The Home Office has reported itself to the UK data protection authority after accidentally sharing the emails of hundreds of EU citizens applying to stay in the UK after Brexit.
While contacting applicants facing technical difficulties while trying to apply to keep their rights in the UK after Brexit, the department had failed to mask the addresses in a group email, revealing some 240 email addresses on April 7th.
They have since apologised in an email to those concerned and assured everyone that all other personal data held by the department remained safe. Additionally, they make it clear that they’ve taken matters to improve the security of email systems and procedures since the breach. They also notified the Information Commissioner’s Office of the breach, but have yet to issue a formal report to the watchdog.
Strangely this is not the first data breach incident for the Home Office that week! Earlier that week they addmited to breaching data rules by sharing the email addresses of hundreds interested in the recently launched Windrush compensation scheme.
These incidents have raised concerns over the Home Office’s systems and competence leading to the appointment of non-executive director Sue Langley to lead a review of compliance systems.