Jane Croft 

Post Office accidentally leaks names and addresses of wrongfully convicted operators

Company refers itself to data watchdog after publishing personal details of 555 people involved in Horizon IT lawsuit
  
  

A sign at a Post Office branch in Westminster, London.
The Post Office says it is investigating the data breach as an ‘urgent priority’. Photograph: Hollie Adams/Reuters

The Post Office has launched an “urgent” investigation and referred itself to the data watchdog after it accidentally published the names and addresses of hundreds of post office operators on its corporate website.

The state-owned body published the personal details of 555 people who had been involved in suing the Post Office in a high court lawsuit in 2019. It paved the way for post office operators convicted of theft and false accounting to be exonerated by the courts.

The lawsuit was led by Sir Alan Bates, the campaigner who was played by actor Toby Jones in the ITV hit drama Mr Bates vs the Post Office this year, which portrayed his fight for justice and ignited a public furore about the scandal caused by faulty Horizon IT software.

Since being alerted to the publication, which was first reported by the Daily Mail, the Post Office has removed the document containing the personal data from its website and alerted the Information Commissioner’s Office (ICO).

The incident has angered post office operators – some of whom are still waiting for compensation. Many have had their lives ruined and suffered bankruptcy, prison sentences and homelessness after they were wrongly prosecuted in what MPs have described as the worst miscarriage of justice in British legal history.

Legislation introduced before the general election has quashed the convictions of operators who were prosecuted between September 1996 and December 2018.

The Post Office said: “The document in question has been removed from our website. We are investigating as an urgent priority how it came to be published. We are in the process of notifying the Information Commissioner’s Office of the incident, in line with our regulatory requirements.”

The ICO said: “Post Office Limited have made us aware of an incident and we are assessing the information provided.”

The ICO can issue fines for the most serious cases of data breaches in the public sector, as well as warnings, reprimands and enforcement notices.

In 2021, the ICO issued a £500,000 fine to the Cabinet Office after the postal addresses of the 2020 new year honours recipients were disclosed online. The ICO also imposed a £20m fine on British Airways after customer data was hacked in 2018.

 

Leave a Comment

Required fields are marked *

*

*