The Forensic Telecommunications Services (FTS) has confirmed the theft of a computer server containing thousands of top-secret mobile phone records and evidence from undercover terrorism and organised crime investigations. The company – whose clients include Scotland Yard and the Crown Prosecution Service – has assured the public that the server is security protected, and the breach will not compromise ongoing police operations.
The company announced the following: FTS can confirm that the company was recently the victim of a break-in at one of our premises in Kent. As a result, some IT equipment including a server was stolen.
The server, which is security protected, contained administrative data and details of some case files in relation to FTS’ forensic work. In the unlikely event that the server was accessed, non of the data stored on the server in any way compromises ongoing police operations.
The information is made up of either old cases that have passed through the judicial process, or cases that are already in the judicial system and so subject to full disclosure to both defence and prosecution teams.
All the data was restored within 24 hours due to FTS’ business continuity measures. As a result of this incident FTS is undertaking a full and comprehensive review of security across the whole company.
FTS are working closely with the police and assisting with their investigations. As with many other similar forensic service providers who are contracted by the police, FTS will not discuss the nature of our workload.
Jamie Cowper from PGP Corporation commented the situation:
“What this particular case highlights is that – as well as putting internal security measures in place – organisations really need to be more cautious of the third party companies that they entrust sensitive information to.
Due to the nature of its work, it is likely that the FTS has a stringent information security policy. However, any company which outsources without a thorough assessment of the threat status of all third party contractors runs the risk of rendering existing corporate security policies useless. In order to enforce an enterprise data protection strategy, organisations MUST account for every eventuality – wherever data rests.
In any case, the immediate disclosure and swift action taken by the FTS following the breach is yet another positive indication that organisations are beginning to take data protection seriously.”