Thousands of Personal Details Exposed in Latest UK Data Breach Blunders

Thousands of ambulance service staff and housing benefits claimants have had their personal information accidentally leaked, in the latest UK data breach blunder.

South Central Ambulance Service revealed that details including the age, sex and religion of over 2,800 staff were published online by mistake.
The service – which covers Berkshire, Buckinghamshire, Hampshire and Oxfordshire – was informed of the breach in April by data protection watchdog the Information Commissioner’s Office (ICO), it said in response to a Freedom of Information (FoI) request by BBC Radio Berkshire.
"All affected individuals, including current and past members of staff, were informed of this breach in a personal letter from the chief executive officer," the statement continued.
“We have undertaken a thorough review of all our published information on the website – over 2,000 documents – and we can confirm that this was the only document affected."
Meanwhile, in Basingstoke and Dean, the local council has been forced to apologise to 1,900 housing benefit claimants after accidentally exposing their details including dates of birth and national insurance numbers.
Ironically, the blunder was made when the council replied to an FoI request asking how many locals were claiming benefit and living in private accommodation, according to the BBC.
Instead of replying with just that information, the council sent the FoI requester a spreadsheet with the personal details of all 1,900 claimants, although bank-related data was apparently not included.
Council director, Laura Taylor, apologised for the mistake and any inconvenience it might have caused, claiming that the council gets a high volume of FoI requests.
She told the BBC that the council has already made efforts to tighten its procedures “and will act on any lessons from the review and investigation”.
"It is likely that the person who got the information was making inquiries to lots of different councils to compare statistics and will not even realize that they have the personal information, but we cannot be 100% certain,” Taylor added.
"I do not want to worry people unnecessarily but felt that it was only right that we let the people affected know what has happened and give them advice on what they can do to protect themselves with our help."
The ICO is investigating both incidents.
Martin Sugden, CEO of data classification firm Boldon James, argued that the incidents show some “serious changes” are needed to security policy in both organizations.
“These incidents show that security awareness, training and staff education around data security is still vital to ensure that employees appreciate the impact of data losses, as well as understand how to handle sensitive data,” he added.

What’s hot on Infosecurity Magazine?