'Serious' data breach reveals SCAS vulnerability

A BBC Radio Berkshire Freedom of Information request to the South Central Ambulance Service (SCAS) revealed a data breach that included the insurance details, age, sexuality and religion of almost 3,000 staff members.

According to the BBC the 'serious' breach - which took place in October 2013 - is still under investigation by the Information Commissioner's Office, which took immediate action to remove the leaked data when it was made aware of the incident on 24 April. "All affected individuals, including current and past members of staff, were informed of this breach in a personal letter from the chief executive officer," it said in a statement.

Debbie Watson, of the Unite union representing affected staff members, told the BBC that the breach was "astonishing" and it "shouldn't have happened".

"If this can happen to staff data, which should be confidential, what about their patient data as well?" she asked.

That so many staff members' privacy was breached as part of an FOI request reveals a “lack of basic security controls and knowledge in place to protect sensitive data,” Martin Sugden, CEO of Boldon James, reflected in an e-mail to SCmagazineUK.com.

He concluded:“These incidents show that security awareness, training and staff education around data security is still vital, to ensure that employees appreciate the impact of data losses, as well as understand how to handle sensitive data.”