Mermaids UK apologises for suffering "historical data breach"

Mermaids UK apologises for suffering "historical data breach"

Mermaids UK apologises for suffering "historical data breach"

Mermaids UK, a charity organisation that works for the empowerment of gender variant and transgender children, recently admitted that it suffered a data breach that exposed internal emails from 2016 and 2017, some of which contained personal information of an unknown number of individuals supported by the charity firm.
The announcement from the charity firm came after The Sunday Times revealed that a large number of internal emails that contained “intimate details of the vulnerable youngsters” were available to view on the Internet by simply searching for the charity name and its charity number.
According to BBC, over 1,100 internal emails were exposed on the Internet, included correspondence between executives at Mermaids, and “were shared to a private group on a private messaging platform”.

Mermaids claims exposed data was not accessed by third parties

“On the afternoon of Friday 14th June Mermaids was made aware of a data breach. We are grateful to the Sunday Times for bringing it to our attention. Mermaids immediately took action. The same day Mermaids notified the Information Commissioners Office (ICO). The breach was also immediately remedied.
“The scope of the breach was that internal Mermaids emails from 2016 and 2017 in a private user group were available on the internet, if certain precise search-terms were used. Mermaids understands that the information could not be found unless the person searching for the information was already aware that the information could be found,” the charity firm said in a press release.
“The material mainly consisted of internal information involving full and frank discussion of matters relevant to Mermaids, but unfortunately included some information identifying a small number of service users. Mermaids has contacted these people.
“The information, seen in its actual and proper context, is normal internal information for a group such as Mermaids. The information shows Mermaids takes its responsibilities seriously and that there is candid internal consideration of all issues.
“So the overall position is that there was an inadvertent breach, which has been rapidly remedied and promptly reported to the ICO, and there is no evidence that any of this information was retrieved by anybody other than the Sunday Times and those service users contacted by the journalist in pursuit of their story,” it added.
Last year, charity firm Age UK suffered a major data breach that compromised personal details of over 5,000 existing and past employees. Information compromised by the incident included names, dates of birth, e-mail addresses and national insurance numbers.
‘We can confirm that Age UK has had two recent, unrelated data security incidents concerning information held by Age UK about Age UK employees. The information did not include bank details or passwords and we are not aware of any actual or attempted misuse of this personal data,’ said a spokesperson for Age UK.

Copyright Lyonsdown Limited 2021

Top Articles

RockYou2021 data leak: 8.4 billion passwords compromised

A report shows that 100GB of data which includes 8.4 billion passwords have been recently leaked on the internet, people are being encouraged to secure their accounts.

Hackers Breach Electronic Arts & Steal Game Code

Electronic Arts, one of the world's biggest video game publishers including games such as FIFA, Madden, Sims and Medal of Honor, are the latest company to be hacked.

JBS Foods paid £7.7m in ransom to REvil ransomware gang

JBS Foods, the world’s largest processor of beef and poultry products, has admitted to paying a ransom of $11 million to cyber criminals, a week after it announced that operations…

Related Articles

[s2Member-Login login_redirect=”” /]