Staff info published in data breach

South Central Ambulance Service NHS Foundation Trust “accidentally” published its staff members' personal information on its website in a data breach.

The trust was alerted to the data breach on April 24 by the Information Commissioner’s Office, after the personal data of nearly 3000 current and former staff members was mistakenly included in a report on the trust’s website.

A trust spokesperson told EHI it took immediate action to remove the data once it became aware of the breach.

The nationality, religious beliefs and sexual orientation of employees was among the information published in the breach.

The information also included employees’ nationality, marital status, age, gender, ethnic origin, disability, religious belief and sexual orientation.

The trust’s chief executive, Will Hancock, has apologised to the affected staff, explaining the extent of the data breach and “offering appropriate support”.

The trust is speaking to the Information Commissioner’s Office about the incident, and has also appointed an external information governance auditor to investigate what led to the breach.

“We have undertaken a thorough review of all our published information on the website (over 2000 documents) and we can confirm that this was the only document affected,” the spokesperson said.

The trust emphasised that the information released was not patient- or clinically-related.

“We take our information governance responsibilities very seriously and we have been cooperating fully with the Information Commissioners Office throughout this investigation.

We have already drafted an action plan to mitigate the risk of this happening again in the future,” the spokesperson said.

The data breach affected 2,826 staff, with the personal information in the report including employees’ names, location of work, job roles and various details of the role.