MP's laptop containing 'sensitive' data stolen on parliamentary estate

Police are investigating after a laptop containing ‘sensitive’ data was stolen from an MP’s office on the parliamentary estate.

The member arrived on a Monday morning to find that the device, which potentially contained constituency information, had vanished from a desk.  

He was unable to locate it after a search and reported the incident to parliament’s security office and digital service.

Enquiries by the MP and the staff he alerted established that the laptop had not been moved by a cleaner or taken for repair or use elsewhere.

Two Metropolitan Police officers then visited the office, a log of the incident in April 2022 released to Metro.co.uk under the Freedom of Information Act (FOIA) shows.

The Met said today that a man has been arrested as enquiries continue.  

The disclosure comes at a time of heightened concern over cybersecurity at Westminster, where the IT network is part of the Critical National Infrastructure. Data security protocols have reportedly been tightened at parliament over the past few months, where the network faces a high level of threat from cyber-attacks which could damage the national interest if the defences are breached.

Earlier this month, it emerged that a Chinese tracking device capable of transmitting location data was discovered inside a UK government car used to carry diplomats and senior officials. 

The partially redacted case report shows that the unnamed MP arrived at the office on April 25 last year and raised the alarm after discovering the parliamentary-supplied laptop was missing. 

The log created by the Parliamentary Digital Service (PDS), which provides IT support for MPs and Lords, reads: ‘Initially the laptop was thought to have been taken for repairs, but they have now confirmed it was stolen.’ 

A description of the data states: ‘The machine used by [redacted] for parliamentary business, might have contained constituent data, correspondence, his calendar and data etc…’

The theft took place between midday on April 21 when the MP left for the weekend and 10am on the day he returned, the log shows.

The MP reported: ‘We looked around the office to see if it had been moved by a cleaner or other contractor but couldn’t find anything.

‘Reported immediately to the Parliamentary Security Office and we have had 2 police officers visit the office. We have also reported to the PDS.’  

Another update reads: ‘The customer called to let us know that they think this laptop asset was loaned to the MP’s office due to the pandemic and that it was probably not his standard allocation.  

‘Please email them to let them know if it can be replaced?’ 

Under a question asking if the information was sensitive, the answer is ‘yes’.

A separate document shows that the laptop was stolen from an undisclosed location on the parliamentary estate and had not been retrieved at the time of the FOIA release on January 16 this year.  

The report has been released after Metro.co.uk revealed how MPs and Lords reported almost three dozen personal devices lost or stolen in the year up to November 2022.  

The IT kit included iPads, phones, laptops and a desktop.  

The House of Commons disclosed that two iPads were lost in taxis and the same number on airplanes, with a Lord reporting that a laptop had ‘gone missing’ at an airport. 

In the earlier disclosures, it was not stated which items were stolen.  

A spokesperson for the Met said: ‘We can confirm that we received a report on April 25, 2022 relating to the theft of a laptop from the Parliamentary Estate. One man has been arrested on suspicion of theft and released under investigation pending further enquiries. Enquiries continue.’ 

In its FOIA response, the Commons’ Information Compliance Team states that all devices supplied by the PDS are encrypted. 

A UK parliament spokesperson said: ‘We provide advice to users – including members of both Houses – to make them aware of the risks and how to manage their equipment safety, however we do not comment on specific details of our cyber or physical security controls, policies or incidents.’ 

Do you have a story you would like to share? Contact [email protected]

For more stories like this, check our news page.

Source: Read Full Article