A union writes

We have received a letter as below.  Sending personal data to an unchecked external email address–well, they’ll know better now…

BREACH OF DATA SECURITY

On behalf of Prospect I regret to inform you that there has been a breach in our data security procedures which has resulted in personal details (but not bank details) of a number of our members that are held on the Prospect membership system, being released accidentally by email to an unknown 3rd party. You are one of the members affected.

The breach arose during development work on the membership system. A sample data file, originally extracted from the membership system 7 months ago, was sent electronically to the developer to be tested on new software. Unfortunately, the email address to which the data file was sent was not the correct one. Although we have done our utmost to get the file returned or deleted, at this point the holder of the email address has not responded to our email requests. We have no way of obtaining their identity and contacting them any other way. It is quite possible that the email address may well be inactive and the addressee may simply be unaware of its existence. In this case the file may remain unopened indefinitely and there will be no release of the details on it. However, we cannot be sure of this and we therefore must act as though the data has been released into the public domain.

The data released did not include bank or building society details but it did include: your name, date of birth, home address & phone numbers and email address, employer name, work address, work phone number and email, subscription rate, and branch/section details. (Please note that this lists the main fields of information that we hold. If you had not provided any of this information to us it would not have been held on our database.) We have reported the incident to the Information Commissioner who has responsibility for Data Protection, so there is no need for you contact them, although you may do so if you wish.

It is probable that the release will not cause a threat to your personal safety or security. However, you may wish to be especially alert to any potential misuse of this data, such as via identity theft. For example, do not give out any information to anyone who rings you unless you are very sure of their identity. If you use passwords that contain any personal identifiers (date of birth, names, etc) you may wish to change them. You should also look at your bank account at regular intervals and check there have been no unusual transactions.

Please note that Prospect will never ask you for the following information in an e-mail communication:

. Your National Insurance Number

. Your bank account information, credit card number, PIN number, or credit
card security code (including “updates” to any of the above)

. Your mother’s maiden name or other information to identify you (such as your
place of birth or your favourite pet’s name)

. Your password

If you get asked for this information by email, even if it looks as though it originates from Prospect, do not provide this information. If you are asked for any of this information by phone and are at all suspicious, ask for the name of the person and then ring the Prospect membership department number given at the bottom of this letter.

We are very sorry that this breach in data security has occurred. This is the first time that Prospect has experienced such a breach but we are treating it extremely seriously and are conducting a thorough review of all our Data Protection procedures to ensure there is no recurrence.

If you have any queries about the breach or your personal data then please contact the Prospect Membership Department on: [redacted].

Yours sincerely

David Pelly
Resource Director

Advertisements

Tags: , ,

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s


%d bloggers like this: