Around 750 devices have gone missing... while encryption was rarely used by Glasgow City Council
Glasgow City Council has been slammed following a report that found IT theft was carried out on a "significant scale."
The report, from the council's chief inspector, was carried out after two laptops containing bank details of thousands of people were stolen.
According to the Herald Scotland newspaper, the report found 256 unsecured laptops and 487 desktop PCs are considered "unaccounted for" and could well have been stolen. The report is said to have uncovered IT theft that was "well organised, systematic and on a significant scale."
Worryingly the report claims none of the council's desktop PC estate was encrypted.
In addition to the devices missing from the council's headquarters, the report revealed that 37 other devices have been reported missing following 9 separate thefts at council buildings across the city. Devices stolen include 28 laptops, online one of which was encrypted, three BlackBerry smartphones, two desktop PCs, three USB sticks and a SIM card.
A further 53 laptops have been reported missing from the council's city centre offices, despite being held in a supposed secure area of the building.
"These losses referred to indicate that theft has occurred on a significant scale over a number of years from a 'secure area', and it would also appear to show that these thefts have been well-organised and systematic," the report states.
The incredible list of lost devices has drawn criticism from the security industry. Chris McIntosh, CEO, ViaSat UK, said it points to serious failings at the council.
"The ludicrous fact that two unencrypted laptops were returned and then lost the same day seems to show a lack of care form the council and its contractors," he said. "The controversial case where Glasgow City Council's mistakes led to the details of listed sex offenders entering the public arena via an unencrypted USB stick further demonstrates the damage that can be caused by a lax data protection policy."
"Organisations should act as responsible custodians of sensitive information they are charged with and ensure that any contractors or external organisations they work with are held to the same level of accountability," he added.