Ooops! UK Serious Fraud Office suffers biggest ever data breach

When we think about data loss, we often immediately think about theft – hacking, phishing or malicious insider activity. But the reality is that most data is lost through mundane human error, like hitting “reply all” to an email intended for one person, or attaching the wrong file to a message.


9 August 2013

When we think about data loss, we often immediately think about theft – hacking, phishing or malicious insider activity. But the reality is that most data is lost through mundane human error, like hitting “reply all” to an email intended for one person, or attaching the wrong file to a message. In research conducted last year, Forrester found that accidental mishandling of data was easily the leading cause of corporate data loss.

Similarly, this was also the case with the UK’s Serious Fraud Office, a government body roughly equivalent to the US Department of Justice. This week they admitted to sending a staggering 32,000 documents and hundreds of multimedia files related to a criminal investigation of the defense contractor BAE to the wrong people. The files came from over 50 different sources and even though the breach occurred last year, the SFO still hasn’t recovered all of the information.

A reasonable reaction to this story is disbelief: How could a government agency, entrusted with prosecuting self-described ‘serious’ fraud, make such a colossal blunder? The Independent even renamed the office the Serious Farce Office, and you can see why.

The officer in charge of information risk at the SFO has already left the organization, but we have some key advice for his replacement.

First, accept that mistakes happen. Big mistakes. We’re all vulnerable to these kinds of lapses. When we conducted research earlier this year, almost 65% of the 200 professionals we surveyed admitted to having emailed information to the wrong person within the last month.

Second, take precautions so you can guard against these problems. Intralinks VIA™, our secure enterprise collaboration solution, contains ‘UNshare’ functionality that makes it possible to retract access to a shared file at will. Perhaps the SFO should think of what tools might help them prevent a blunder like this in the future.



Ian Bruce

Ian Bruce

Ian Bruce is the VP of Corporate Communications at Intralinks. He has 20 years of international marketing experience across software, hardware, consulting, and financial services at both VC-backed start-ups and large multinationals. Prior to joining Intralinks, Ian held various marketing and communications roles at Avid Technology, HP, Novell, Systinet, and CSC.