Post Office accidentally leaks sub-postmaster data

Post Office accidentally leaks sub-postmaster data

Just nowBy Daniel Thomas, Tom Espiner, BBC business reporterEPA

The Post Office has launched an urgent investigation after it accidentally published the names and addresses of 555 postmasters prosecuted during the Horizon scandal.

The company confirmed staff had shared personal details in a document on its website and said it had referred itself to data watchdog the Information Commissioner’s Office.

One former sub-postmaster tweeted that the breach had caused “a great amount of upset, distress and anger” among colleagues.

It comes as witnesses continue to give evidence at an inquiry into the Horizon IT scandal, which saw hundreds of sub-postmasters prosecuted for theft between 1999 and 2015 due to incorrect information from accounting software.

The data breach on Wednesday was first reported by the Daily Mail and led to an angry response from former sub-postmasters.

Former sub-postmaster Christopher Head tweeted the text of a letter he had written to Post Office chief executive Nick Read and chair Nigel Railton.

He wrote: “As you can imagine this has caused a great amount of upset, distress and anger amongst those whose data is now within the public domain.”

Many sub-postmasters who “hadn’t shared details with their own families” and others who were “extremely traumatised by this whole scandal even today” had been hit by the breach, Mr Head wrote.

He added that it was “telling” that the Post Office had not made an apology.

One former sub-postmaster told the Daily Mail she was “incandescent”. Wendy Buffrey said that the action could “destroy lives” because criminals could now target sub-postmasters who had received compensation.

Ron Warmington, the forensic investigator whose firm Second Sight was brought in to probe the Horizon system in 2013, told the Mail it was “an extraordinary breach” of confidentiality and “another example of Post Office incompetence”.

The leaked document contained the names of 555 former subpostmasters who sued the Post Office in 2017.

In 2019, the firm agreed to pay them £58m in compensation, but much of the money went on legal fees.

In a statement the Post Office said the document had been removed from its website.

It said: “We are investigating as an urgent priority how it came to be published. We are in the process of notifying the Information Commissioner’s Office (ICO) of the incident, in line with our regulatory requirements.”

An ICO spokesman said: “Post Office Limited have made us aware of an incident and we are assessing the information provided.”

Organisations need tell the watchdog about a data breach within 72 hours of becoming aware of it, if it poses “a risk to people’s rights and freedoms”.

More than 900 sub-postmasters were prosecuted for stealing because of incorrect information from Horizon in what has been called the UK’s most widespread miscarriage of justice.

Many sub-postmasters went to prison for false accounting and theft, and many were financially ruined.

After years of legal wrangling the government said in January that it would “swiftly exonerate and compensate” those affected.

Two former bosses from Fujitsu, the company behind the Horizon IT system, denied knowing about issues with the system at the inquiry on Wednesday.

One of them, Duncan Tait, said Post Office bosses “never escalated to me any issues regarding Horizon integrity”.

“Indeed, I heard repeatedly that the subpostmasters’ claims regarding Horizon integrity were unfounded and that the system was working well.”


Table of Contents

More Posts