RAF forced to reset passwords following Prince William’s photo-op-turned-security-breach
Prince William. Image by SAC Faye Storer, MOD
What started as a simple photo-op showcasing a day in the life of Flight Lieutenant Wales (better known as Prince William) ended up as a security gaffe that has left the RAF red-faced.
A series of 10 photos were taken of Prince William on duty at RAF Valley in north Wales. The images, snapped by a Ministry of Defence photographer, were to be used on a new website dedicated to the prince and his wife, the former Kate Middleton, highlighting his work as a helicopter search and rescue pilot.
However, four of the images taken in the RAF office contained sensitive information, such as usernames and passwords for RAF staff. As they were press shots, the images had already been distributed to major news organisations in the UK before the data breach was discovered.
Visual data security
“Incidents like this highlight the urgent need for organisations in both the public and private sectors to take the threat posed by visual data security breach seriously – especially those that deal with national security or commercially sensitive information,” said Brian Honan, information security expert for the European Association for Visual Data Security.
While millions is spent each year on IT security, little is done to implement visual data security procedures – the importance of which has been highlighted by the Ministry of Defence’s slip. As has been made clear, a visual data security breach can happen very easily, yet little is done to promote awareness of the risks associated.
“The growing use of high-resolution digital cameras ensures that sensitive information on display can be easily and effectively captured and misused,” added Honan, who wrote a white paper on visual data security earlier this year.
The images on the prince’s website have since been replaced with edited versions, where the sensitive information has been removed. These images were reissued to media outlets and the Ministry of Defence also took the decision to reset the usernames and passwords of some staff following the gaffe.