[BreachExchange] East Lindsey Council data breach reveals job applicants' pay

Inga Goddijn inga at riskbasedsecurity.com
Fri Nov 23 15:09:34 EST 2018


https://www.bbc.com/news/uk-england-lincolnshire-46303740

A council published the confidential details of people applying to be its
new chief executive, including their salaries and suitability for the role.

The blunder was spotted by a member of staff at BBC Radio Lincolnshire, who
notified East Lindsey District Council.

As well as including current and expected salary, the document also
detailed candidates' strengths and weaknesses.

The authority said the error was "clearly unacceptable".

The document, titled "Confidential shortlist pack", was published on
Friday. It has now been taken down.

The pack ranked candidates, contains details of one applicant who had a
phone interview and others who gave "unstructured and incomplete responses"
during their interviews.

It also outlines "strengths" and "areas for consideration" and whether
candidates are prepared to relocate.

Council Leader Craig Leyland said: "First, I'd like to apologise to the
candidates involved in the recruitment process.

"Candidates should be able to apply for positions in total confidence and
we're sorry for any upset and distress this has caused.

"It was a genuine error and we have urgently notified all candidates of
what has happened and reported the incident to the Information
Commissioner.

He said the error was down to an officer "not ticking a box on a computer
screen".

"That officer is absolutely mortified at what happened," he said.

He said the council was urgently reviewing its processes to ensure "such a
mistake isn't made in the future".

Mr Leyland said he had been advised the error was not likely to affect the
recruitment process.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20181123/e652b8db/attachment.html>


More information about the BreachExchange mailing list