Thousands of council workers’ personal data published online in major leak

A major leak made the personal information of thousands of community workers public online this week.

South Lanarkshire Council confirmed that a spreadsheet containing de-identified staff details was inadvertently uploaded to the Whatdotheyknow website in response to a freedom of information request.

1

Nearly 15,000 workers were affected by the violation, which appeared to include names, job descriptions, supervisors, work locations, salary details and social security numbers.

However, no bank account details or home addresses were reportedly released The times.

Council leaders said the bug was quickly spotted and fixed and they didn’t believe the data could be used to harm those involved.

However, the unions confirmed that concerned employees are considering legal action over the error.

Stephen Smellie, from Unison in South Lanarkshire, said: “The breach affected all staff, almost 15,000, who were employed in March 2021. The breach was the result of a mistake by an individual.”

“The CEO indicated that based on the published data, he considered the risk to staff to be low. No bank details, dates of birth, emails or home addresses were given.”

“We have been informed that steps have been taken to improve freedom of information response procedures so that a similar human error cannot happen again.

“The data breach has caused great distress among employees. There is a possibility that individuals will seek redress for this grief.”

South Lanarkshire Council said the breach had been reported to the Information Commissioner.

A spokesman added: “In response to a freedom of information request, a spreadsheet containing de-identified employee details was uploaded to a website.

“Unfortunately, due to human error, the spreadsheet contained a second page of personal data that had not been anonymized.

“The council noticed the error and we arranged for the deletion of this data.

“To the best of our knowledge, the information has not been accessed and we believe the data could not be used in a way that would be harmful to those involved.

“However, I can confirm that we have contacted those affected by the error and have reported the breach to the data protection officer.”

We recently reported on how Arnold Clark faces millions in payments from customers after personal information was stolen in a cyber attack.

We told how the car dealership was targeted by hackers in a large-scale data breach on December 23 last year.

We pay for your stories and videos! Do you have a story or video for The Scottish Sun? Email us at scoop@thesun.co.uk or call 0141 420 5200