Essex County Council is investigating a serious data security breach, which could leave hundreds of people at risk of identity theft.
A council worker at Essex County Council is believed to have sent personal and financial data of 400 people in care to an unauthorised recipient, according to a report by local news website This Is Total Essex.
The data allegedly contained addresses and financial information about citizens in "substantial" and "critical" need of care, were sent from the Adults Health and Community Wellbeing Department to an external computer outside of the council.
Following the breach, a council staff member was sacked and the incident reported to Essex Police and the Government's Information Commissioner. The council's own all-party scrutiny committee will now investigate the breach.
According to the report, the data included details of personal budgets, used by people with disabilities to arrange essential services such as home care.
In a statement, Essex County Council said that it did not believe there was any malicious intent behind the incorrect use of data and the risk of identity theft was "minimal".
"While we are unable to give specific details we can confirm that the investigation centres on an ex-employee who breached our information security policy," it said. "We are taking this extremely seriously and have informed the police and the Information Commissioners Office," the statement read.
"Whilst the ex-employee had signed a declaration stating they had deleted the information and not shared it with anyone, it is our duty to inform service users that their information has been compromised."
Councillor Mike Mackrory, Liberal Democrat opposition leader at the council, told This Is Total Essex: "With all the security procedures we are supposed to have now and all the millions the county council has spent on the best IT, it beggars belief that something like this can have happened.
"I am frankly staggered. We need to get to the bottom of it quickly and ensure our procedures are even tighter," he said.
In the past year, fines issued by the ICO for data breaches have increased four-fold, totalling 1.8 million.
As reported by IT Pro earlier in the month, a Torquay-based NHS health Trust has been fined 175,000 by the Information Commissioner's Office (ICO) after sensitive details of more than 1,000 staff were posted on its website.
-
Meta just revived plans to train AI models using European user dataNews Meta has confirmed plans to train AI models using European users’ public content and conversations with its Meta AI chatbot.
-
AI is helping bad bots take over the internetNews Automated bot traffic has surpassed human activity for the first time in a decade, according to Imperva
-
AI recruitment tools are still a privacy nightmare – here's how the ICO plans to crack down on misuseNews The ICO has issued guidance for recruiters and AI developers after finding that many are mishandling data
-
“You must do better”: Information Commissioner John Edwards calls on firms to beef up support for data breach victimsNews Companies need to treat victims with swift, practical action, according to the ICO
-
LinkedIn backtracks on AI training rules after user backlashNews UK-based LinkedIn users will now get the same protections as those elsewhere in Europe
-
UK's data protection watchdog deepens cooperation with National Crime AgencyNews The two bodies want to improve the support given to organizations experiencing cyber attacks and ransomware recovery
-
ICO slams Electoral Commission over security failuresNews The Electoral Commission has been reprimanded for poor security practices, including a failure to install security updates and weak password policies
-
Disgruntled ex-employees are using ‘weaponized’ data subject access requests to pester firmsNews Some disgruntled staff are using DSARs as a means to pressure former employers into a financial settlement
-
ICO reprimands Coventry school over repeated data protection failuresNews The ICO said the academy trust failed to follow previous guidance, which caused a serious data breach
-
ICO dishes out fine to HelloFresh for marketing spam campaignNews HelloFresh failed to offer proper opt-outs, the ICO said, and customers weren’t warned their data would be used for months after they cancelled
