Rotherham Council in hot water after 'extremely serious' data breach

A LANDLORD criticised Rotherham Borough Council over an “extremely serious” data breach which saw almost 900 people sent each other’s private email addresses.

The authority apologised and referred itself to the Information Commissioner’s Office after a message sent by the selective licensing team leader revealed 897 email addresses.

Sarah Churchill (34), who rents out property in Maltby, compared council HQ Riverside House to inept fictional comedy hotel Fawlty Towers.

Hide Ad
Hide Ad

She added: “I rent property out across the UK and I’ve never come across such a stupid mistake.

“This is really basic stuff as well, especially for a manager. I really think as a council they can be really stupid at things.

“I’ve had so many incidents of them being plonkers. It’s like Fawlty Towers.”

Ms Churchill, who lives in Dorset, said she feared her email address could be sold on for money.

Hide Ad
Hide Ad

She said the message had been sent out at around 5pm on Monday, when the sender mistakenly copied in personal email addresses instead of blind copying, which hides recipients’ details.

“They are not generic work email addresses that have been copied in, it’s all personal contacts,” said Ms Churchill.

“As a landlord and business owner, I am really quite angry this could happen. Exposure to being hacked or being the victim of fraud increases dramatically,” she said.

The council had issued an email apology 24 hours later. Matt Finn, community protection manager, said in the email: “I am contacting you as we have become aware of a data breach which may have resulted in your email address being shared with other landlords who own or manage privately rented property in Rotherham. 

Hide Ad
Hide Ad

“You will have received this email, too. This was an error and is currently under investigation by the council. 

“We are sorry that this has happened and we will be ensuring this cannot happen again.

“At this time we believe the email was sent to 897 people. The information released is only email addresses which is personally identifiable information, but it is not classed as sensitive data.”

Ms Churchill said the ICO should carry out an independent investigation over the “extremely serious” breach.

Hide Ad
Hide Ad

Tom Smith, RMBC assistant director for community safety and streetscene said: “We have immediately apologised to the people affected by this unintentional data breach which should not have happened. 

“We have also referred this to the ICO and we will ensure we follow any recommendations.

“We are committed to ensuring our service users are confident in our effectiveness and accountability.”

A spokesman for the ICO confirmed the council had informed it of the incident.