There are red faces at the Home Office after it admitted a data breach that saw it accidentally share the details of hundreds of EU citizens who applied for settled status in the UK.

It has emerged that the Home Office had this week revealed about the personal email addresses of 240 EU citizens in an group email.

It is the second mistake the Home Office has made recently, after it was forced to apologise earlier this week to the Windrush generation, after about 500 private email addresses were mistakenly shared with recipients of a mailing list for the compensation scheme.

Data breach

This second potential breach of the Data Protection Act came after the Home Office sent out an email on Sunday 7 April asking EU applicants, who had already struggled with technical problems, to resubmit their information for “settled status” in the UK.

But it failed to use the “blind CC” box on the email, revealing the details of other applicants.

It then sent out another email in which it apologised to those who had been affected.

“The deletion of the email you received from us on 7 April 2019 would be greatly appreciated,” the second Home Office email reportedly said.

The department blamed the incident on an administrative error, and may now have to make an apology in Parliament.

“In communicating with a small group of applicants, an administrative error was made which meant other applicants’ email addresses could be seen,” a Home Office spokesman was quoted by the BBC as saying.

“As soon as the error was identified, we apologised personally to the 240 applicants affected and have improved our systems and procedures to stop this occurring again,” it added.

EU citizens can apply for settled status in the UK, which allows them to continue to live and work here after Brexit is finalised. But the system has been criticised for being slow and overly bureaucratic.

Human error

And at least one security expert questioned why there wasn’t a safety net to stop such a simple data breach from occuring.

“When using email to send communications containing personal or sensitive information, there has to be a safety net in place to protect against data breaches caused by human error,” said Tim Sadler, CEO at Tessian.

“The reputation of bodies like the Home Office rests on how they keep citizen data safe,” said Sadler. “With two breaches reported in the last week, the Home Office now needs to ensure its security practices are up to scratch. Data protection measures that focus on protecting people, identifying and alerting users when a mistake is about to happen, will guarantee incidents like this cannot reoccur.”

Do you know all about security? Try our quiz!

Tom Jowitt

Tom Jowitt is a leading British tech freelancer and long standing contributor to Silicon UK. He is also a bit of a Lord of the Rings nut...

Recent Posts

Boeing Starliner Launches Successfully, On Route To International Space Station

Boeing's crewless space taxi, CST-100 Starliner, one step closer to NASA certification, as it enters…

2 days ago

Apple Accused By Union Of Staff Law Violations At NY Store

Staff at Apple's World Trade Centre store in New York are allegedly being questioned and…

2 days ago

Canada To Join Five Eyes 5G Ban On Huawei/ZTE

Making it official. Canada is to turn its unofficial ban on 5G kit from Huawei…

2 days ago

Twitter To Hide Tweets That Share False Information During A Crisis

Potentially risking Elon's wrath over free speech, Twitter says it will hide tweets spreading misinformation…

3 days ago

Boeing Starliner Test Flight Readied For Tonight

Third time the charm? Main rival to SpaceX's Dragon capsule, the embattled Boeing Starliner spacecraft,…

3 days ago

September 13 Slated For iPhone 14 Launch – Report

No surprise there. Apple is slated to launch the iPhone 14 on 13 September according…

3 days ago