Citizens Advice Bureau leaks sensitive client data online

The Newcastle branch of the Citizens Advice Bureau accidentally published sensitive data online, including the criminal records and debt histories of residents who sought advice.

As first reported by the Northern Echo, 1,300 internal files from the Newcastle CAB were inadvertently published online. The files contained the names, addresses and case histories of an unspecified number of clients.

Ironically, the files also included letters reassuring recipients that their information would be handled confidentially, the Echo reports.

The CAB has yet to identify the cause of the breach, a spokesperson told Information Age. The Information Commissioner's Office has said that it will investigate the incident to see whether it constitutes a breach of the Data Protection Act.

Shona Alexander, CEO of the Newcastle CAB, insisted that citizens could trust the organisation with their data.

"I'd like to reassure people that, because we take data protection extremely seriously, they can speak to us in total confidence," Alexander said in a statement. "All Newcastle CAB staff and volunteers are fully trained in information assurance."

"We are working with [the ICO], as well as the senior information risk owner at Citizens Advice, taking urgent action to contact anyone who may have been affected by this incident and fully resolving any issues."

Senior information risk owner Steve Whitehead said "the Citizens Advice service has stringent data protection measures and highly secure systems in place to keep client and customer data safe.

"Incidents of this kind should never occur – we are working with Newcastle CAB while they investigate and resolve this isolated incident."

See also: Worker's home PC child care data to the web, council claims

Last month, the ICO fined Aberdeen City Council £100,000 after internal documents containing information about children mysteriously appeared online.

The council's own investigation found that an employee had taken the documents home to work on. The employee owned a second hand PC, which apparently contained a program that automatically uploaded the contents of their 'My Documents' file to a publicly accessible .FTP website.

Pete Swabey

Pete Swabey

Pete was Editor of Information Age and head of technology research for Vitesse Media plc from 2005 to 2013, before moving on to be Senior Editor and then Editorial Director at The Economist Intelligence...

Related Topics

Data Breach