The following is a list of UK government data losses. It lists reported instances of the loss of personal data by UK central and local government, agencies, non-departmental public bodies, etc., whether directly or indirectly because of the actions of private-sector contractors. Such losses tend to receive widespread media coverage in the UK.
 |
| Date | Department | Number of records lost | Narrative | References | |
|---|---|---|---|---|---|
| 2025 | Legal Aid Agency | Breach of personal data concerning applicants for legal aid (both civil and criminal) and their legal representatives. | |||
| 2025 | Ministry of Defence | 3,700 | Details of Afghans being resettled in the UK were lost following a data breach by a subcontracter. | ||
| 2024 | Ministry of Defence | Names and bank details of serving military personnel lost following hack to payroll system. | |||
| 2024 | Leicester City Council | 1.3 TB | Ransomware attack led to the publication of large quantities of personally identifiable information including rent statements, applications to purchase council housing under Right to Buy, and accompanying identity documents. | ||
| 2023 | Police Service of Northern Ireland | Details of all police employees accidentally published on WhatDoTheyKnow in response to a request under the Freedom of Information Act 2000. (See: PSNI data breaches) | |||
| 2023 | Metropolitan Police | 47,000 | Contractor who supplies ID cards to the Metropolitan Police was subject of a ransomware attack. Ransomware attackers had access to information about 47,000 police staff (including police officers) and contractors, including name, photo, rank and vetting status. | ||
| 2023 | August | Norfolk Constabulary and Suffolk Constabulary | 1,230 | Police in Norfolk and Suffolk accidentally published personal details of sexual abuse victims, witnesses and suspects on their website in response to a request under the Freedom of Information Act 2000. | |
| 2023 | July | Ministry of Defence | A number of emails were sent to .ml domains (rather than ".mil") due to human error. | ||
| 2022 | Ministry of Defence | 19,000 | Spreadsheet containing details of Afghans fleeing the Taliban accidentally leaked by UK Special Forces headquarters official. A High Court injunction was sought to forbid publication of the data until 2025. | ||
| 2022 | Electoral Commission | Names and addresses of all registered voters in the United Kingdom (except anonymous registrations). | |||
| 2021 | Department for Work and Pensions | Court bundles for Child Maintenance appeals were sent out with personal information unredacted, including the address of a person whose ex-partner had a history of domestic violence. | |||
| 2020 | Public Health Wales | 18,105 | Initials, date of birth, geographical area and sex of those who tested positive for COVID-19 were published online due to human error. | ||
| 2020 | Department for Work and Pensions | 6,000 | National Insurance numbers of 6,000 disabled benefits claimants were publicly accessible for two years. | ||
| 2020 | NHS Scotland, Lanarkshire | 500 | Clinical information concerning 500 patients was shared through unauthorised WhatsApp groups. A third party was added to said groups and discovered the material. | ||
| 2019 | Cabinet Office | 1,000+ | CSV file of New Year Honours recipients was published online, with personal address details for some recipients. | ||
| 2017 | Independent Inquiry into Child Sexual Abuse | 90 | Emails were sent via CC rather than BCC, revealing 90 names of victims of child sexual abuse. | ||
| 2017 | Heathrow Airport | 2.5GB / 76 folders | Lost unencrypted USB storage device containing complete security information for Heathrow airport including badges, maps, CCTV camera locations, etc. | ||
| 2015 | Ministry of Defence | British Army footage and photographs of Operation Motorman were found to be missing. | |||
| 2014 | Foreign Office | Records of Diego Garcia flights and the UK's role in the CIA rendition programme were destroyed by water damage. | |||
| 2014 | Home Office | 114 | Files linked to 1980s Westminster paedophile ring allegations were found to be missing. (See also: Westminster paedophile dossier.) | ||
| 2013 | Serious Fraud Office | Documents related to the investigation of BAE Systems were lost accidentally. The data amounted to 32,000 physical pages of text, 81 tapes of audio, and other electronic media. | |||
| 2013 | November | Suffolk County Council | An unencrypted USB memory stick was found containing information from the county’s adult and community services department. It had internal memos and copies of e-mails about forthcoming projects – and it also had tables containing the names of clients. | ||
