Inadvertent disclosure of personal information

We continue to report on recent major data incidents to keep you up to date with the latest news.

The Public Appointments Service (PAS), which recruits for civil and public service jobs, has accidentally exposed personal information of more than 15,000 people.

The incident was caused by an “administrative error” which resulted in 15,471 people receiving a message containing another person's private information.

The following data was exposed:
•    The name of another person
•    The list of roles this person has chosen to be notified about.

PAS claims, that the message was immediately recalled, however the system does not allow for messages which have been opened by candidates to be deleted. Before the recall of, the website of the Public Appointments Service, 529 people had already opened a message.

The recipients of the message were subscribed to lists containing an update information about a specific role in the civil service.

According to the PAS statement, no other personal information was involved in this data leak other than the list of job alerts the candidate had subscribed to and the candidate's name.  All potentially affected individuals have been informed of the incident.

Although the leak didn't involve a large amount of sensitive personal data, such incidents can have serious consequences for both PAS and its users. Any personal information could be used for fraudulent purposes in the future. That’s why it’s crucial to make sure that all the required steps for mitigation of  human-related risks are ensuring of data protection are taken. The set of measures required includes enhancing employees’ competencies in information security related issues, implementation of advanced protective solutions, hiring onboard infosec officers or referring to the outsourcing experts.

Subscribe to get helpful articles and white papers. We discuss industry trends and give advice on how to deal with data leaks and cyberincidents.