Home Office Admits EU Citizen Breach

Tom Jowitt,
Whistleblower leak keyboard security breach © CarpathianPrince Shutterstock

Government department blames ‘administrative error’ for disclosure of hundreds of email addresses

There are red faces at the Home Office after it admitted a data breach that saw it accidentally share the details of hundreds of EU citizens who applied for settled status in the UK.

It has emerged that the Home Office had this week revealed about the personal email addresses of 240 EU citizens in an group email.

It is the second mistake the Home Office has made recently, after it was forced to apologise earlier this week to the Windrush generation, after about 500 private email addresses were mistakenly shared with recipients of a mailing list for the compensation scheme.

Data breach

This second potential breach of the Data Protection Act came after the Home Office sent out an email on Sunday 7 April asking EU applicants, who had already struggled with technical problems, to resubmit their information for “settled status” in the UK.

But it failed to use the “blind CC” box on the email, revealing the details of other applicants.

It then sent out another email in which it apologised to those who had been affected.

“The deletion of the email you received from us on 7 April 2019 would be greatly appreciated,” the second Home Office email reportedly said.

The department blamed the incident on an administrative error, and may now have to make an apology in Parliament.

“In communicating with a small group of applicants, an administrative error was made which meant other applicants’ email addresses could be seen,” a Home Office spokesman was quoted by the BBC as saying.

“As soon as the error was identified, we apologised personally to the 240 applicants affected and have improved our systems and procedures to stop this occurring again,” it added.

EU citizens can apply for settled status in the UK, which allows them to continue to live and work here after Brexit is finalised. But the system has been criticised for being slow and overly bureaucratic.

Human error

And at least one security expert questioned why there wasn’t a safety net to stop such a simple data breach from occuring.

“When using email to send communications containing personal or sensitive information, there has to be a safety net in place to protect against data breaches caused by human error,” said Tim Sadler, CEO at Tessian.

“The reputation of bodies like the Home Office rests on how they keep citizen data safe,” said Sadler. “With two breaches reported in the last week, the Home Office now needs to ensure its security practices are up to scratch. Data protection measures that focus on protecting people, identifying and alerting users when a mistake is about to happen, will guarantee incidents like this cannot reoccur.”

Do you know all about security? Try our quiz!