Home Office leaked email addresses of hundreds of Windrush migrants
News / Home Office leaked email addresses of hundreds of Windrush migrants
9 April 2019
The Home Office has issued a public apology for committing an “administrative error” that resulted in the leakage of email addresses of hundreds of Windrush migrants to others.
Last week, Home Secretary Sajid Javid launched a new Windrush Compensation Scheme to provide compensation to a large number of migrants “who did not have the right documentation to prove their status in the UK and suffered adverse effects on their life as a result”.
The compensation is to be provided to individuals who have suffered the loss of employment, lost access to housing, education or NHS healthcare or suffered emotional distress or deterioration in mental and physical health. The scheme is open to anyone from any nationality who has the right to live or work in the UK and arrived in the UK before 31 December 1988.
Hundreds of email addresses leaked by the Home Office
A large number of Windrush migrants requested the Home Office to provide more information about the compensation scheme, following which a series of emails were sent out to these migrants with each email containing about a hundred recipients.
However, before sending the emails, the Home Office failed to mask email addresses by entering them in the ‘bcc field’, thereby leaving email addresses of hundreds of migrants visible to others. After the breach was discovered, Immigration Minister Caroline Nokes issued an apology for the “administrative error”, stating that an internal review had been launched to investigate the breach.
“Even though there are technologies available in the Cybersecurity market for masking or anonymising email addresses, this breach was mainly due to a poor, human based-decision,” said Jonathan Deveaux, Head of Enterprise Data Protection at comforte AG.
“More organisations need to enable data protection of personal or sensitive info to ‘automatically’ occur, upon creation of the data, so that ‘accidental insider’ events like this happen less often. The data-centric security model adheres to this and is starting to gain momentum with organisations who want to stay out of the news headlines and restore data privacy,” he added.
Jay has been a technology reporter for almost a decade. When not writing about cybersecurity, he writes about mobile technology for the likes of Indian Express, TechRadar India and Android Headlines