Home » Topics » Data Protection & Privacy » Citizens Advice Bureau leaks sensitive client data online

Citizens Advice Bureau leaks sensitive client data online

Pete Swabeyby Pete Swabey

The Newcastle branch of the Citizens Advice Bureau accidentally published sensitive data online, including the criminal records and debt histories of residents who sought advice.

As first reported by the Northern Echo, 1,300 internal files from the Newcastle CAB were inadvertently published online. The files contained the names, addresses and case histories of an unspecified number of clients.

Ironically, the files also included letters reassuring recipients that their information would be handled confidentially, the Echo reports.

The CAB has yet to identify the cause of the breach, a spokesperson told Information Age. The Information Commissioner's Office has said that it will investigate the incident to see whether it constitutes a breach of the Data Protection Act.

Shona Alexander, CEO of the Newcastle CAB, insisted that citizens could trust the organisation with their data.

"I'd like to reassure people that, because we take data protection extremely seriously, they can speak to us in total confidence," Alexander said in a statement. "All Newcastle CAB staff and volunteers are fully trained in information assurance."

"We are working with [the ICO], as well as the senior information risk owner at Citizens Advice, taking urgent action to contact anyone who may have been affected by this incident and fully resolving any issues."

Senior information risk owner Steve Whitehead said "the Citizens Advice service has stringent data protection measures and highly secure systems in place to keep client and customer data safe.

"Incidents of this kind should never occur – we are working with Newcastle CAB while they investigate and resolve this isolated incident."

See also: Worker's home PC child care data to the web, council claims

Last month, the ICO fined Aberdeen City Council £100,000 after internal documents containing information about children mysteriously appeared online.

The council's own investigation found that an employee had taken the documents home to work on. The employee owned a second hand PC, which apparently contained a program that automatically uploaded the contents of their 'My Documents' file to a publicly accessible .FTP website.

Pete Swabey

Pete Swabey

Pete was Editor of Information Age and head of technology research for Vitesse Media plc from 2005 to 2013, before moving on to be Senior Editor and then Editorial Director at The Economist Intelligence...

Related Topics

Data Breach

Related Stories

Data Protection & Privacy

The future of private AI: open source vs closed source

As regulation of artificial intelligence evolves, the future of AI could be private in nature - here's how adoption of open and close source capabilities would compare

Blockchain

How fully homomorphic encryption can solve blockchain’s privacy problem

Jason Delabays explains how fully homomorphic encryption can help businesses innovating with blockchain ensure privacy long-term.

Data Protection & Privacy

Combining Qumulo integration with open source backup software

Software development automation platform Yuzuy has been looking to drive value from integration with Qumulo and customer partnerships

Data Protection & Privacy

Class action lawsuit filed against OpenAI over “stolen private information”

OpenAI, developer of ChatGPT, has been hit with a class action lawsuit alleging misappropriation of personal data scraped from the web