100,000 Britons have pension data stolen

Laptop containing highly sensitive data on 109,000 penions members stolen

Confidential data was given insufficient protection

The Pensions Trust has confirmed that a laptop containing confidential data on 109,000 Britons was stolen from the offices of its software provider, NorthgateArinso.

The laptop contained data from 2007, including names, addresses, National Insurance numbers, salary details and in some cases bank details. The data was not encrypted, but the laptop had password protection.

"I can confirm that The Pensions Trust has now withdrawn access to personal member data from NorthgateArinso and has also instructed them to delete any existing personal member data they hold," said Lynda Howe, chair of Verity Trustees, which owns The Pensions Trust's assets.

The Pensions Trust has apologised for the loss of the information and written to all people affected. It has also appointed CIFAS, the UK's fraud prevention service, to provide additional safeguards for those affected.

The BBC reported that NorthgateArinso was using the information in internal training.

The use of genuine data in training and systems testing is a controversial practice. Many IT chiefs believe that dummy data is not sufficiently realistic or robust for simulations, and prefer to use live data.

But as Tony Lock, programme director at analyst Freeform Dynamics, said in a recent Computing web seminar, in such circumstances firms should be using masking technology to protect the data.

"More than 70 per cent of firms we research admit to using live data," he said.

But the level of awareness across the business that live data is being used is extremely low, increasing the risk that the data will not be adequately secured, added Lock.