Thousands of UK government laptops, phones and tablets worth more than £1m have been either lost or stolen, freedom of information disclosures have revealed, triggering warnings of a “systemic risk” to the nation’s cybersecurity.
The Department for Work and Pensions recorded 240 missing laptops and 125 missing phones in 2024; while in the first five months of this year the Ministry of Defence recorded 103 missing laptops and 387 missing phones. The Cabinet Office, which coordinates government activity, lost or had stolen 66 laptops and 124 phones in 2024.
The replacement cost of the more than 2,000 missing devices recorded across 18 Whitehall departments and public authorities in the last year for which figures are available is running at about £1.3m annually, according to Guardian analysis of freedom of information responses. The Bank of England, HM Treasury and the Home Office were among other departments where dozens of phones and laptops went missing.
Cybersecurity experts said the losses could enable hackers to create backdoors into government systems even if large parts of the hardware were encrypted. One called it “a huge national security risk”, but the government downplayed the danger, saying that encryption prevented access to bad actors.
“These are surprisingly large numbers,” said Prof Alan Woodward, a cybersecurity expert at the University of Surrey. “When you are talking about so many [it creates] a large attack surface [for hackers]. If 1% were system administrators who had their phones stolen, that’s enough to get in.”
He said that if devices were open when stolen, as frequently happens with phones snatched on the street, criminals could keep them open and “drill down into the device and once the phone is open, by design it is readable and accessible”.
The Ministry of Defence said it had robust policies and procedures to prevent losses and thefts. It said: “Encryption on devices ensures any data is safeguarded and prevents access to the defence network.”
The Bank of England said it “takes the security of devices and data very seriously and has suitable protection in place”.
A government spokesperson said: “We take the security of government devices extremely seriously, which is why items such as laptops and mobile phones are always encrypted so any loss does not compromise security.”
It added that every loss or theft was investigated.
“The device loss seems quite high,” said Nick Jackson, the chief information security officer at Bitdefender, a cybersecurity firm. “It only takes one lost [device] to compromise a network. It poses a systemic risk and is something that could potentially be taken more seriously especially given the access and connections that department will have.”
after newsletter promotion
He said laptops were likely to have encryption, but tablets or phones presented a greater risk.
Jackson said: “The biggest risk is that the devices themselves will have access to sensitive information and authentication tokens. If someone was able to gain access to those they would be able complete authentication processes on any government application or government website that they shouldn’t be able to access.”
The Department for Science, Innovation and Technology, which is responsible for cybersecurity, recorded 83 phones and 18 laptops lost or stolen in the year to May 2025. In 2024, the Home Office, which oversees policing, had 147 devices go missing at an estimated replacement cost of more than £85,000.
An MoD spokesperson said: “We treat all breaches of security very seriously and we require all suspected breaches to be reported. All incidents are subjected to an initial security risk assessment, with further action taken on a proportionate basis.”
David Gee, the chief marketing officer of Cellebrite, a digital forensics and cybersecurity firm that works with the Metropolitan police, said: “Missing devices pose a huge national security risk, especially coming from public sector departments where they hold vast amounts of sensitive data. From healthcare departments to defence, staff phones and laptops must be protected at all costs, and keeping data safe in these government agencies should be a top priority.”
Click Here For The Original Source.
