Journalists’ personal information and bank details have been made public after a data breach at an independent publisher.
The Midlands News Association has confirmed the “data security incident”, which led to the names, addresses, bank account details, National Insurance numbers and dates of birth of a number of former employees being published online.
The publication of the information was made by an “unauthorised third party” and the MNA has told those affected the published details are “difficult to download and access”.
The company has declined to reveal exactly how many people are affected by the breach, but HTFP understands the breach affects employees from as long ago as 2011.
The publisher says it has now “implemented a range of new measures” to prevent a repeat incident from occurring.
According to a letter sent to those affected by MNA managing director Graeme Clifford, which has been seen by HTFP, the publisher discovered the incident on 14 January and “immediately took steps to contain the incident” including appointing IT forensic specialists to look into the matter.
On 22 February, the specialists confirmed they had identified an unauthorised third party had accessed certain folders on the company’s systems and published information online.
Graeme, pictured, wrote to those affected: “Some of your personal data was amongst the information that was published. It is important to stress that there is no evidence that information relating to you was targeted in any way.
“However, given that some information relating to you has been accessed, we wanted to let you know. The information relating to you which was published includes: Name, Address, Bank Account Details, National Insurance Number, Date of Birth.
“It is also important to note that the information that has been published is contained within files that are difficult to download and access.
“We are also engaging with law enforcement to consider what steps can be taken to try to stop continued publication of the data.”
Graeme went on to add there was “no evidence” the data had been “misused”, but urged those affected to “exercise increased vigilance in all matters relating to your personal details”.
The MNA has offered affected parties 12 months of credit and identity monitoring free of charge and has also set up a support helpline.
Graeme added: “We are sincerely sorry for any concern and inconvenience this may have caused you.
“Like many other organisations, MNA faces the challenge of dealing with the increasing sophistication of cyber incidents.
“Whilst avoiding data security incidents can never be fully guaranteed, we would like to reassure you that we take our responsibilities for the protection of your data very seriously.”
An MNA spokeswoman told HTFP: “The MNA recently experienced a data security incident. This incident was quickly dealt with and has been investigated by data security specialists.
“Any individuals whose data was affected as part of the incident have already been contacted
“We take our data security responsibilities very seriously and have implemented a range of new measures to help prevent such an incident reoccurring.”