Really, who puts secure login codes for a government agency website on an unencrypted USB key? This is approaching a CSI level of computardation.
Although it didn’t result in the breach of, say, the UK’s secret UFO files (that would have been a coup), it has potentially exposed the tax, ticket, and financial records of some twelve million UK residents — not to mention the source code behind the site, potentially even more damaging. The passwords and critical info were “hidden using an industry standard technique which is difficult to break,” which I hope is more than ticking the “hidden” box in the file info.
Who would put sensitive information like that on a thumb drive. That’s just irresponsible. Information like that belongs on a secure server obviously, not a drive you keep on your key chain. Jeez.