Identities of 150 survivors of historical abuse exposed in major data breach

A newsletter was circulated in an email by the HIA Interim Advocate’s Office on Friday which revealed the names of recipients in error.

The email was sent on behalf of the Interim Advocate for victims and survivors of historical institutional abuse Brendan McAllister, whose office has been accused of breaching GDPR and privacy rights.

A solicitor for a number of the victims said he has written to Mr McAllister.

Solicitor Owen Beattie from KRW Law said: “Obviously there are hugely sensitive concerns arising from this leak which need addressed as a matter of extreme urgency.

“I can confirm that we’ve written to the Interim Advocates Office and would hope to get the necessary assurances that immediate steps are taken to remedy the breach.

“It’s vital that victims and survivors are assured that nothing will impede their redress applications with the HIA.

“This ought to remain the most important issue for them at this stressful time.”

In a statement, Mr McAllister confirmed the data breach at his office and issued an apology to those affected.

He said that measures were immediately taken to recall the email and the incident was reported to the Information Commissioner.

Mr McAllister said: “I would like to apologise for the disclosure of email details.

“We have been in touch with all concerned to inform them of this unfortunate development.

“Steps are also being taken to investigate how this data breach occurred.”

Jon McCourt, from the campaign group Survivors North West, said he has received numerous calls from victims who are concerned that their privacy and confidentiality has been compromised.

He said: “Engaging with the HIA Inquiry and any of its attributes was a very personal decision for many.

“Before this they discussed it very little, if at all. To take the step to then address this issue from the past took courage and a lot of trust in those they engaged with.

“This is what has been damaged through this incident. The effort to recall the email would indicate that somehow there was an awareness that something had gone wrong.

“I am assuming that the list of email addresses was pasted into the ‘CC’ box on the email rather than the ‘BCC’ box where they would have gone individually to recipients with just their own email on it.

“Unfortunately, that didn’t happen. As a result, a lot of vulnerable people now have had their email addresses shared within the recipients and quite rightly feel exposed.”

Marty Adams, of the Survivors Together group, said: “Today I have been contacted, again, by some on the email list, stating that others who were on the list, who before this never knew they existed, have been sending them emails.

“There are serious issues around Data Protection which are concerning to all of us.

“This has shaken quite a few and is the direct result of at least an error of judgment.

“Contact details were given in confidence to the HIA Interim Advocates office so that victims and survivors could be updated with progress on the Redress Process and the establishment of future services.

“They have a right to expect to have their identity, including their email addresses, treated with confidence. The HIA Interim Advocate need to urgently investigate what went wrong and do whatever necessary to mitigate its impact.”