Age UK data breach compromises personal details of 5,000 employees

Age UK data breach compromises personal details of 5,000 employees

Mermaids UK apologises for suffering "historical data breach"

Charity organisation Age UK has confirmed that personal details of as many as 5,000 present and past employees were lost to a couple of data breaches late last year.

The data breaches impacted all employees who were employed since January 2013 and compromised personal data includes names, dates of birth, e-mail addresses and national insurance numbers.

After it discovered the two breaches, Age UK informed the Information Commissioner’s Office as well as the Charity Commission, and also wrote to all affected employees, detailing the extent of the breaches and what steps it will take to minimise its impact.

Age UK has also agreed to pay £20 per person for CIFAS Protective Registration for all affected past and present employees.

‘We can confirm that Age UK has had two recent, unrelated data security incidents concerning information held by Age UK about Age UK employees. The information did not include bank details or passwords and we are not aware of any actual or attempted misuse of this personal data,’ said a spokesperson for Age UK.

‘We take any threat to data security very seriously and we have acted as swiftly and thoroughly as possible to reinforce our defences. We have informed all individuals affected and the relevant authorities and set up a helpline for any staff wanting more support or information. We have also offered to pay for CIFAS Protective Registration for two years for those involved, to provide an extra layer of security to personal information.’

While the Information Commissioner’s Office is presently investigating the breach, the Charity Commission said that they are assessing information to establish whether trustees met their legal duties and if they had any further regulatory role to play.

The news of the breach arrives only a day after the government’s Cyber Security Breaches Survey revealed that 56 percent of charities in the UK are still unaware about GDPR- a pan-European data security legislation that promises to impose fines of either 4 percent of an organisation’s annual turnover or €20 Million (whichever is greater) on erring firms. The GDPR will come into force on 25th May this year.

Of those charities who are aware of GDPR, just over a quarter have actually taken steps to prepare themselves for the upcoming legislation. Among those who made changes, just over one third of charities have made changes to their cyber security practices. In short, the total number of charities who have taken meaningful steps to be compliant to GDPR is miniscule compared to the number of charities presently operating in the UK.

Copyright Lyonsdown Limited 2021

Top Articles

RockYou2021 data leak: 8.4 billion passwords compromised

A report shows that 100GB of data which includes 8.4 billion passwords have been recently leaked on the internet, people are being encouraged to secure their accounts.

Hackers Breach Electronic Arts & Steal Game Code

Electronic Arts, one of the world's biggest video game publishers including games such as FIFA, Madden, Sims and Medal of Honor, are the latest company to be hacked.

JBS Foods paid £7.7m in ransom to REvil ransomware gang

JBS Foods, the world’s largest processor of beef and poultry products, has admitted to paying a ransom of $11 million to cyber criminals, a week after it announced that operations…

Related Articles

[s2Member-Login login_redirect=”” /]