A contractor has lost a laptop containing the personal details of 3,000 people in Suffolk Coastal District Council.
The data, which was unencrypted, was on a machine stolen from the home of an employee of LalPac, which provides specialist licensing software and services to more than 140 councils.
Council leader Ray Herring said the council has suspended work with LalPac and that it would write to all those whose details were on the laptop. The council is considering further action over the security failure.
Ray Herring, the council's leader, said data hand been handed to LalPac in an encrypted file. He told the east Anglian Daily Press, "We had followed all the rules but we have to face the criticism caused by someone else's actions. I can only offer sincere apologies to those affected and reassure everyone that we will redouble our efforts to ensure that data in future is dealt with in as secure a fashion as possible."
The council said there was no financial data on its 3,000 files on the stolen machine, while LalPac said most of the data was publicly accessible on request from the council.
Apologising for the breach, LalPac director Nicola Wallace said, “We have been innovating software management solutions and associated products and services for licensing authorities and other customers for over 22 years and are considered to be leaders in our field. We have comprehensive security systems in place to ensure our customers’ data is protected at all times and until this unfortunate and isolated incident occurred, have never had any kind of security breach.
“We have a very clear policy of encrypting all data received into our company, worked on by our staff, and returned to our customers. Unfortunately, on this occasion, the data on the employee’s laptop was unencrypted because he had been working on it.”
Follow highlights from ComputerworldUK on Twitter