- Mermaids UK inadvertently disclosed over 1,000 pages of confidential emails online.
- The letters exposed in the breach were sent between 2016 and 2017.
Mermaids UK has sent out an ‘apology’ letter for inadvertently exposing private details of transgender children and young people. The data breach occurred after the organization had published part of its email database on the internet.
What data was involved?
In an official statement, Mermaids UK disclosed that over 1,000 pages of confidential emails were exposed online. This included sensitive details of vulnerable youngsters.
The letters exposed in the breach were sent between 2016 and 2017. They included the names, addresses and telephone numbers of those reaching out for help.
“The material mainly consisted of internal information involving full and frank discussion of matters relevant to Mermaids, but unfortunately included some information identifying a small number of service users. Mermaids has contacted these people. The information, seen in its actual and proper context, is normal internal information for a group such as Mermaids,” said the firm in its notification.
Meanwhile, Mermaids has maintained that there is no evidence of data being misused or stolen by threat actors.
How did the firm respond?
The charity and advocacy organization has reported the matter to the Information Commissioners Office (ICO). It has also contacted the affected families as well as the stakeholders and notified them about the data breach.
Mermaids UK is investigating the situation so as to ascertain the extent of the data breach. It is also working on improving the security conditions of its infrastructures.