Insider steals 79,000 email addresses at work to promote own business

After saying they're very sorry, they escape with a slap on the wrist

A former council staff member in the district where William Shakespeare was born ransacked databases filled with residents' information to help drum up new business for their outside venture.

The UK's Stratford-on-Avon District Council concluded its investigation into a November data breach last week, finding tens of thousands of email addresses stolen from a garden and waste collection database.

A database holding information on Warwick District Council residents was also raided and has been accessible due to a joint working arrangement between the two councils.

The total number of email addresses stolen stands at around 79,000, Stratford-on-Avon District Council confirmed.

These email addresses were stolen, it's said, for the purposes of promoting the individual's business – which was unrelated to the council. Unsurprisingly, the person responsible is no longer employed there.

"On behalf of the council I would like to apologize for this data breach," said David Buckland, chief executive at Stratford-on-Avon District Council. "When the Council was alerted to this, we immediately began a full investigation to understand how this happened.

"It is important to stress that this information only contained email addresses, it did not contain any bank details, or names and addresses. We have concluded through our investigations that this data breach was a deliberate act by an individual, and not a breakdown of the robust internal controls we have in place."

The individual behind the data theft, who has not been named, was referred to Warwickshire Police and was subject to investigation from law enforcement, but has escaped with an official caution – a slap on the wrist.

Apparently they "apologized sincerely" and the police confirmed that all data had been deleted.

The Information Commissioner's Office (ICO) was also notified and decided not to take the matter further.

"Despite the robust procedures in place to protect resident's information, it has been very disappointing to find that an employee has acted independently for their own gain," said Chris Elliott, chief executive at Warwick District Council. 

"I would like to reassure our residents that this was an isolated incident, and I am satisfied that the necessary steps have been taken and the data breach is now resolved." ®

More about

TIP US OFF

Send us news


Other stories you might like