Data breach revealed at Southend Council

It has been revealed that details of more than 2,000 staff and councillors have been made public in a data breach at Southend-on-Sea City Council.

The data includes names, addresses and National Insurances Numbers.

The breach follows a Freedom of Information request from May.

In response to the request, the council uploaded a spreadsheet online, initially believing that it only contained anonymised information for one department. However, it was later revealed that it also included "personal and special category" data of all current staff and leavers as of 31 March 2023.

The council has referred itself to the  the Information Commissioner’s Office (ICO).

The Council has notified employees and is in the process of contacting a limited number of other individuals following the incident.

In a statement, Cllr Tony Cox, leader of the council said: “We have immediately begun an investigation to understand how this happened and I sincerely apologise to those affected on behalf of the organisation.

“It is important to stress that this information did not contain bank details and was not obvious or visible without interrogation of the spreadsheet.

“However, this information included details such as national insurance numbers, pension scheme details, salary, names and addresses and equal opportunities data where provided.

“This breach also includes a less extensive list relating to elected councillors as of 31 March 2023.

“The spreadsheet has been removed from the website, we have self-reported this as a data breach to the Information Commissioner's Office, and councillors, staff and former staff affected are being informed, along with providing advice and support to them.

“We have also taken immediate actions, including starting to investigate how this happened, undertaking an initial assessment to understand the potential risk to staff and whether the data could be used in a harmful way, providing advice and support to all staff affected, and stopping the use of Excel spreadsheets in our FOI responses. We are also reviewing our FOI protocols to ensure this cannot happen again.”