Windrush data breach forces rule change

The Windrush data breach incident that happened on 7^th April 2019 has forced changes to be adopted by the Home Office following the leak of information surrounding the compensation scheme.

Earlier this month, mass emails were sent out to people taking part in the Windrush compensation scheme, as well as other interested parties. Emails were reportedly sent out in batches of 100, and the first five batches are understood to have resulted in a data breach. Yet again, this was another case where recipients of the email could see each other’s information.

This kind of incident has happened so many times before, and it triggered one of the more severe compensation actions we’re involved ion; the 56 Dean Street Clinic leak. Changes are now set to be made.

What is the Windrush data breach incident?

The Windrush data breach incident took place on 7^th April 2019 when batches of emails were sent out to people taking part in the compensation scheme, as well as to other interested parties. The emails were sent to the recipients, but the recipient list was visible to all recipients receiving the email.

That meant that hundreds of people could see others who are involved in the Windrush compensation scheme. Rather than using a professional email platform that prevents this, or instead of using the BCC function, the leak occurred.

Changes following the Windrush data breach

The Windrush data breach incident has forced changes from the Home Office, as well as the usual regularity responses.

The ICO (Information Commissioner’s Office) has been informed, and Immigration Minster Caroline Nokes said that they apologise unreservedly for what has been classed as an “administrative error”.

She also said that:

“As a further immediate step, we have put in place strict controls on the use of bulk emails when communicating with members of the public to ensure this does not happen again as lessons are learned.”

A reactive approach

Ultimately, it’s too late for the recipients of the Windrush compensation scheme email who were affected by the data breach.

The information has been leaked, and the damage has been done.

What we’re seeing here is the common reactive approach to a data breach incident. No one can ignore the fact that this exact kind of breach has happened before, and the government has been at the centre of it. This is not a new kind of incident, and there should already have been measures in place to prevent such a breach.

Lessons may be learned in the aftermath of the Windrush data breach, but this was a preventable incident that’s a repeat of incidents that have happened many times before.

Start Your Claim

You can call our claims team free from a landline or mobile on 0800 634 7575 or click on the link below to create a call back with one of our expert Data Claims team.

Create A Call Back

Information on how we handle your data is available in our Privacy Policy.

The content of this post/page was considered accurate at the time of the original posting and/or at the time of any posted revision. The content of this page may, therefore, be out of date. The information contained within this page does not constitute legal advice. Any reliance you place on the information contained within this page is done so at your own risk.