There are red faces at the Home Office after it admitted a data breach that saw it accidentally share the details of hundreds of EU citizens who applied for settled status in the UK.

It has emerged that the Home Office had this week revealed about the personal email addresses of 240 EU citizens in an group email.

It is the second mistake the Home Office has made recently, after it was forced to apologise earlier this week to the Windrush generation, after about 500 private email addresses were mistakenly shared with recipients of a mailing list for the compensation scheme.

Data breach

This second potential breach of the Data Protection Act came after the Home Office sent out an email on Sunday 7 April asking EU applicants, who had already struggled with technical problems, to resubmit their information for “settled status” in the UK.

But it failed to use the “blind CC” box on the email, revealing the details of other applicants.

It then sent out another email in which it apologised to those who had been affected.

“The deletion of the email you received from us on 7 April 2019 would be greatly appreciated,” the second Home Office email reportedly said.

The department blamed the incident on an administrative error, and may now have to make an apology in Parliament.

“In communicating with a small group of applicants, an administrative error was made which meant other applicants’ email addresses could be seen,” a Home Office spokesman was quoted by the BBC as saying.

“As soon as the error was identified, we apologised personally to the 240 applicants affected and have improved our systems and procedures to stop this occurring again,” it added.

EU citizens can apply for settled status in the UK, which allows them to continue to live and work here after Brexit is finalised. But the system has been criticised for being slow and overly bureaucratic.

Human error

And at least one security expert questioned why there wasn’t a safety net to stop such a simple data breach from occuring.

“When using email to send communications containing personal or sensitive information, there has to be a safety net in place to protect against data breaches caused by human error,” said Tim Sadler, CEO at Tessian.

“The reputation of bodies like the Home Office rests on how they keep citizen data safe,” said Sadler. “With two breaches reported in the last week, the Home Office now needs to ensure its security practices are up to scratch. Data protection measures that focus on protecting people, identifying and alerting users when a mistake is about to happen, will guarantee incidents like this cannot reoccur.”

Do you know all about security? Try our quiz!

Tom Jowitt

Tom Jowitt is a leading British tech freelancer and long standing contributor to Silicon UK. He is also a bit of a Lord of the Rings nut...

Recent Posts

OpenAI, Broadcom In Talks Over Development Of AI Chip – Report

Rebelling against Nividia? OpenAI is again reportedly exploring the possibility of developing its own AI…

1 day ago

Microsoft Outage Impacts Airlines, Media, Banks & Businesses Globally

IT outage causes major disruptions around the world, after Crowdstrike update allegedly triggers Microsoft outages

1 day ago

GenAI Integration Efforts Hampered By Costs, SnapLogic Finds

Hefty investment. SnapLogic research finds UK businesses are setting aside three-quarters of their IT budgets…

2 days ago

Meta Refuses EU Release Of Multimodal Llama AI Model

Mark Zuckerberg firm says European regulatory environment too ‘unpredictable’, so will not release multimodal Llama…

2 days ago

Synchron Announces Brain Interface Chat Powered by OpenAI

Brain implant firm Synchron offers AI-driven emotion and language predictions for users, powered by OpenAI's…

2 days ago