A Citizen Advice Bureau (CAB) branch in Newcastle is now being investigated by the Information Commissioner’s Office (ICO) after confidential data was accidentally leaked online.
It has been reported that 1,300 internal files were published online. The files that contained data belonging to its customers contained information such as customer names, addresses, debt history and criminal records. Some of the files also contained information about staff log in details to the CAB main website. To make things more embarrassing for the CAB branch, letters declaring that their information would be handled confidentially were also included.
The Newcastle CAB branch has started the process of notifying the affected people whilst the investigation continues.
Shona Alexander who is the chief executive of the Newcastle branch stated, “This isolated incident at Newcastle CAB is being thoroughly investigated. I’d like to reassure people that, because we take data protection extremely seriously, they can speak to us in total confidence. All Newcastle CAB staff and volunteers are fully trained in information assurance. The ICO are aware of this incident and we are working with them, as well as the senior information risk owner at Citizens Advice, taking urgent action to contact anyone who may have been affected by this incident and fully resolving any issue.”
Steve Whitehaed who is the senior information risk owner stated, “The Citizens Advice service has stringent data protection measures and highly secure systems in place to keep client and customer data safe. Incidents of this kind should never occur – we are working with Newcastle CAB while they investigate and resolve this isolated incident.”
The ICO have confirmed that they are investigating the issue to see if they deem the incident as being a data protection breach.
A spokesman from the ICO stated, “We have recently been made aware of a possible data breach which may involve the Newcastle Citizens Advice Bureau. We will be making inquiries into the circumstances of the alleged breach of the Data Protection Act before deciding what action, if any, needs to be taken.”
This latest incident proves that companies are still making mistakes when dealing with confidential data which could have severe consequences if it was to fall into the wrong hands. It is time that companies start to educate their staff in data protection and have procedures in place to ensure that the rules and regulations are adhered too so incidents such as this one do not occur again.
Do you feel that companies are doing enough to protect confidential data?