The Guardian has revealed that personal information from job applicants at the Tate has been exposed online, compromising addresses, salaries, and phone numbers of examiners.
These extensive records, running hundreds of pages, were shared on a site not affiliated with the government-supported organization managing London’s Tate Modern, Tate Britain, Tate St Ives in Cornwall, and Tate Liverpool.
The leaked data encompasses details like the current employers and educational background of applicants related to the Tate’s Website Developer Search in October 2023, affecting 111 individuals. While names are undisclosed, referees’ phone numbers and personal email addresses might be included. It remains unclear how long this information has been available online.
Max Kohler, a 29-year-old software developer, learned his data had been compromised after one of his application reviewers received an email from an unfamiliar source who accessed the online data dump.
Kohler found that the breach contained his last paycheck, current employer’s name, other reviewers’ names, email addresses, home addresses, and extensive responses to job interview questions.
“I feel extremely disappointed and disheartened,” he stated. “You dedicate time filling out sensitive information like your previous salary and home address, yet they fail to secure it properly and allow it to be publicly accessible.”
“They should publicly address this issue, provide an apology, and clarify how this happened, along with actions to prevent future occurrences. It likely stems from inadequate staff training or procedural oversights.”
Reported incidents of data security breaches to the UK’s Information Commissioner’s Office (ICO) continue to rise. Over 2,000 incidents were reported quarterly in 2022, increasing to over 3,200 between April and June of this year.
Kate Brimstead, a partner at Shoesmith law firm and an authority on data privacy, information law, and cybersecurity, commented: “Breaches do not always have to be intentional. While ransomware attacks attract significant attention, the scale of current breaches is substantial.” Errors can often contribute to these incidents, highlighting the necessity for robust checks and procedures in daily operations. “Managing our data can be tedious, but it remains crucial,” she added.
The ICO emphasized that organizations must report a personal data breach to them within 72 hours of being aware, unless there is no risk to individuals’ rights and freedoms. If an organization decides not to report, they should maintain a record of the breach and justify their decision if needed.
After newsletter promotion
A spokesperson for Tate stated: “We are meticulously reviewing all reports and investigating this issue. Thus far, we haven’t identified any breaches in our systems and will refrain from further comment while this issue is under investigation.”
quick guide
Contact us about this story
show
The integrity of public interest journalism relies on firsthand accounts from knowledgeable individuals.
If you have insights regarding this issue, please contact us confidentially using the methods listed below.
Secure messaging in the Guardian app
The Guardian app provides a way to share story tips. Messages sent via this feature are encrypted end-to-end and integrated within typical app functions, keeping your communication with us secure.
If you haven’t yet downloaded the Guardian app, you can find it on (iOS/Android) and select “Secure Messaging” from the menu.
SecureDrop, instant messaging, email, phone, and postal mail
If you can secure your use of the Tor network, you can send us messages and documents through our <a href=”https://www.theguardian.com/securedrop”>SecureDrop platform</a>.
Additionally, our guide located at <a href=”https://www.theguardian.com/tips”>theguardian.com/tips</a> lists several secure contact methods and discusses the advantages and disadvantages of each.
Source: www.theguardian.com
