Apricorn’s Annual Findings on Data Breaches Amongst Local Councils

Apricorn, a leading manufacturer of software-free, 256-bit AES XTS hardware-encrypted USB drives, has raised alarm bells with its recent findings from the annual Freedom of Information (FoI) responses into data breaches and device loss amongst 27 local councils.

The report revealed that a staggering 5,000 breaches were recorded in 2023, with 17 of the councils reporting a significant number of breaches. Kent County Council led the pack with 734 breaches, closely followed by Surrey County Council with 665 and Norfolk Council with 605. Other notable mentions include Warwickshire County Council (495) and East Sussex (490).

Jon Fielding, Managing Director at Apricorn, expressed concern over the excessive number of breaches and emphasized the importance of robust data protection measures. Fielding recommended comprehensive training programs to educate employees on safeguarding data and proper protocols in case of device loss or theft.

Furthermore, Apricorn highlighted the vulnerability of some councils due to inadequate security measures. For instance, Warwickshire County Council admitted to not encrypting its devices and relying solely on Multi-Factor Authentication (MFA) for access. Similarly, Surrey County Council’s lack of device tracking and management raised serious concerns about data security.

Fielding stressed the importance of deploying removable storage devices with built-in hardware encryption to safeguard customer data offline. Failure to do so, as seen in the case of Lancashire County Council, can result in severe consequences, including financial penalties and reputational damage.

Apricorn reiterated the need for councils to prioritize data management practices and implement stringent measures to protect customer data. With data breaches on the rise, it is imperative for councils to address their security shortcomings to maintain accountability and trust with constituents.