UK (Parliament Politics Magazine) – Over 2,000 UK government devices worth £1.3m were lost or stolen, raising cybersecurity fears over sensitive data and potential hacker access.
As reported by The Guardian, FOI data reveals thousands of UK government devices worth over £1m are missing, sparking fears of a major cybersecurity threat.
How did the UK government lose over 2,000 devices worth £1.3m?
In 2024, the Department for Work and Pensions reported 240 laptops and 125 phones missing. Meanwhile, the Ministry of Defence revealed 103 laptops and 387 phones were lost in just five months of 2025. The Cabinet Office reported 66 laptops and 124 phones lost or stolen in 2024, according to official data.
Over 2,000 devices were lost or stolen across Whitehall departments and agencies in the past year. FOI records show an estimated annual cost of roughly £1.4 million.
Phones and laptops were also reported missing from major departments, including the Bank of England, HM Treasury, and the Home Office.
The department handling UK cybersecurity reported the loss or theft of 101 devices by May 2025, including 83 phones.
What did cybersecurity experts warn about the missing devices?
Cybersecurity experts raised concerns that missing government devices could let hackers exploit encrypted systems and build backdoors into secure networks.
Prof Alan Woodward, a cybersecurity expert at the University of Surrey, said,
“These are surprisingly large numbers. When you are talking about so many [it creates] a large attack surface [for hackers]. If 1% were system administrators who had their phones stolen, that’s enough to get in.”
The expert warned that some devices, if unencrypted, permit full access to their contents. Once open, the device becomes readable and usable by design, he explained.
What did the MoD and Bank of England say about missing devices?
The Ministry of Defence claimed it has strong systems in place to avoid security breaches caused by missing equipment.
It added,
“Encryption on devices ensures any data is safeguarded and prevents access to the defence network.”
The Bank of England stated that it “takes the security of devices and data very seriously and has suitable protection in place.”
What did the government say about lost devices?
A government spokesperson stated,
“We take the security of government devices extremely seriously, which is why items such as laptops and mobile phones are always encrypted so any loss does not compromise security.”
What did Nick Jackson say about the risk of lost devices?
Nick Jackson, the chief information security officer at Bitdefender, a cybersecurity company, stated,
“The device loss seems quite high. It only takes one lost [device] to compromise a network. It poses a systemic risk and is something that could potentially be taken more seriously especially given the access and connections that department will have.”
According to him, laptops are usually encrypted, but phones and tablets are more exposed to breaches.
Mr Jackson added,
“The biggest risk is that the devices themselves will have access to sensitive information and authentication tokens. If someone was able to gain access to those, they would be able to complete authentication processes on any government application or government website that they shouldn’t be able to access.”
What did David Gee say about the security risk of missing devices?
David Gee, marketing chief at Cellebrite – a cybersecurity firm aiding the Met Police, said,
“Missing devices pose a huge national security risk, especially coming from public sector departments where they hold vast amounts of sensitive data. From healthcare departments to defence, staff phones and laptops must be protected at all costs, and keeping data safe in these government agencies should be a top priority.”
What did the MoD say about handling security breaches?
A Ministry of Defence spokesperson stated,
“We treat all breaches of security very seriously and we require all suspected breaches to be reported. All incidents are subjected to an initial security risk assessment, with further action taken on a proportionate basis.”
UK government data breach
- Lost/stolen devices: Over 2,000 government laptops, phones, and tablets were lost or stolen in 2024–2025, including 240 laptops from the DWP and 387 phones from the Ministry of Defence. Experts warn this poses a “systemic risk” due to potential unauthorised access, despite encryption claims.
- NHS historical breaches: Between 2011–2012, NHS trusts suffered multiple breaches, including unencrypted laptops with 8.6 million patient records and hard drives sold online containing medical data. Fines totalled over £1 million.