Trans children’s charity issues apology for data breach

The breach, which was first reported by the Sunday Times, involved the publication of internal correspondence from 2016 and 2017.

The Times reported that the emails, which included messages from parents, contained names, addresses and phone numbers.

In a statement published on its website, Mermaids said it had notified the Information Commissioner’s Office (ICO) and remedied the breach as soon as it had been made aware by the Times. The Charity Commission has also been informed, it said.

The charity said: “The material mainly consisted of internal information involving full and frank discussion of matters relevant to Mermaids, but unfortunately included some information identifying a small number of service users. Mermaids has contacted these people.”

The organisation claimed the information was only available “if certain precise search-terms were used” and maintained there was no evidence that information was accessed by anyone other than the newspaper.

At the time of the breach, the charity was “a smaller but growing organisation,” it said, but now has “internal processes and access to technical support which should mean such breaches cannot now occur”.