BP leaks sensitive data on Deepwater Horizon victims

Laptop containing details of 13,000 victims of last summer's oil spill has been lost

A BP employee has lost a laptop containing details of 13,000 victims of last summer's massive Deepwater Horizon oil spill in the Gulf of Mexico.

The details included social security numbers, phone numbers and addresses of the individuals involved.

The personal information was held in a spreadsheet maintained by BP as part of a tracking process for claims arising from the accident before the Gulf Coast Claims Facility (GCCF) was established in August last year.

According to the Associated Press, the data was all from people who filed claims before the GCCF took over.

BP paid roughly $400m (£249m) in claims before the switch. As of Tuesday, the GCCF had paid roughly $3.6bn (£2.2bn) to more than 170,000 claimants.

In a statement on the loss BP said: "The lost laptop was immediately reported to law enforcement authorities and BP security, but has not been located despite a thorough search.

"There is no evidence that the laptop or data was targeted or that anyone's personal data has been compromised or accessed in any way.

"We have sent written notice to individuals affected by this event to inform them about the loss and to offer them free credit monitoring services to help protect their personal information."

This loss follows several high-profile public sector cases in the UK with departments such as the Department for Work and Pensions and the Ministry of Justice losing USB sticks containing citizen information, but it is a reminder that the private sector can be just as culpable.

Chris McIntosh, CEO of encryption expert Stonewood, said: "This loss reminds us in the UK that it's not just the public sector that can come under fire for mishandling data.

"Leaving individuals with unecrypted sensitive data is bad enough, but when you factor in the legal importance of the data, and the scale of the event which made BP record it in the first place, it becomes inexplicable.

"If this had happened in the UK we'd hope that the ICO would be bringing its full weight down upon BP.

"Data will always be vulnerable to accidental loss or unexpected theft. As a result, it must be encrypted at all times and the importance of this has to be drilled into workers."