UK organization apologizes over historical leak
A historical data breach at a charity supporting transgender youths exposed private internal emails for up to two years, the organization has confirmed.
UK charity Mermaids, which offers support to trans children and young people, apologized for the incident, which spanned over 2016 and 2017.
Internal emails from a private user group were available online if certain search terms were used, the charity said.
It did not confirm the scope of the breach, but said that it was made aware of the incident last Friday.
The charity immediately notified the Information Commissioner’s Office, the data protection body responsible for enforcing GDPR.
A statement read: “The material mainly consisted of internal information involving full and frank discussion of matters relevant to Mermaids, but unfortunately included some information identifying a small number of service users.
“Mermaids has contacted these people. The information, seen in its actual and proper context, is normal internal information for a group such as Mermaids.”
Those affected have been contacted and the incident has been reported to the Charity Commission.
It is understood that the information couldn’t be discovered unless the person searching for it was already aware of how to find it.
The breach came to light yesterday via a report in The Sunday Times.
A spokesperson for Mermaids added: “Finally, Mermaids apologises (sic) for the breach. Even though we have acted promptly and thoroughly, we are sorry.
“At the time of 2016-2017, Mermaids was a smaller but growing organization (sic). Mermaids now has the internal processes and access to technical support which should mean such breaches cannot now occur.”
The Daily Swig spoke with a representative for Mermaids via email, who referred to the official statement for comment.