Five data incidents caused by human error

5 min read
Previous post
Next post

In a survey on over 6,000 employees, a huge 62% admitted to making email errors. The media is filled with reports of troubling data breaches affecting practically all industries, from healthcare and defense, to  education. Often it feels that a week doesn’t go by without a new organization hitting the headlines for bcc errors or incorrect recipient mistakes.

Here are five examples of recent data breaches caused by human error.

1. Inns of Court College of Advocacy - November 2023

Once again a data incident within the education sector has reached the UK headlines. The Inns of Court College of Advocacy (ICCA) has contacted the ICO after a “technical issue” left sensitive information, including exam results and health record information of 800 students accessible by the recipients. 

The breach left personal data including more than 440 personal email addresses and phone numbers, as well as academic information and exam marks, accessible to students across the college.

2. NHS Lanarkshire - 2020-2022

When employees of NHS Lanarkshire resorted to using WhatsApp as a quick way to communicate sensitive information, they were just trying to do their job in an efficient manner in a time of uncertainty and stress. 

On the one hand, this was an incident of employees finding technological workarounds in the absence of a secure communication solution. This was further complicated due to the COVID-19 pandemic placing great strain on the NHS and healthcare services across the world. 

The ICO found it necessary to reprimand NHS Lanarkshire for this breach in January 2023. 

3. Hastings Council - August 2023

Blind carbon copy (BCC) errors remain one of the biggest causes of data breaches each year. The majority of these breaches occur when bulk emails are sent in carbon copy (CC). This was the case when Hastings Council sent a bulk email to 357 constituents of the council area with all the recipient’s email addresses visible to each other. 

Residents of Hastings Council area were quick to vent their frustrations with one resident stating “Great job. Now we know all 357 emails of people who use brown bins.” Local councils are responsible for the data of thousands of residents. Regardless of the topic of the communication in question, trust can be quick to lose and particularly hard to regain in the wake of a data loss incident.  

4. NHS Highland - June 2019

Another example of a BCC error came in Summer 2019. NHS Highland accidentally shared the sensitive information of 37 patients accessing HIV services via CC, making email addresses visible to all recipients.  Given the extremely sensitive nature of the recipients, the ICO issued a reprimand of the service in lieu of a £35,000 fine.

In 2022 Zivver was able to prevent 18,000 “failure to use BCC” errors amongst our 6,000 customers. Over 300 cases of “failure to use BCC” are reported to the ICO each year causing enormous damage to reputation and in some cases large fines. Whilst “mistakes happen”, it does not excuse the real-world impact on the affected people. 

5. Police Service of Northern Ireland - August 2023

In response to a Freedom of Information query, an employee from Police Service of Northern Ireland (PSNI) accidentally sent the source information to a member of the public containing the names, officer rank or grade, locations and departments of 10,000 serving officers in PSNI. This breach is further complicated by the tense political history in Ireland which could have led to officers' lives being endangered.  

Zivver helps protect organizations from the leading cause of data breaches - human error. Speak to one of our security experts to learn how Zivver can keep your organization safe from human error data breaches. 

First published -
Last updated - 15/12/23
Free demo
Free demo
Free demo

Ready for a deeper dive? So are we.