The older people’s charity Independent Age has had a data security breach that resulted in personal information, including the bank details and salaries of almost all of its staff, being sent to a former colleague.
Third Sector understands that the breach was on 11 June and consisted of personal information for the charity’s staff being accidentally disclosed to a former employee while complying with a subject access request.
Details passed on included employees’ names, dates of birth, addresses, genders, personal mobile numbers, salaries, bank details including sort code and account number, and pension contributions.
The charity employs 170 staff, almost all of whom were affected, a spokeswoman for Independent Age confirmed.
Some donor and service user personal information was also disclosed, although the data involved was much more limited than those for members of staff.
The charity said the data had been securely deleted from the recipient’s computer and that it anticipated there would be no further dissemination of the data.
John Tranter, acting chief operating officer at Independent Age, said: "We take our data protection and charity law responsibilities seriously. We are aware of this incident and reported the data security breach immediately to the ICO and the Charity Commission, who have confirmed that they will take no further action.
"All data has been securely deleted from the former colleague’s computer and no details were provided to any third parties. We are investigating how this occurred and will be putting in place further steps to minimise the risk of it happening again."
An ICO spokeswoman said that it had been made aware of the incident by Independent Age and decided no further action was necessary.
A statement from the Charity Commission confirmed that Independent Age submitted a serious incident report relating to the data breach.
"The commission assessed the charity’s response to the incident and determined the trustees were taking appropriate steps to address the breach," the statement said.
"We expect the trustees to report the findings of the ICO’s report to the commission and should further concerns come to light we would assess these."