Apricorn, the leading manufacturer of software-free, 256-bit AES XTS hardware-encrypted USB data storage devices, today announced the findings from its annual Freedom of Information (FoI) requests into device loss and data breaches across major government departments in 2024. The figures indicate that device security issues remain endemic across the public sector, with several departments reporting an increase in lost and stolen devices compared to the previous year, despite attempts to address the issue.
Across the 17 departments questioned, more than 1,200 organisational devices were reported lost or stolen between January and December 2024. HM Revenue and Customs (HMRC) alone accounted for 804 of these losses, including 499 mobile phones. While this represents a modest decrease compared to the 1,015 devices lost by HMRC in 2023, the number remains troubling given the sensitivity of the information the department handles. A large number of the reported phone losses were the result of an internal audit that flagged legacy devices replaced with newer models, highlighting ongoing inventory management challenges.
Other departments showed a more worrying trend with The House of Commons reporting 100 devices lost or stolen during 2024, a significant increase from 65 devices the previous year. Similarly, the Department for Education (DfE) saw device losses climb from 78 in 2023 to 107 in 2024. The Department for Energy Security and Net Zero (DESNZ) also reported a rise, from 122 lost devices last year to 150 this year. Meanwhile, the Department for Science, Innovation and Technology (DSIT) reported 113 missing devices.
“Although HMRC’s numbers suggest some improvement following internal audits, the continued high levels of device loss across government departments show that fundamental issues have not been resolved,” said Jon Fielding, Managing Director, EMEA, Apricorn. “Every lost or unaccounted device carries a risk for those individuals whose data could be exposed.”
The findings also reveal the extent of personal data breaches, with The House of Commons disclosing 49 incidents involving personal data during 2024, up from 41 reported the previous year. Despite these breaches, the House of Commons has not had to disclose any such personal data breach to the Information Commissioner’s Office (ICO) in this period. The figure highlights the continued vulnerability of sensitive personal information within Parliament and other institutions.
Worryingly, several departments that had previously been forthcoming with breach and incident reporting have declined to respond in full this year. The Ministry of Justice (MoJ) and the Department for Education (DfE), for example, both refused to disclose details on data breaches and reports made to the ICO, citing exemptions under Section 24(2) of the Freedom of Information Act (FOIA). The exemption states that there is no duty to confirm or deny whether the requested information is held if doing so would prejudice national security. Seven departments are still yet to respond within the deadline, including MoD Police Force, British Army, British Navy, Royal Air Force, Royal Marines, UK Health Security Agency, and the Home Office/HM Passport Office.
Fielding added, “This growing lack of transparency raises further questions about the true scale of data breaches occurring within government departments and the threat to data. Whilst all departments confirmed their devices are encrypted, they must be supported by strong back-up protocols, inventory control, and employee awareness programmes. A holistic approach to data protection, including frequent audits, multiple back-up copies, and rigorous disaster recovery testing, is essential to minimise the risks posed by device loss and theft.”
###
About the FoI Requests
The research was conducted through Freedom of Information requests submitted via Whatdotheyknow.com in February 2025. The successful responses underpin the findings detailed above.
About Apricorn
Apricorn provides American-made, TAA-compliant, FIPS-validated secure storage innovations worldwide. Trusted by companies in finance, healthcare, education, and government, Apricorn’s products have become a standard in data security strategies. Founded in 1983, Apricorn continues to develop award-winning products and patented technologies for enterprises globally. Learn more at www.apricorn.com.
