MPs and gentlemen lose ‘sensitive’ iPads on planes, taxis and on trains

MPs and gentlemen lose ‘sensitive’ iPads on planes, taxis and on trains

Caption: MPS and Lords lose

MPs and Lords have reported 33 personal digital devices provided for their use by Parliament as either lost or stolen during 2022 (Image: Getty)

MPs and the Lords have reported almost three dozen personal devices lost or stolen with some of the kit left on planes and in taxis.

Thirty-two gadgets have gone astray while in the possession of MPs up to November this year, newly released data shows.

The IT kit, which has disappeared amid concerns over the handling of data by ministers, includes iPads, phones, laptops and a desktop computer.

The House of Commons previously revealed 27 devices were lost or stolen, and the House of Lords said five were unaccounted for.

However, few other details, such as the circumstances of the losses and whether the police were involved in any of the cases, were released in the partial and redacted responses to requests by Metro.co.uk under the Freedom of Information Act.

After further enquiries, the Commons revealed that two iPads were lost in taxis and the same number on planes.

Lords responded that of five devices lost or stolen while in the possession of members, an iPad went astray on a train and a laptop had “disappeared” at an airport. In one of the other incidents, records show that the passport holder later contacted the Parliamentary Digital Service (PDS) to report that a laptop had been found.

Access to physical devices can provide a window of opportunity for hackers, according to cybersecurity experts (Image: Getty Images/iStockphoto)

Access to physical devices can provide a window of opportunity for hackers, according to cybersecurity experts (Image: Getty Images/iStockphoto)

In the Commons, the missing set includes nine iPads with mobile data, with an MP losing one of the devices along with a laptop. In the Lords, the missing items include a ‘desk’, about which no further information is given other than that it had ‘gone away’ from Parliament’s property.

Lords said: ‘The House administration has no further information on record about the circumstances leading to the loss.’

The occurrences across both houses are categorized as either “lost” or “lost/stolen”, with no cases where theft is the only marker.

All but one of the incidents, the loss of a personal phone, involved IT kits provided by Parliament, according to the data sets.

Marijus Briedis, a cybersecurity expert at NordVPN, said: “No matter how much you implement good security measures like encryption, strong passwords and virtual private networks, losing a device is still a big security risk. Although technology can often be wiped remotely, this will not always be possible, especially if the device is a targeted theft.

High-level public data should be strictly protected from hostile actors, according to cybersecurity experts (Image: Getty Images/iStockphoto)

High-level public data should be strictly protected from hostile actors, according to cybersecurity experts (Image: Getty Images/iStockphoto)

“In the world of corporate espionage and state-sponsored espionage, this is common practice. If you carry sensitive information on devices, there are tools like Apple’s Separation Alerts that tell you when you’ve left a device behind.

“There are also third-party apps for both Apple and Android that perform the same function, so there’s really no excuse for losing technology unless there’s been deliberate theft.

“Retrieving devices with cellular data is even easier because a Good Samaritan will likely hear you ringing your phone or iPad and answer the call, even when you’re not on WiFi.

“Some MPs may not be fully aware that these solutions exist, or what to do when they realize they have left a device behind.”

The House of Commons has refused to release the names of MPs and Lords whose devices have been lost or stolen (Image: Reuters)

The House of Commons has refused to release the names of MPs and Lords whose devices have been lost or stolen (Image: Reuters)

In October, Liz Truss’ phone was reported to have been hacked by Russian agents while she was Foreign Secretary.

The breach was said to have taken place during the summer’s Conservative leadership campaign, but to have been suppressed from public disclosure until afterwards. Agents suspected of working for Russia had been responsible for the alleged hacking, according to the Mail on Sunday.

The government has declined to comment on the exact case, but has said it has “robust systems in place to protect against cyber threats”.

Oliver Pinson-Roxburgh, chief executive of cyber security firm Defense.com, previously told Metro.co.uk: “It is vital that those in positions of power and responsibility who have access to huge amounts of sensitive data take their commitments to keep that data secure seriously. This particularly applies to government officials with access to the public’s personal data.

“Security is not a theoretical or administrative issue, it is very real and a lack of understanding that it can have huge consequences in the real world.

“While there are tools that can secure lost devices, this is no excuse for failing to follow security best practices, and no method is foolproof.

“Not every lost device will end up in the hands of foreign agents or organized cybercrime gangs, but from an information security standpoint, you can’t assume it won’t, especially when you’re dealing with high-level government positions.”

The items may have gone missing from anywhere on Parliament property or elsewhere and it is the responsibility of individuals to report incidents to the PDS, the responses said.

In its response, Commons said: ‘It is not possible to record how reliably this is done, especially for smaller or less valuable items.’

The Commons and Lords stated in their responses that the data provided for 2022 is not at the same level or higher than previous years because the PDS has changed the way it stores the information.

A spokesperson for the UK Parliament said: “We provide advice to users – including members of both houses – to make them aware of the risks and how to manage their equipment security, but we do not comment on specific details of cyber or physical security controls, policies or events.’

Do you have a story to share? Contact [email protected]

For more stories like this, check our news page.

See also  FTX breaks - and then gets hacked

You may also like...

Leave a Reply

Your email address will not be published. Required fields are marked *