A magistrates court computer server containing hundreds of thousands of files with sensitive personal information including details of witnesses and victims was put up for sale on eBay.
The Information Commissioner’s Office (ICO) has been investigating the security breach after being alerted to the theft of the device in June 2012. It declined to comment on the progress of the inquiry.
Justice Minister Helen Grant confirmed the blunder in an answer to a written Parliamentary question by Labour’s Andy Slaughter after details emerged in the Ministry of Justice’s annual report.
The network server was stolen during the decommissioning of Grade II listed Salford Magistrates Court which had operated in the city since 1825 until its closure in 2011 as part of the Government’s cost-cutting plans to shut 142 courts and tribunals.
Mrs Grant said that the £1,200 server had been returned but a police investigation found insufficient evidence to identify who had stolen it and no charges were brought. None of those whose details were included in the 400,000 files had been notified.
“Files recovered from non user-accessible areas of the server contained personal and sensitive data, including court documents and emails, but a detailed forensic analysis and audit did not identify any access to the files during the time the server was not under the control of MOJ and therefore no action has been taken to inform those affected,” she said.
The analysis revealed that an attempt had been made at reformatting the server and Windows OS installed via a web browser.
Mr Slaughter criticised the way the investigation had been handled and the failure to contact those whose private data might have been compromised. “Details of hundreds of sensitive files which could put victims and witnesses in criminal trials at risk have been stolen,” he said.
The ICO has recently issued a number of hefty fines to public bodies for breaching data rules. In July it fined NHS Surrey £200,000 after 3,000 patient records were found on a second hand computer that was bought on eBay. It described the breach as “truly shocking”.
In June North Staffordshire Combined Healthcare NHS Trust was fined £55,000 by the watchdog when sensitive medical details of three patients were accidentally faxed to a member of the public.