The Home Office has apologised to hundreds of EU citizens seeking settled status in the UK after accidentally sharing their details.
It blamed an “administrative error” for sending an email that revealed 240 personal email addresses – a likely breach of the Data Protection Act.
The Home Office sent the email on Sunday 7 April asking applicants, who had already struggled with technical problems, to resubmit their information. But it failed to use the “blind CC” box on the email, revealing the details of other applicants.
Brexit data breach: Home Office admits sharing details of hundreds of EU citizens seeking settled status https://t.co/mebSkg5OBk
— Vesela Gospodinova (@LwFcmMGDs2MpVsZ) April 12, 2019
Shlohmie Liberow, Technical Program Manager at HackerOne:
“Whilst it is important to ensure staff are appropriately trained, there should be an assumption that “administrative errors” will inevitably occur. It is therefore crucial to implement technical controls too when handling sensitive data, to avoid such a scenario.”