Late Post

Ministry of Justice in the dock for catalogue of serious data breaches

The UK Ministry of Justice (MoJ) reported 17 serious data breaches to the Information Commissioner’s Office (ICO) during 2019-2020.

According to data contained in the MoJ annual report (2019-2020) and analysed by the Parliament Street think-tank, the department has been responsible for a catalogue of major incidents of personal data loss affecting a total of 121,355 people.

These included a misplaced, unencrypted USB stick containing documents from a trial, accidental disclosure of the identify of an applicant and the names of children in a domestic violence case, and loss of a laptop and phone containing personal details of MoJ employees.

But by far the largest incident revealed in the report, impacting as many as 120,000 people, involved a sub-processor’s technical error, which made various files on a staff training database briefly accessible to unauthenticated users, allowing one full and one partial unauthorised download. Information disclosed included staff data, such as names, work locations, staff numbers, national insurance numbers, email addresses and training records.

The second largest incident, said to have affected 143 people, saw a set of prison records incorrectly dispatched to the wrong prisoner, leaking data relating to the offender’s friends, family, solicitors and MoJ officials.

In another