Personal data leak in one of Britain’s largest pension providers
Workplace pension provider NOW: Pensions has emailed a number of UK customers to warn about a data leakage caused by contractor error.
The email, seen by this publication, claims a service provider “unintentionally” posted user data to an unnamed “public software forum”. These records include biographical data (names, email addresses, and dates of birth) as well as National Insurance numbers. According to the pension provider, the data was obtained by “a small number” of third parties.
NOW: Pensions said the records were only visible for “a short time”. This apparently means three days, with the company saying the data was exposed between 11 and 14 December.
From the warning issued to customers, it’s hard to grasp the scale of the problem. NOW: Pensions did not disclose how many records were exposed, nor how many third parties copied the leaked data. We asked NOW: Pensions, as well as its PR agency, for comment via phone call and email. At the time of publication, we had not heard back.
As expected, the company has entered damage control, with customers offered 12 months of free Experian Identity Plus (a subscription service that offers credit and darkweb monitoring services) to assuage them of their worries. It also promised to review staff training, and said the individuals responsible for the snafu no longer have access to user data – although the company did not go into any detail about whether they’re working with or for the company.
Both the Information Commissioner’s Office (ICO) and The Pensions Regulator have been informed. An ICO spokesperson told The Register: “NOW: Pensions Limited have reported a breach to us and we will be assessing the information provided.”
Read more @The Register