Personal data breach

Matt, I do agree that Katie's support is excellent, but in this case the problem was related to DIM fees, not CIMs, so Katie had little involvement. The analysis of what had happened was mainly done by David Gibson, supported by Dave Cooke and Ari. I took over the co-ordination when it became clear that it was BCA data, not BCRA,. My name is on the ICO registration because as Treasurer I paid the fee. The email text is a joint effort also including Aidan.
 
The BCRA have been made aware of a personal data breach in which some personal information of BCRA members was accidentally made publicly accessible. The BCRA are working to reduce the impact of the breach, and are aware of their responsibilities under UK GDPR regarding managing and reporting the breach.

To minimise impact to data subjects please refrain from directly discussing where this personal data may still be accessible. If you wish to disclose this directly to the BCRA please do so to it-manager@bcra.org.uk.

Note: I am not involved with IT at the BCRA, but am passing on a message. A previous thread on this subject has been deleted by request of the OP.
People these days are so weak. You googled your name (nonce behaviour) and got scared. Lol.
 

aricooperdavis

Moderator
Nonetheless, an impressive and comprehensive response, put together very quickly indeed (presumably with help from others too including Ari and Katie who's support to BCA has been outstanding).
I've contributed very little, but have been involved in the conversation, and am thoroughly impressed with how swift and comprehensive the response from the volunteers has been.

Also a good opportunity to say how grateful I am to the BCRA/BCA volunteers who manage membership for their efforts over the years - it's rarely visible but a huge admin task behind the scenes.
 
The first batch of email notifications to the affected members have now gone out.

My apologies to all those in that batch - I've been wrestling with this incident all week, and it's the first time I've tried to send a batch email to members - so I was a bit stressed and forgot to put the email addresses in the BCC field, so have inadvertently created a new data breach by sending all the recipients everybody's email address. Doh! Not a very good thing to do when I'm signing myself as Acting Data Protection Officer ...
 
The first batch of email notifications to the affected members have now gone out.

My apologies to all those in that batch - I've been wrestling with this incident all week, and it's the first time I've tried to send a batch email to members - so I was a bit stressed and forgot to put the email addresses in the BCC field, so have inadvertently created a new data breach by sending all the recipients everybody's email address. Doh! Not a very good thing to do when I'm signing myself as Acting Data Protection Officer ...
If it makes you feel a little better as regards BCC a fairly prestigious exam board has done that at least twice quite recently which also may explain a rash of phising stuff I had as well, pobody's nerfect.

Jim
 
Third and final batch of emails sent. All potentially affected email addresses that are still in use should now have been notified.
 
Top