for the company insisted the threat was not as great as may be imagined, because measures had been taken to ensure it could not be directly accessed.

"The data stored on the laptop related only to GEOAmey personnel, was password protected and accessible only with specialist software and knowledge in the vast majority of the cases," they added.

However, getting at the sensitive information could be easy for anyone with expert IT knowledge, so the workers involved have been given advice to help them guard against malicious use of their data.

"GEOAmey takes its data protection procedures extremely seriously and has reviewed and revised its processes following this isolated incident," the spokesperson added.

A review by the Information Commissioner could lead to a considerable fine for the security firm.

The news highlights the problems that can occur when staff physically take devices or memory sticks home instead of being given the facilities to access protected operations vie a company cloud.

Google Enterprise director of security Eran Feigenbaum recently told ZDNet that no organisation is immune to attack – and working with a cloud service provider could help minimise the impact from data breaches or leaks.