Personal data compromised after email hack

Personal details of current and former staff were lost by Age UK in two separate data breaches at the end of last year.

The older people’s charity reported itself to the Information Commissioner’s Office, as well as writing to current and former employees to inform them.

The breaches meant people’s names, addresses, date of birth and national insurance number were lost.

However the charity said no bank details or passwords were lost and it is “not aware of any actual or attempted misuse of any personal data”.

It added that no customer or supporter data was compromised.

Email monitoring software discovered that staff email addresses had been hacked and sensitive information emailed outside of the charity.

The Information Commissioner's Office confirmed that it was investigating.

A spokesman for the charity said: "We can confirm that Age UK has had two recent, unrelated data security incidents concerning information held by Age UK about Age UK employees.

"The information did not include bank details or passwords and we are not aware of any actual or attempted misuse of this personal data.

“We take any threat to data security very seriously and we have acted as swiftly and thoroughly as possible to reinforce our defences. We have informed all individuals affected and the relevant authorities and set up a helpline for any staff wanting more support or information.

“We have also offered to pay for CIFAS Protective Registration for two years for those involved, to provide an extra layer of security to personal information."