Get all your news in one place.
100’s of premium titles.
One app.
Start reading
Daily Mirror
Daily Mirror
National
Ryan Merrifield

Council accidentally publishes staff's names and salaries online in huge blunder

Thousands of council workers had their salaries and other personal details accidentally leaked online.

The mishap involving 15,000 workers at South Lanarkshire Council in Scotland came about when a spreadsheet was shared, with other details said to also include National Insurance numbers.

The breach was confirmed by the local authority thanks to a Freedom of Information (FOI) request published on WhatDoTheyKnow.

The site is used to submit and respond to FOI requests.

A spokesperson put the leak - which occurred in April this year - down to "human error" and came about after a request for details about staff pay grades.

On the first page of the spreadsheet submitted by the council, data was anonymised but the second page reportedly included names, workplaces, salaries and NI numbers.

However, further sensitive information, including bank details, dates of birth and home addresses were not disclosed.

The breach came about due to an FOI response (Getty Images/Tetra images RF)

The error was only discovered last week meaning the information was available for over a month.

A council spokesperson told the Mirror: “A spreadsheet containing anonymised employee data was uploaded to a website in response to a Freedom of Information request.

"Unfortunately as a result of human error, the spreadsheet contained a second page of personal data that had not been anonymised.

"The error was noticed by the council and we arranged for that data to be removed.

“To the best of our knowledge the information was not accessed, and we believe the data could not be used in a way that would be harmful to those involved.

“However, I can confirm that we are contacting those affected by the error and we have reported the breach to the Information Commissioner.”

Data leaked reportedly included National Insurance numbers (Alamy Stock Photo)

The GMB union said it will back any members at council taking action if they suffered any financial loss as a result of the breach.

GMB organiser Ude Adigwe said staff are right to be concerned and deserve more than assurances that such an error will not happen again.

He said: "This is a very concerning incident and poses serious questions about the council's data management processes.

"Staff deserve more than a simply assurance from the council that policies and procedures have been tightened.

"They deserve an investigation, the fullest possible explanation of how this happened and to be told exactly what measures are being taken to stop it happening again."

Unison's South Lanarkshire branch posted on Facebook that representatives of the union had met with the council on Wednesday (May 17).

It said the breach was only found last Tuesday.

The statement said: "Data Breach at SLC. We met with the Chief Executive and others today. The breach happened in April and was discovered last Tuesday.

"The information released included, name, workplace, line manager, salary and National Insurance number.

"It did not involve bank details, date of birth, email or home address.

"The information has been returned and the recipient has confirmed they have removed it and destroyed it.

"The Council's view is that there is a low risk to staff given the information released.

"Unions noted the explanation from the CE and will consider what else is needed following further advice."

Sign up to read this article
Read news from 100’s of titles, curated specifically for you.
Already a member? Sign in here
Related Stories
Top stories on inkl right now
Our Picks
Fourteen days free
Download the app
One app. One membership.
100+ trusted global sources.