The news story linked above talks about the UK Government losing 25 million records containing names, addresses, national insurance numbers and bank details.
Apparently the data was password protected but not encrypted, Now depending on the application used there may be some encryption there. I'm hoping that the data is an encrypted database that also has a password on it which is where the confusion is coming from but why do I have a feeling that it's just a CSV file?
The thing is, this is NOT NEWS. It's happened before, there have been reviews and procedures created yet it KEEPS happening. It happens in pretty much all companies and yet no one seems to care.
I, for the life of me, cannot work out why security is second fiddle. With word terrorism, bank fraud, phishing and everything else why am I and other members of the IT security industry still fighting an uphill battle? What is it going to take to get security onto the agenda?