Expenses watchdog IPSA has written to all MPs and their staff to apologise for what it calls a “serious data breach” on its website last night. IPSA says it accidentally published confidential documents on its site which revealed “MPs staff names, salaries, rewards, working patterns and holiday entitlements”. IPSA says the material was accessible for about four hours and has now been removed.
31 March 2017
Dear Staff Member
I am very sorry to write to inform you that last night there was a serious data breach on the old IPSA website. Some documents were published in error. These should not have been made public as they contained confidential personal information about MPs‘ staff names, salaries, rewards, working patterns and holiday entitlements.
I would like to reassure you that no information relating to the security of the individuals affected was made public – no addresses, no bank account details, no phone numbers, and no National Insurance numbers were disclosed. However, we recognise that this was still extremely sensitive personal information.
We take information security very seriously and the safety and security of MPs and their staff is a priority. An investigation is currently undenNay and we have notified the Information Commissioner. We will be writing directly to all of those affected.
Our first priority was to remove the data from our website as soon as we were first notified and it was taken down from our website last night within an hour of becoming aware of the issue. We believe that the information was accessible for around four hours and we will keep you updated with further details as we carry out a full investigation.
Please contact us if you have any questions at this stage. I sincerely apologise to you for the distress this has caused.
IPSA, already loathed by MPs, about to become even less popular…