Parliamentary devices left in taxis, buses, trains and pubs

A total of 96 laptops, tablets, smartphones and other devices were lost by or stolen from parliamentary staffers between January 2019 and December 2020, with one device disappearing within Downing Street itself, according to data newly obtained under the Freedom of Information (FoI) Act by think tank Parliament Street.

The disclosed data revealed a total of 41 missing laptops, 36 tablets, 11 smartphones, and six Skype headsets. Predictably, devices were lost in or pinched from multiple locations, with 11 devices being left on trains, three on buses and six in cars.

Others vanished after taxi rides, were forgotten at airports or pubs, and lost in the post. In one incident, an unnamed House of Lords peer appears to have been mugged for their tablet by a thief riding a bicycle.

A total of 19 devices were reported as stolen and 47 as lost, and of those, only 17 were located and recovered, raising fears of potential data breach incidents should an unauthorised party have gained access to any of them.

Absolute Software’s Europe, Middle East and Africa area vice-president, Edward Blake, said devices used by parliament staffers contained a “goldmine” of confidential data that could be “lethal” if it fell into the hands of malicious actors.

“If a lost laptop ends up in the wrong hands, the organisation in question could be facing a far more costly predicament than first anticipated. Sophisticated cyber criminals can steal the data contained on these devices, access more business files, or intercept emails between colleagues, all with relative ease once a device has been compromised,” said Blake.

“Therefore, it is more critical than ever to have a permanent digital connection to every endpoint, as well as the ability to lock, freeze or wipe the device if it is at risk of being compromised,” he added. “It’s critical that parliamentary authorities have the necessary systems in place to track missing devices, enabling them to freeze and wipe lost or stolen laptops, protecting public data from fraudsters.”

The full dataset published by the Parliamentary Digital Service (PDS) can be accessed by the public online.

PDS noted it was the responsibility of the affected individual to report devices as lost or stolen and it had not been possible to record how reliably this was done, particularly for smaller items. It said lost or stolen kit is reported to both the police and the PDS itself, but because incidents may be reported to one or both entities, there may be discrepancies in the data.