Mermaids UK, a charity supporting transgender children has apologised for what it calls a “historical” data breach and says it has referred itself to the Information Commissioner’s Office (ICO) over the incident.
The charity says it took action immediately as soon as it was made aware of the breach last Friday by The Sunday Times. More than 1,000 of the charity’s pages of confidential emails written between 2016 and 2017 were made public online for anyone to view.
Leaked data could be found by searching for ‘Mermaids’ and its charity number, according to the publication. The sensitive correspondence included; names of parents and children, addresses, telephone numbers and messages from the parents of transgender children seeking advice from the organisation.
A mother of one of the children named described the breach as a “fundamental breach of his right to privacy”.
- Openreach Event to Celebrate International Women in Engineering Day
- Visa, MasterCard and Uber Sign on to Facebook’s Blockchain Project
- Aberdeen Fans’ Gothenburg Victory Passwords are a Serious Security Risk
The spokesperson who apologised on behalf of the charity said the breach had happened when Mermaids had been a “smaller but growing organisation”, adding that the emails could only be found if the person searched for the emails.
“Mermaids have rapidly examined all the information so as to ascertain any other measures which need to be taken. So the overall position is that there was an inadvertent breach which has been rapidly remedied and promptly reported the ICO.
“Finally, Mermaids apologises for the breach. Even though we have acted promptly and thoroughly, we are sorry,” the spokesperson added.
Mermaids says there is “no evidence” that the information had been taken by anyone other than the Times, who first reported the breach. As well as reporting itself to the ICO, the charity said an independent third party would investigate the breach and report to the group’s trustees.
“We’re going to be employing a third party to oversee processes and advise on how we can improve internal practice. I think it’s important to note that this dates back some two years when Mermaids was a smaller charity dealing with the first aggressive onslaught from those who are opposed to giving vulnerable transgender children and young people the safe spaces they need.”
The data was shared online after Mermaids chief executive, Susie Green, set up a private service users email group, but the platform was publicly accessible online.