BP spills private information of 13,000 individuals

Following the disclosure of the BP data loss disaster, which has put private information of 13,000 individuals at risk, Sophos is issuing a timely warning to individuals and businesses to take better care of their laptops, smartphones and other mobile devices.

The information, which includes the names, Social Security numbers, phone numbers, addresses and date of birth of individuals who had filed claims for compensation after the Gulf oil spill, had been comprised when a laptop containing the data was lost by a BP employee.

According to a BP spokesperson, while the laptop was password-protected, the information was not encrypted.

"The sobering part of this regrettable incident," said Paul Ducklin, Head of Technology, Asia Pacific, "is that it happened because a single unencrypted laptop was lost or stolen during routine business travel”.

"We all need to lift our game," warns Ducklin, "even in countries like Australia, where security breaches can simply be swept under the carpet thanks to the lack of mandatory disclosure laws. As far as I'm concerned, you have a clear moral duty not to take risks with data you keep about other people."

More information about the incident can be found on the Sophos Naked Security blog here:

http://nakedsecurity.sophos.com/2011/03/30/bp-in-troubled-waters-over-gulf-oil-spill-data-spill/

Paul Ducklin is available for comment on : +61 0407 320 515

Follow Paul Ducklin on Twitter: @duckblog