Transgender support charity apologises for data breach

The breach related to the availability of emails in a private user group.

Joe Lepper | 18th Jun 19
Risk Management

A transgender support charity has said it has taken action to remedy a data breach where parts of its email database were available on the internet.

The charity Mermaids has apologised for the breach, which is says has been remedied and related to emails from 2016 and 2017 in a private user group. The content was available on the internet if certain precise search-terms were used, says a statement from the transgender support charity.

The statement adds that the charity has notified the Information Commissioners Office (ICO) as soon as it was made aware of the data breach. The breach was brought to the attention of the charity by The Sunday Times, which was investigating the incident.

In addition, the incident has been reported to The Charity Commission and the charity’s trustees will instruct a third party expert to report on the data breach.

Service users identified

“The material mainly consisted of internal information involving full and frank discussion of matters relevant to Mermaids, but unfortunately included some information identifying a small number of service users. Mermaids has contacted these people,” says the statement.

“The information, seen in its actual and proper context, is normal internal information for a group such as Mermaids. The information shows Mermaids takes its responsibilities seriously and that there is candid internal consideration of all issues.

“So the overall position is that there was an inadvertent breach, which has been rapidly remedied and promptly reported to the ICO, and there is no evidence that any of this information was retrieved by anybody other than the Sunday Times and those service users contacted by the journalist in pursuit of their story.”

“Finally, Mermaids apologises for the breach. Even though we have acted promptly and thoroughly, we are sorry.  At the time of 2016-2017, Mermaids was a smaller but growing organisation. Mermaids now has the internal processes and access to technical support which should mean such breaches cannot now occur.”


Catch up on Charity Digital Cyber Secure webinars: