POA Circulars

126 | 23.12.2019


On late Friday 20th December 2019, I received a telephone call from Employee Relations Department advising me that there was a potential data leak affecting the Ministry of Justice.

It would appear that the Ministry of Justice have been informed that due to an incorrectly configured web-server, personal information for the vast majority of staff was made accessible on the internet. This happened between the middle of November and mid December 2019.

The types of information made available would include any information you entered into the My Learning Training Site and some automatically entered data. This would include name, work email addresses, date of birth, details of courses that you have undertaken, where your work location is, your Line Manager and potentially your National Insurance number.

The MoJ at this stage do not believe any special category data, such as health, religious beliefs or political views was stored on this system or has been exposed.

We have been told that the MoJ have self-reported the issue to the Information Commissioners Office (ICO). The MoJ state as soon as the issue was discovered it was addressed by the supplier and the Server was updated correctly, meaning they have implemented security measures to reduce the likelihood of any further breach from this system.

The MoJ have commenced a review and investigation on the full extent of the security issue and the POA NEC will keep you updated as information comes to us on this serious issue.

Your sincerely

General Secretary