Gov buys 731 Zoom licences despite security warnings

More than 700 Zoom licences have been purchased by UK government departments during the COVID-19 outbreak, despite official warnings from the National Cyber Security Centre about the potential for hacking and data breach of the video conferencing software.

Figures obtained by the Parliament Street think tank under Freedom of Information legislation found that a total of 731 Zoom licences have been ordered since the start of the outbreak, with the Ministry of Defence (MoD) purchasing 550 accounts, the Cabinet Office 150, the Foreign and Commonwealth Office 15.

Zoom accounts were also purchased by the Treasury and the Home Office, raising questions over the use of the software in departments handling the most sensitive government data

Government departments have also purchased a combined total of 40,000 mobiles, laptops and tablet computers and nearly 10,000 Microsoft 365 accounts to support civil servants and officials in remote working.

The NCSC, the cyber security arm of the government intelligence agency GCHQ, warned that Zoom use in departments should be restricted to public businesses following warnings that breaches of the software could leave it vulnerable to surveillance by foreign governments.

It has also been reported that more than half a million Zoom account details are available to buy from hackers on the dark web.

In response to the warnings, Zoom has moved quickly to upgrade its security, including encryption and privacy updates to prevent the trend of 'Zoom bombings', where unauthorised persons with the login details of a call can join meetings and share offensive material or disrupt proceedings.

Additional data around government preparations for COVID-19 show that these six key departments have also invested heavily in new devices to enable staff to work from home. The departments purchased at total 41,300 new laptops, tablet computers and mobile phones to help staff operate remotely.

In total, these government departments invested in 27,589 new laptops since the start of the outbreak, 4,011 tablet computers and 9,700 mobile phones, to deal with new safety guidelines for work, such as remote and home-working.

The department which invested the most heavily in new devices was the MoD, which purchased 13,500 new laptops, 3,263 new tablets and 2,200 new mobile phones – a total device count of 18,963. The MoD also invested in 9,467 new Microsoft Office 365 accounts.

Commenting on the figures, Paul Farrington, EMEA chief technology officer at Veracode, said:

“The crisis has seen millions of new users sign up to Zoom to host meetings and provide important updates to employees working remotely, however in recent weeks a series of security missteps and bugs have been discovered, which raise fresh questions about the cyber risks and privacy issues associated with online conference systems.

“With this in mind, it’s critical that key government departments are cautious if using the platform for sensitive meetings, around national security, and public health," he continued. "With cyber attacks on the rise, it’s also crucial that users ensure they have downloaded the latest versions of these applications, to prevent hackers from gaining access and stealing data.”

    Share Story:

Recent Stories