National Highways has misplaced over one hundred key devices, including hard drives, laptops and iron key storage devices, according to official figures.
A Freedom of Information Act (FOI) request, analysed by litigation practice Griffin Law, found that over the last five years National Highways has lost a total of 125 electronic devices, a number of which contained confidential data.
It found that, during the reporting period, eight laptops were lost or stolen, as well as a desktop computer, 69 mobile phones, 12 tablets, five iron key storage devices and four hard drives.
In 2021 alone, 17 phones were lost with another five being reported as stolen. A total of 31 different devices throughout the whole of 2021 year were misplaced, which Griffin Law claims could contain confidential information.
It also found that 2018 was the biggest year for device loss, with 20 phones and eight laptops misplaced, and six other devices lost, totalling 34 missing devices.
Phones topped the lost devices list, with 69 being lost and 11 being stolen across the five years. In 2021, 22 of these devices were listed as lost or stolen.
The news follows reports that some of the Isle of Wight council’s electric vehicle charging points were hacked last week to show porn sites on their screens.
Achi Lewis, area vice president EMEA of Absolute Software, said: “Now we are living in a largely hybrid working environment, managing and keeping track of a workforce and their devices has become more difficult than ever.
“Now rather than having all an organisation’s devices in one place, they are scattered around, increasing the attack surface for organisations, such as Highways England, and therefore requiring greater security measures.
“A resilient zero trust policy should be deployed to prevent malicious actors from breaching a lost or stolen device, or endpoint.
“This can be combined with solutions such as secure access controls, allowing the organisation to remotely shut off a misplaced device, protecting both the data on the device itself and the rest of the network, and stopping further costly data loss.”
Donal Blaney, Founder of Griffin Law, added: “The pen pushers that gave us ‘smart motorways’ that can’t keep drivers safe are now proving they can’t keep our data safe either.”
Philomena Lavery, National Highways director of information and cyber security, said: “We take responsibility for cyber security risks extremely seriously. All of our devices are encrypted and where possible undergo remote wiping if they are reported lost or stolen. We are confident that this helps to protect the confidentiality, integrity and availability of our information.
“More generally, National Highways is undertaking a significant programme to develop our cyber security approach going forward. This includes proactively working to identify and resolve potential future threats to the Strategic Road Network including those to equipment such as electric vehicle chargers.”
"The data for lost and stolen items covers a full five-year period and represents less than 0.5% of overall devices. As expected more than half of these items relate specifically to mobile phones.
"The accurate reporting of this data is testament to our management processes and ensures that any irregular losses are investigated immediately."