Have you been affected by the Mermaids data breach?
Mermaids UK, a charity that supports transgender children and young people, has experienced a severe data breach. Mermaids is the UK's leading charity when it comes to offering support around gender and identity to those under 20. According to an article in the Sunday Times, the Mermaids data breach exposed thousands of private emails between the charity and parents. The emails were made public online.
What happened in the Mermaids data breach?
The privacy violation exposed emails between 2016 and 2017. According to the Times: "More than 1,000 pages of Mermaids' confidential emails, including anguished messages from parents about their children's suffering, were uploaded for anyone to view." It says that thecorrespondence includes names, addresses and telephone numbers.
However, Mermaids claims that the 1,100 emails were between executives and trustees of the charity. It says that they discussed matters relating to their work. It argues that they were only searchable "if certain precise search-terms were used".
The charity has said that it is "deeply sorry" for this "historical data breach". It removed the content from public view after being warned of the leak. It also reported the breach to the Information Commissioner's Office and the Charity Commission.
Read the Mermaids data breach response in full.
Is the data breach worse than the charity claims?
According to the Sunday Times, the emails contained "intimate details of the vulnerable youngsters it seeks to help". It reports that these emails could be found by entering the charity's name and its number into a search engine.
Mermaids denies this and argues that there is "no evidence" that anyone other than the Sunday Times, or those contacted by their journalist had access to the information.
A spokesperson for the charity said: "To be clear this is absolutely not Mermaids service users emailing each other, and their emails and private correspondence being available to an outside audience".
An independent investigation into the Mermaids data breach will now take place.
How worried should you be?
Commenting on the data breach, a spokesperson from Mermaids said: "At the time of 2016-2017, Mermaids was a smaller but growing organisation. Mermaids now has the internal processes and access to technical support which should mean such breaches cannot now occur".
However, regardless of the size of the charity at the time, people using its services had the right to expect that their data was protected. So this doesn't help those vulnerable individuals whose personal and potentially intimate details were exposed.
Also, it seems like the charity is hoping that it can get away with just apologising and promising that it won't happen again. But such a noticeable absence of care over the very real impact of a data breach should not be tolerated or accepted.
Every day we see what happens when the personal information of people across the UK falls into the wrong hands. And the consequences can be damaging and long-lasting.
Making a charity data breach claim
Many people are passionate about the charities and causes they care about. But, while you might support their aims, it is vital that they meet their obligations when it comes to protecting your sensitive data.
Where they fail to do this, holding them to account is often the only way to ensure standards are improved. Often charities and organisations are insured against data breaches. So you don't have to worry about the impact of the good work you support.
Have you been affected by the Mermaids data breach?
Mermaids has contacted those affected by the breach. If your data is at risk, you may be able to make a no-win, no-fee Mermaids data breach compensation claim.
You can make a compensation claim if you have struggled emotionally following a data breach. Even if you have not experienced any financial loss.
If you are worried that Mermaids UK has put your data at risk, find out how to make a data breach compensation claim. Or contact ustoday for a free initial assessment.