The Electoral Services department of Wandsworth Council was at the center of a massive data protection scandal after the private details of tens of thousands of London residents were accidentally leaked by their council via email to the wrong recipients.
The emails were intended to inform residents of their nearest polling station ahead of May’s local elections following changes in ward boundaries. However, 43,000 voters – representing nearly 13% of local residents – received names, addresses, and voting instructions for people other than those in their households.
The council apologized but tried to play down the mistake, saying that “there was a problem with the data merge” and that no electoral fraud could result. However, a follow-up email requested the recipient to delete the erroneously sent email and explained that any of the information accidentally leaked was already available for viewing in the public domain if people decided to visit the electoral register.
“We would like to reassure residents that the information contained in these emails is all publicly available in the borough’s electoral register, which is an open document that can be inspected by any member of the public at any time during the year,” read a statement posted by the council on Twitter. “The emails did not contain any information beyond what is already in the public domain.”
Judging by the number of concerned residents commenting on the statement, it has done little to allay voters’ fears. “I don’t want people to know my address because I have a sensitive job,” a Wandsworth resident told a local media outlet. “When I received an email from the council with someone else’s name and address, my first thought was ‘Well, who sent me?”
This breach by the Conservative majority council was on “an unprecedented scale” and is an “unacceptable” incident, Fleur Anderson, Labour MP for Putney and former Wandsworth Borough council member, stated.
“It is chilling and very worrying for everyone whose personal details have been shared with strangers. The council does not seem to accept the severity of this as its very weak response to everyone affected shows,” Anderson added. “They can’t be trusted with our data, and how can we be sure this won’t happen again?”
Earlier this year in January, private detail belonging to British Council students was exposed online via an unsecured Microsoft Azure blob repository containing over 144,000 files. The impacted students were exposed to a broad range of malicious activities, including identity theft, phishing attacks, and scams.