| 2013 | July | NHS Greater Glasgow and Clyde | 60 | A folder containing patient records was found in a car park and handed in by a member of the public. | |
| 2012 | Greater Manchester Police | over 1,000 | An unencrypted USB stick containing details of witnesses with links to serious criminal investigations that was being kept in a police officer's house was stolen in a burglary. The force was fined £120,000. | ||
| 2012 | South London NHS Trust | 600 | Records on 600 maternity patients and their newborn children were lost by misplacing unencrypted USB sticks. | ||
| 2012 | May | NHS Surrey | 3,000 | Computer used by the NHS was sold on auction website eBay without being properly cleansed of patient records. | |
| 2012 | February | Office for Nuclear Regulation (ONR) | A memory stick containing a safety assessment of a nuclear power plant in north-east England has been lost by an official. The unencrypted USB pen drive, containing a 'stress test' safety assessment of the Hartlepool plant. | ||
| 2011 | February | Powys County Council | A file containing details of a child protection case was leaked accidentally. The council was fined £130,000. | ||
| 2010 | September | Brighton General Hospital | Hard drives containing patient data were stolen. | ||
| 2008 | November | Department for Work and Pensions | n/a | USB memory stick, apparently encrypted and containing passwords for an old version of the Government Gateway, a website giving access to millions of records of personal data. | |
| 2008 | October | Ministry of Defence | 1,700,000 | Hard drive being held by contractor EDS is found to be missing. | |
| 2008 | September | Service Personnel and Veterans Agency | 50,500 | Three USB portable hard drives with details of staff are allegedly stolen from a high security facility at RAF Innsworth. The Agency holds records on 900,000 current and former personnel. Stolen records included sensitive information about the private lives of senior staff. | |
| 2008 | September | National Offender Management Service | 5,000 | A hard drive containing details of 5,000 employees of the National Offender Management Service was lost by EDS. | |
| 2008 | September | Insolvency Service | 400 | Names, addresses and bank details of up to 400 directors of 122 firms were lost when four laptops were stolen from a Manchester premises. | |
| 2008 | September | Tees, Esk and Wear Valleys NHS Trust | 200 | Memory stick with details of patients found in a public park. | |
| 2008 | August | Home Office | 84,000 | PA Consulting lost an unencrypted memory stick containing details of high risk, prolific and other offenders. | |
| 2008 | August | Colchester Hospital University NHS Foundation Trust | 21,000 | A manager's unencrypted laptop holding patient addresses and treatment details is stolen from his car whilst on holiday in Edinburgh | |
| 2008 | January | Royal Navy | 600,000 | A Royal Navy officer's laptop was stolen that contained the details of 600,000 applicants and others who had expressed interest in joining the Armed Forces including both the Navy, Marines and Air Force. | |
| 2007 | December | Department for Work and Pensions | 45,000 | West Yorkshire benefit claimants' in data lost. | |
| 2007 | December | Department for Work and Pensions | 000s | CDs with personal data found at the home of a former contractor. | |
| 2007 | November | City and Hackney Teaching Primary Care Trust | 160,000 | "Heavily encrypted" disks containing details of children are lost by couriers. The loss prompted the agency to implement hard drive and USB memory stick encryption systems across all PCs. | |
| 2007 | November | Foreign and Commonwealth Office | 50,000 | Details of visa applicants were made available on an FCO website. | |
| 2007 | November | HM Revenue and Customs | 25,000,000 | Two CDs containing details of the families of child benefits claimants went missing in the post. HMRC's handling of data was described as "woefully inadequate" and staff were described as "muddling through" in a June 2008 Independent Police Complaints Commission report. | |
| 2007 | July | Ministry of Justice | 5,000 | Hard disk with details of HM Prison Service staff is lost on the premises of EDS. | |
| 2007 | May | Driving Standards Agency | 3,000,000 | Hard disk with details of candidates for the driving theory test was lost in a premises in Iowa by subcontractors. | |
| 2007 | May | Foreign and Commonwealth Office | 50 | Details of individuals made public after "unauthorised disclosure by a contractor" | |
| 1961 | Foreign Office | Many of the most sensitive documents from the UK's colonial era were destroyed under the direction of Secretary of State for the Colonies Iain Macleod. | |||