Mermaids

The transgender charity mermaids became aware of a data breach in relation to an internal email group.

It was found that the group was created with insufficiently secure settings, leading to approximately 780 pages of confidential emails being viewable online for nearly three years.

The compromised information includes personal information, such as names and email addresses, of 550 people being searchable online.

The personal data of 24 of those people were sensitive as it revealed how the person was coping and feeling.

A further 15 classified as unique category data as mental and physical health and sexual orientation were exposed.

Mermaids have significantly improved its data protection processes since learning about the security compromise and fully cooperating with the ICO investigation.

Source: https://ico.org.uk/about-the-ico/media-centre/news-and-blogs/2021/07/ico-fines-transgender-charity-for-data-protection-breach-exposing-sensitive-personal-data/

"id": "MER163711223",
"linkid": "mermaids-uk",
"type": "Breach",
"date": "07/2021",
"severity": "60",
"impact": "3",
"explanation": "Attack with significant impact with internal employee data leaks"