The Glasgow City Council recently announced that a laptop that contained data on 17,692 companies and 20,143 individuals was recently stolen. Data on the device included names and addresses, as well as the bank account details of 10,382 companies and 6,069 individuals.
"Affected customers include suppliers, people receiving winter fuel payments and people in receipt of care grants," STV reports.
The laptop was one of two stolen during a break-in at the council offices in late May, but the council says the full extent of the breach didn't become apparent until June 6. The laptop was not encrypted, but it was password-protected.
"Because the laptop was stolen from inside a building rather than lost outside it, the ICO might view the lack of encryption in a more benevolent light," writes Computerworld's John E. Dunn. "The only security applied to the machine was a boot or application password, no barrier to a determined hacker."
"A full internal audit is being carried out," BBC News reports. "A council spokesman said: 'We are in the process of writing to the people affected by this theft to alert them to the data loss and offer them advice about what steps they might need to take.'"
"The council clearly has some questions to answer," Infosecurity reports. "Why was this data stored on a laptop? Why was the laptop unencrypted? And why did it take more than a week to realize what was on the laptop?"