Vulnerable children exposed in Birmingham Council data breach

A serious data breach at Birmingham Council has allegedly put the personal information of vulnerable children at risk. This took place when the Council erroneously published the details of thousands of children on a publicly accessible part of its website. The data uploaded was that of youngsters entitled to free bus passes.

The Council admitted that it added the details to the Brum account – an online facility that provides access to a range of local services.  The information was then publicly available.

No cybercriminals were involved in this breach; instead, the privacy violation occurred because of an error. Nevertheless, should this information fall into the wrong hands, the consequences for these children could be devastating. Councillor Ewan Mackey expressed concerns that organised crime gags would pay for this information and use it to recruit victims of the breach into a life of crime.

Birmingham Council admitted to the breach in an email sent on 19 March 2021. It also reminded employees of the need to be mindful of the data protection implications before sharing or uploading personal data. The Council said that the mistake was “rectified as soon as we became aware” and that it had informed the ICO about the error. It also said that the ICO was not planning any action in response to this breach. However, this might change as, according to the ICO, “we expect the council to update us if new information that affects the circumstances of this case comes to light.”

According to the Council, there is no evidence that any data on vulnerable children was accessed or downloaded before it was removed. Nevertheless, many of those affected by this breach are understandably concerned, especially as it involves an already vulnerable group.