Data breach in Essex exposes details of 400 people

data privacy

Essex County Council is investigating a serious data security breach, which could leave hundreds of people at risk of identity theft.

A council worker at Essex County Council is believed to have sent personal and financial data of 400 people in care to an unauthorised recipient, according to a report by local news website This Is Total Essex.

The data allegedly contained addresses and financial information about citizens in "substantial" and "critical" need of care, were sent from the Adults Health and Community Wellbeing Department to an external computer outside of the council.

Following the breach, a council staff member was sacked and the incident reported to Essex Police and the Government's Information Commissioner. The council's own all-party scrutiny committee will now investigate the breach.

According to the report, the data included details of personal budgets, used by people with disabilities to arrange essential services such as home care.

In a statement, Essex County Council said that it did not believe there was any malicious intent behind the incorrect use of data and the risk of identity theft was "minimal".

"While we are unable to give specific details we can confirm that the investigation centres on an ex-employee who breached our information security policy," it said. "We are taking this extremely seriously and have informed the police and the Information Commissioners Office," the statement read.

"Whilst the ex-employee had signed a declaration stating they had deleted the information and not shared it with anyone, it is our duty to inform service users that their information has been compromised."

Councillor Mike Mackrory, Liberal Democrat opposition leader at the council, told This Is Total Essex: "With all the security procedures we are supposed to have now and all the millions the county council has spent on the best IT, it beggars belief that something like this can have happened.

"I am frankly staggered. We need to get to the bottom of it quickly and ensure our procedures are even tighter," he said.

In the past year, fines issued by the ICO for data breaches have increased four-fold, totalling 1.8 million.

As reported by IT Pro earlier in the month, a Torquay-based NHS health Trust has been fined 175,000 by the Information Commissioner's Office (ICO) after sensitive details of more than 1,000 staff were posted on its website.

Rene Millman

Rene Millman is a freelance writer and broadcaster who covers cybersecurity, AI, IoT, and the cloud. He also works as a contributing analyst at GigaOm and has previously worked as an analyst for Gartner covering the infrastructure market. He has made numerous television appearances to give his views and expertise on technology trends and companies that affect and shape our lives. You can follow Rene Millman on Twitter.