Essex County Council is investigating a serious data security breach, which could leave hundreds of people at risk of identity theft.
A council worker at Essex County Council is believed to have sent personal and financial data of 400 people in care to an unauthorised recipient, according to a report by local news website This Is Total Essex.
The data allegedly contained addresses and financial information about citizens in "substantial" and "critical" need of care, were sent from the Adults Health and Community Wellbeing Department to an external computer outside of the council.
Following the breach, a council staff member was sacked and the incident reported to Essex Police and the Government's Information Commissioner. The council's own all-party scrutiny committee will now investigate the breach.
According to the report, the data included details of personal budgets, used by people with disabilities to arrange essential services such as home care.
In a statement, Essex County Council said that it did not believe there was any malicious intent behind the incorrect use of data and the risk of identity theft was "minimal".
"While we are unable to give specific details we can confirm that the investigation centres on an ex-employee who breached our information security policy," it said. "We are taking this extremely seriously and have informed the police and the Information Commissioners Office," the statement read.
"Whilst the ex-employee had signed a declaration stating they had deleted the information and not shared it with anyone, it is our duty to inform service users that their information has been compromised."
Councillor Mike Mackrory, Liberal Democrat opposition leader at the council, told This Is Total Essex: "With all the security procedures we are supposed to have now and all the millions the county council has spent on the best IT, it beggars belief that something like this can have happened.
"I am frankly staggered. We need to get to the bottom of it quickly and ensure our procedures are even tighter," he said.
In the past year, fines issued by the ICO for data breaches have increased four-fold, totalling 1.8 million.
As reported by IT Pro earlier in the month, a Torquay-based NHS health Trust has been fined 175,000 by the Information Commissioner's Office (ICO) after sensitive details of more than 1,000 staff were posted on its website.
-
TPUs: Google's home advantageITPro Podcast How does TPU v7 stack up against Nvidia's latest chips – and can Google scale AI using only its own supply?
-
Microsoft Excel is still alive and kicking at 40News A recent survey found Gen Z and Millennial finance professionals have a strong “emotional attachment” to Microsoft Excel
-
LastPass hit with ICO fine after 2022 data breach exposed 1.6 million users – here’s how the incident unfoldedNews The impact of the LastPass breach was felt by customers as late as December 2024
-
Scania admits leak of data after extortion attemptNews Hacker stole 34,000 files from a third-party managed website, trucking company says
-
23andMe 'failed to take basic steps' to safeguard customer dataNews The ICO has strong criticism for the way the genetic testing company responded to a 2023 breach.
-
AI recruitment tools are still a privacy nightmare – here's how the ICO plans to crack down on misuseNews The ICO has issued guidance for recruiters and AI developers after finding that many are mishandling data
-
“You must do better”: Information Commissioner John Edwards calls on firms to beef up support for data breach victimsNews Companies need to treat victims with swift, practical action, according to the ICO
-
LinkedIn backtracks on AI training rules after user backlashNews UK-based LinkedIn users will now get the same protections as those elsewhere in Europe
-
UK's data protection watchdog deepens cooperation with National Crime AgencyNews The two bodies want to improve the support given to organizations experiencing cyber attacks and ransomware recovery
-
ICO slams Electoral Commission over security failuresNews The Electoral Commission has been reprimanded for poor security practices, including a failure to install security updates and weak password policies
