Identities of historical abuse victims exposed in email data breach

The identities of 250 survivors of historical institutional abuse (HIA) havebeen exposed in a data breach, it has been confirmed.

A newsletter was circulated in an email by the HIA Interim Advocate's Office on Friday which revealed the names of recipients in error.

The email was sent on behalf of the Interim Advocate for victims and survivors of historical institutional abuse Brendan McAllister, whose office has been accused of breaching GDPR and privacy rights.

A solicitor for a number of the victims said he has written to Mr McAllister.

Solicitor Owen Beattie from KRW Law said: "Obviously there are hugelysensitive concerns arising from this leak which need addressed as a matter of extreme urgency.

"I can confirm that we've written to the Interim Advocates Office and wouldhope to get the necessary assurances that immediate steps are taken to remedy the breach.

"It's vital that victims and survivors are assured that nothing will impedetheir redress applications with the HIA.

"This ought to remain the most important issue for them at this stressfultime."

In a statement, Mr McAllister confirmed the data breach at his office andissued an apology to those affected.

He said that measures were immediately taken to recall the email and theincident was reported to the Information Commissioner.

Mr McAllister said: "I would like to apologise for the disclosure of emaildetails.

"We have been in touch with all concerned to inform them of this unfortunatedevelopment.

"Steps are also being taken to investigate how this data breach occurred."

Jon McCourt, from the campaign group Survivors North West, said he has received numerous calls from victims who are concerned that their privacy and confidentiality has been compromised.

He continued: "The effort to recall the email would indicate that somehow there was an awareness that something had gone wrong.

"I am assuming that the list of email addresses was pasted into the 'CC' boxon the email rather than the 'BCC' box where they would have gone individually to recipients with just their own email on it.

"Unfortunately, that didn't happen. As a result, a lot of vulnerable peoplenow have had their email addresses shared within the recipients and quiterightly feel exposed."

Marty Adams, of the Survivors Together group, said: "Today I have beencontacted, again, by some on the email list, stating that others who were on the list, who before this never knew they existed, have been sending them emails.

"There are serious issues around Data Protection which are concerning to allof us.

"This has shaken quite a few and is the direct result of at least an error ofjudgment.

"Contact details were given in confidence to the HIA Interim Advocates officeso that victims and survivors could be updated with progress on the RedressProcess and the establishment of future services.

"They have a right to expect to have their identity, including their emailaddresses, treated with confidence. The HIA Interim Advocate need to urgently investigate what went wrong and do whatever necessary to mitigate its impact."