The Windrush data breach incident that happened on 7th April 2019 has forced changes to be adopted by the Home Office following the leak of information surrounding the compensation scheme.
Earlier this month, mass emails were sent out to people taking part in the Windrush compensation scheme, as well as other interested parties. Emails were reportedly sent out in batches of 100, and the first five batches are understood to have resulted in a data breach. Yet again, this was another case where recipients of the email could see each other’s information.
This kind of incident has happened so many times before, and it triggered one of the more severe compensation actions we’re involved ion; the 56 Dean Street Clinic leak. Changes are now set to be made.
What is the Windrush data breach incident?
The Windrush data breach incident took place on 7th April 2019 when batches of emails were sent out to people taking part in the compensation scheme, as well as to other interested parties. The emails were sent to the recipients, but the recipient list was visible to all recipients receiving the email.
That meant that hundreds of people could see others who are involved in the Windrush compensation scheme. Rather than using a professional email platform that prevents this, or instead of using the BCC function, the leak occurred.
Changes following the Windrush data breach
The Windrush data breach incident has forced changes from the Home Office, as well as the usual regularity responses.
The ICO (Information Commissioner’s Office) has been informed, and Immigration Minster Caroline Nokes said that they apologise unreservedly for what has been classed as an “administrative error”.
She also said that:
“As a further immediate step, we have put in place strict controls on the use of bulk emails when communicating with members of the public to ensure this does not happen again as lessons are learned.”
A reactive approach
Ultimately, it’s too late for the recipients of the Windrush compensation scheme email who were affected by the data breach.
The information has been leaked, and the damage has been done.
What we’re seeing here is the common reactive approach to a data breach incident. No one can ignore the fact that this exact kind of breach has happened before, and the government has been at the centre of it. This is not a new kind of incident, and there should already have been measures in place to prevent such a breach.
Lessons may be learned in the aftermath of the Windrush data breach, but this was a preventable incident that’s a repeat of incidents that have happened many times before.
IMPORTANT: advice on this page is intended to be up-to-date for the 'first published date'.
Request a call back from our team
Fill out our quick call back form below and we'll contact you when you're ready to talk to us.
All fields marked with an * are required.
First published by Matthew on April 22, 2019
Posted in the following categories: Claims Data ICO Latest Security Technology and tagged with compensation | data breach | data controllers | data leak | email leaks | ico | personal data