Stay up to date with notifications from The Independent

Notifications can be managed in browser preferences.

‘Serious data breach’ as MPs’ staff names and salaries wrongly posted online

‘Extremely sensitive personal information’ is accidently published on watchdog’s website 

Benjamin Kentish
Friday 31 March 2017 11:50 EDT
Comments
Fears have been raised about the security of parliamentary staff following the murder of Jo Cox and the terrorist attack in Westminster
Fears have been raised about the security of parliamentary staff following the murder of Jo Cox and the terrorist attack in Westminster (Getty)

Your support helps us to tell the story

From reproductive rights to climate change to Big Tech, The Independent is on the ground when the story is developing. Whether it's investigating the financials of Elon Musk's pro-Trump PAC or producing our latest documentary, 'The A Word', which shines a light on the American women fighting for reproductive rights, we know how important it is to parse out the facts from the messaging.

At such a critical moment in US history, we need reporters on the ground. Your donation allows us to keep sending journalists to speak to both sides of the story.

The Independent is trusted by Americans across the entire political spectrum. And unlike many other quality news outlets, we choose not to lock Americans out of our reporting and analysis with paywalls. We believe quality journalism should be available to everyone, paid for by those who can afford it.

Your support makes all the difference.

The Independent Parliamentary Standards Authority (IPSA) has said it is investigating a “serious data breach” after a document containing details of MPs’ staff names and salaries was wrongly posted on the internet.

In a letter to MPs, the organisation’s Chief Executive, Marcial Boo, revealed that “extremely sensitive personal information” about parliamentary staff had been mistakenly published on its old website.

“I am very sorry to have to inform you that last night there was a serious data breach on the old IPSA website,” he wrote to MPs. “Some documents were published in error.”

“These should not have been made public as they contained confidential personal information about MPs’ staff names, salaries, rewards, working patterns and holiday entitlements.”

The IPSA boss insisted, however, that no information that might compromise staff security had been published.

“I would like to reassure you that no information relating to the security of the individuals affected was made public – no addresses, no bank account details, no phone numbers, and no National Insurance numbers were disclosed,” he wrote.

The information remained online for around four hours and was removed by IPSA “within an hour” of it being notified about the issue.

The watchdog said it takes information security “very seriously” and considered the safety of people working in Parliament to be “a priority”. It is currently investigating how the information was made public and will directly contact all those affected by the breach.

The news comes amid ongoing fears about the safety of parliamentary staff. New security training and guidelines were issued after Labour MP Jo Cox was murdered in her constituency last June.

Fears about security at the Palace of Westminster re-emerged when attacker Khalid Masood was able to breach the building’s security perimeter and stab PC Keith Palmer to death before being tackled by armed police. The Met Police has said a full review of security on the parliamentary estate is underway.

IPSA has previously been criticised over its decision to award MPs an 11 per cent pay rise while other public sector salaries remained frozen. A number of parliamentarians have previously complained that the watchdog is inefficient and overly bureaucratic.

Join our commenting forum

Join thought-provoking conversations, follow other Independent readers and see their replies

Comments

Thank you for registering

Please refresh the page or navigate to another page on the site to be automatically logged inPlease refresh your browser to be logged in