Data breach hits Independent Age

Personal information for a number of the charity's staff was accidentally disclosed to a former employee who had submitted a subject access request

The older people’s charity Independent Age has had a data security breach that resulted in personal information, including the bank details and salaries of almost all of its staff, being sent to a former colleague.

Third Sector understands that the breach was on 11 June and consisted of personal information for the charity’s staff being accidentally disclosed to a former employee while complying with a subject access request.

Details passed on included employees’ names, dates of birth, addresses, genders, personal mobile numbers, salaries, bank details including sort code and account number, and pension contributions.

The charity employs 170 staff, almost all of whom were affected, a spokeswoman for Independent Age confirmed.

Some donor and service user personal information was also disclosed, although the data involved was much more limited than those for members of staff.

The charity said the data had been securely deleted from the recipient’s computer and that it anticipated there would be no further dissemination of the data.

The Information Commissioner’s Office and the Charity Commission were both informed, but neither decided to take any further action.

John Tranter, acting chief operating officer at Independent Age, said: "We take our data protection and charity law responsibilities seriously. We are aware of this incident and reported the data security breach immediately to the ICO and the Charity Commission, who have confirmed that they will take no further action.

"All data has been securely deleted from the former colleague’s computer and no details were provided to any third parties. We are investigating how this occurred and will be putting in place further steps to minimise the risk of it happening again."

An ICO spokeswoman said that it had been made aware of the incident by Independent Age and decided no further action was necessary.

A statement from the Charity Commission confirmed that Independent Age submitted a serious incident report relating to the data breach.

"The commission assessed the charity’s response to the incident and determined the trustees were taking appropriate steps to address the breach," the statement said.

"We expect the trustees to report the findings of the ICO’s report to the commission and should further concerns come to light we would assess these."

Have you registered with us yet?

Register now to enjoy more articles and free email bulletins

Already registered?
Sign in

Latest Digital Jobs

RSS Feed

Third Sector Insight

Sponsored webcasts, surveys and expert reports from Third Sector partners


Expert hub

Insurance advice from Markel

How bad can cyber crime really get: cyber fraud #1

Promotion from Markel

In the first of a series, we investigate the risks to charities from having flawed cyber security - and why we need to up our game...