A laptop containing personal information on about 600,000 people was stolen from an officer in the Royal Navy, the Ministry of Defence revealed on Friday.
The laptop contained information about new and potential recruits to the Royal Marines, the Royal Navy and the Royal Air Force, and was stolen in Birmingham.
The stolen data includes passport details, national insurance numbers, family details and doctors' addresses for people who submitted an application to the forces, the ministry said. The laptop also contained bank details for at least 3,500 people.
"The Ministry of Defence is treating the loss of this data with the utmost seriousness," it said in a statement.
"This incident once again highlights the need for organisations to think long and hard about the data they allow employees to take off site on laptops and mobile devices. If it doesn't the MoD should definitely have policies and procedures in place to ensue sensitive data like this is not taken off site, " said Philip Wicks, a security consultant at the business and technology consultancy, Morse.
At a minimum organisations should "make sure that personal and sensitive data on laptops is always encrypted," he added.
Jamie Cowper, data protection expert encryption company PGP Corporation agreed.
“Whilst pledges have been made to bolster the Information Commissioner’s powers and beef up legislation – what the Government needs to do now is look for an immediate solution – i.e. encryption.
It is writing to people whose bank details were on the laptop and has notified the Association for Payment Clearing Services to watch for unauthorised access.
The ministry is investigating the theft with the West Midlands Police. The laptop was stolen on January 10, but the ministry said it didn't disclose the incident immediately for fear of compromising the investigation. It decided to go public with the loss after media reports surfaced about it on Friday, it said.
The laptop was stolen during the night from the car of a junior Royal Navy officer.
This is the latest in a string of data security lapses in Britain that have embarrassed the government and called into question its plan to create a central database of patient records for the National Health Service.
In November, HMRC data breach lost two CDs containing personal data on about 25 million Britons. The discs, which were encrypted and password-protected, were sent via interoffice mail and never arrived.
The following month, the Driving Standard Agency said it lost a disc containing the records of 3 million learner drivers, and soon after that the Department of Health said that nine of its regional NHS trusts had lost patient data, including medical records for about 160,000 children in East London.