Two years after the breach, civil servants left reeling at news their data was stolen

Two years after the breach, civil servants left reeling at news their data was stolen

Summary: More than 100,000 UK civil servants' details may have been stolen in a data breach at the Civil Service Sports Club two years ago, but the organisation is only now telling its members.


The Civil Service Sports Club (CSSC) has been forced to send out a letter warning its members that their personal information may have been stolen in a data breach that took place two years earlier.

The organisation sent out the letters on 23 November confirming that personal information such as addresses, phone numbers and National Insurance information had been compromised in the data breach. It did not say exactly how many members details were at risk in a media statement, or how the data was stolen.

"CSSC has been co-operating with the relevant authorities in a criminal investigation regarding the theft of some membership data supplied to CSSC. CSSC has been informed that some of this data was used for fraudulent purposes," CSSC said in a statement (PDF) on Monday.

Despite the lapse, CSSC, which has more than 100,000 members nationally, said it believed personal risk to individuals was low and the resulting "attempted frauds" were directed at the government.

Although did not mention when the data theft took place in the media statement, CSSC told its members that the data was likely taken in February 2010.

"Received letter saying my details probably stolen in Feb 2010, only now been told," Twitter user Mike Pobjoy posted on the social network on Tuesday.

Unsurprisingly Pobjoy wasn't alone in expressing his outrage at the delay in informing members of the potential information leak. "Nearly three years to notify members their personal details have been stolen! Not good enough #CSSC Explains a bogus benefit claim in my name!" said user Claire Jamieson.

CSSC said it had followed the advice of "relevant authorities". "However, investigations now reveal that our full membership database could have been stolen and we have decided that members would want to know about the theft," the organisation added.

The group said past members' details could also have been affected, but that details of members that joined after March 2010 are not at risk.

Topics: Security, Government UK, Privacy, EU, United Kingdom

Ben Woods

About Ben Woods

With several years' experience covering everything in the world of telecoms and mobility, Ben's your man if it involves a smartphone, tablet, laptop, or any other piece of tech small enough to carry around with you.

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.


Log in or register to join the discussion
  • DLP as a managed SaaS

    A good DLP platform like Verdasys which is now being offered as a managed SaaS definitely would have caught this. Here's a UK webinar coming up to learn about how these managed DLP services are going to work:
    • Well, you would say that wouldn't you Betsy...

      ...because you're paid to!

      Because you're an "Independent tech pr working w/ Verdasys"