File with names of benefits recipients was mistakenly published on website
The London Borough of Sutton has admitted that it mistakenly published the names of a group of people receiving benefits on its website.
The council has publicly apologised for the data breach and said it has begun to cooperation with the Information Commissioner’s Office (ICO) on an investigation.
A report in the Sutton Guardian says the London borough’s breach involved the inadvertent publication of monthly files listing people who receive payments of more than £500 for disability, adoption, fostering, day care respite and special needs on the council’s website. Hundreds of people were named in the files along with the amounts they receive.
The data was inadvertently posted in early June and again on a fresh spreadsheet last week. It was discovered on Monday 17 July, following which the files were quickly removed and the names and payments redacted before reposting.
Sutton issued a statement on the incident that said: “Sutton Council was made aware of a potential data breach involving the inadvertent publication of the names of individuals in receipt of payments from the council. No other personal information has been released.
“We immediately removed the data in question upon discovering this breach. As part of our agreed internal policies we are carrying out an investigation and are in contact with the ICO. We will of course do everything we can to help the ICO should they wish to make further enquiries.
“We are sorry this has happened and want to reassure residents we take matters such as these seriously. We are reviewing our processes to take all steps necessary to avoid any instance such as this happening again.”
The revelation comes shortly after Newcastle City Council’s apology for a mistake in which it attached a spreadsheet with details of adoptive families to an emailing.
Image by rchris7702, CC BY 2.0 through flickr