DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

UK privacy watchdog fines Ministry of Justice for email leaks of prisoner details

Posted on October 22, 2013 by Dissent

The Information Commissioner’s Office (ICO) has served the Ministry of Justice (MoJ) with a monetary penalty of £140,000 after a serious data breach led to the details of all of the prisoners serving at HMP Cardiff being emailed to three of the inmates’ families.

The breach was only discovered when one of the recipients contacted the prison on 2 August 2011 to report that they had received an email from the prison clerk about an upcoming visit, which included a file containing the inmates’ details. The file included a spreadsheet containing sensitive information including the names, ethnicity, addresses, sentence length, release dates and coded details of the offences carried out by all of the prison’s 1,182 inmates.

An internal investigation was launched and the same error was found to have occurred on two previous occasions within the previous month, with details sent to different inmates’ families. Neither incident was reported at the time.  The investigation also revealed that a recently appointed booking clerk at the Prison was arranging visits to prisoners. A request for a booking had been made by a family member of an inmate. The clerk had intended to send him an email about the visit. In doing so, she accidentally ‘pasted’ a text file containing the details of the inmates at the prison as an attachment to the email. The two prior incidents had occurred as a result of the same mistake, by the same clerk.  The monetary penalty notice provides an explanation of how the system worked and how the copy/paste error occurred.

The police and a member of the prison’s staff were sent to the recipients’ home addresses and checks were made to ensure the files had been deleted. The unauthorised disclosures were reported to the ICO on 8 September 2011.

The ICO’s investigation found that there was a clear lack of management oversight at the prison, with the clerk working unsupervised despite only having worked at the prison for two months and having limited experience and training. A lack of audit trails also meant that the disclosures would have gone unnoticed if they hadn’t been reported by one of the recipients.

The investigation also found problems with the manner in which prisoners’ records were handled, with unencrypted floppy disks regularly used to transfer large volumes of data between the prison’s two separate networks.

ICO Deputy Commissioner and Director of Data Protection, David Smith, said:

“The potential damage and distress that could have been caused by this serious data breach is obvious. Disclosing this information not only had the potential to put the prisoners at risk, but also risked the welfare of their families through the release of their home addresses.

“Fortunately it appears that the fall-out from this breach was contained, but we cannot ignore the fact that this breach was caused by a clear lack of management oversight of a relatively new member of staff. Furthermore the prison service failed to have procedures in place to spot the original mistakes.

“It is only due to the honesty of a member of the public that the disclosures were uncovered as early as they were and that it was still possible to contain the breach.”

Today’s penalty was imposed on the Ministry of Justice as the National Offender Management Service, which is responsible for commissioning and delivering prison and probation services across England and Wales, is an executive agency of the department.

SOURCE: Information Commissioner’s Office

Related posts:

  • UK: Welcome Financial Services Limited Fined £150,000 After Backup Tapes With Customer Contact Info Lost
Category: ExposureGovernment SectorNon-U.S.

Post navigation

← Senator Markey Queries Walgreens About How New Pharmacy Model Impacts Patient Privacy, Drug Security
Seton Healthcare Family notifies 5,500 patients of breach involving stolen laptop (CORRECTED) →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Hacker helped kill FBI sources, witnesses in El Chapo case, according to watchdog report
  • Texas Centers for Infectious Disease Associates Notifies Individuals of Data Breach in 2024
  • Battlefords Union Hospitals notifies patients of employee snooping in their records
  • Alert: Scattered Spider has added North American airline and transportation organizations to their target list
  • Northern Light Health patients affected by security incident at Compumedics; 10 healthcare entities affected
  • Privacy commissioner reviewing reported Ontario Health atHome data breach
  • CMS warns Medicare providers of fraud scheme
  • Ex-student charged with wave of cyber attacks on Sydney uni
  • Detaining Hackers Before the Crime? Tamil Nadu’s Supreme Court Approves Preventive Custody for Cyber Offenders
  • Potential Cyberattack Scrambles Columbia University Computer Systems

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • Hacker helped kill FBI sources, witnesses in El Chapo case, according to watchdog report
  • Germany Wants Apple, Google to Remove DeepSeek From Their App Stores
  • Supreme Court upholds Texas law requiring age verification on porn sites
  • Justices nix Medicaid ‘right’ to choose doctor, defunding Planned Parenthood in South Carolina
  • European Commission publishes its plan to enable more effective law enforcement access to data
  • Sacred Secrets: The Biblical Case for Privacy and Data Protection
  • Microsoft’s Departing Privacy Chief Calls for Regulator Outreach

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.