Huge data breach at Southend-on-Sea City Council

  • Published
The Civic Centre in Southend - a multi-storey building with mainly glass facade and smaller concrete structure alongsideImage source, Google
Image caption,

Southend-on-Sea City Council could face a huge fine for the data breach

Details of over 2,000 staff and councillors have been made public in a council data breach.

Southend-on-Sea City Council could face six-figure fines for the mistake.

The information disclosed included names, addresses and National Insurance numbers.

The council leader has apologised and said that all those affected would be contacted and offered advice and support.

The breach followed a Freedom of Information request in May.

The council responded to the request by uploading a spreadsheet online.

Initially, it believed the spreadsheet only contained anonymised information for one department, but it became clear that it also included "personal and special category" data of all current staff and leavers as of 31 March 2023.

Personal details disclosed

The breach included names, addresses and National Insurance numbers and involved data of 1,854 current staff and 276 former employees.

A further 169 people were involved, including office holders and canvassers, along with councillors and co-opted members.

The personal details would have been available to anyone who knew how spreadsheets worked.

Image source, Southend-on-Sea City Council
Image caption,

Conservative council leader Tony Cox apologised for the breach

Investigation and apology

Tony Cox, the Conservative leader of the council, said: "We have immediately begun an investigation to understand how this happened and I sincerely apologise to those affected on behalf of the organisation.

"It is important to stress that this information did not contain bank details. However, it included details such as National Insurance numbers, pension scheme details, salary, names and addresses and equal opportunities data.

"The spreadsheet has been taken down from the website. We have self-reported this as a data breach to the Information Commissioner's Office, and councillors, staff and former staff affected are being informed, along with providing advice and support to them."

Mr Cox added that assessments were under way to understand the potential risk to staff and whether the data could be used in a harmful way.

He said the council would no longer send spreadsheets out in response to Freedom of Information requests.

The council is currently dealing with a £14m deficit and could face a large fine from the Information Commissioner's Office.

Stoke-on-Trent Council was fined £120,000 in 2012 following a data breach relating to a case involving a child, and Basildon Council was ordered to pay £150,000 in 2017 for a breach involving information about a family.

Follow East of England news on Facebook, external, Instagram, external and X, external. Got a story? Email eastofenglandnews@bbc.co.uk , externalor WhatsApp 0800 169 1830

Related internet links

The BBC is not responsible for the content of external sites.