Serious Fraud Office loses thousands of documents in Saudi Arabia arms case

It says no material relating to national security was included in the data

The Serious Fraud Office (SFO) was forced to bring in the Information Commissioner's Office (ICO) after it managed to lose 32,000 document pages and 81 audio tapes and electronic media which formed part of a case.

The lost data was part of the bribery probe into BAE's al-Yamamah deal with Saudi Arabia. The investigation into the huge arms deal was discontinued in 2006, after intervention from then-prime minister Tony Blair.

The SFO said it lost the items when it returned more material than intended, to a source in the investigation.

An SFO spokesperson said: "The SFO is dealing with an incident of accidental data loss. The data concerned was obtained by the SFO in the course of its closed investigation into BAE Systems.

"The SFO has a duty to return material to those who supplied it, upon request, after the close of an investigation. In this instance the party requesting the return was sent additional material which had in fact been obtained from other sources."

The large amount of lost data in question constituted just 3 percent of the total data in the mammoth case. Of the lost data, said the SFO, 98 per cent of the material had been recovered and "efforts continue to recover all the remaining material that has not already been destroyed by the recipient".

It says no material relating to national security was included in the data.

Following the intervention of the ICO, the SFO brought in Peter Mason, former director of security at the Palace of Westminster, to conduct "an initial review" of the incident. He has since made some recommendations.

These include the continuing ownership of data in a concluded case by designated operational staff, a re-drafting of the responsibilities of the SFO's senior information risk owner, and raising the profile of data handling as a "key risk" in the SFO's business

The SFO has also instigated an "independent wide-ranging review" of all the organisation's business processes by Alan Woods, a former senior civil servant.

The data loss took place between May and October 2012 but was only discovered in May this year, said the SFO. The SFO said it had contacted 59 suppliers of data for the investigation to inform them of the situation.

The al-Yamamah deal involved the sale of tens of billions of pounds worth of arms by BAE Systems to Saudi Arabia, which began in the 1980s and which ended in 2006 with the sale of Typhoon fighter jets.

Allegations of corruption and bribery led to an SFO investigation in 2004, but the probe was closed in 2006 on the grounds of "public interest", amid political concerns that relations with Saudi Arabia were being harmed.

BAE paid $450 million (£300 million) in fines in the UK and US three years ago, to end other corruption investigations involving deals in Saudi Arabia and Tanzania.

Labour MP Emily Thornberry, shadow attorney general, said the data loss incident "raises more questions than it answers", and questioned what the government was doing to "ensure that this never happens again".

Join the CSO newsletter!

Error: Please check your email address.

Tags icosecurityBAE Systemspublic sector

More about BAE Systems AustraliaICO

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Antony Savvas

Latest Videos

  • 150x50

    CSO Webinar: Will your data protection strategy be enough when disaster strikes?

    Speakers: - Paul O’Connor, Engagement leader - Performance Audit Group, Victorian Auditor-General’s Office (VAGO) - Nigel Phair, Managing Director, Centre for Internet Safety - Joshua Stenhouse, Technical Evangelist, Zerto - Anthony Caruana, CSO MC & Moderator

    Play Video

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

More videos

Blog Posts

Market Place