The UK-based charity Mermaids has issued a statement apologizing for an ‘inadvertent’ data breach that allowed anyone with the very basic of Google skills to access over 1,000 private emails that reportedly contained the names, addresses, and phone numbers of children they are trying to help.
Mermaids is a charity that was formed in 1995 with the goal to help children that suffer from gender dysmorphia. Their ultimate goals are to help these children feel more included, less alone, reduce the staggeringly high rate of self-harm, addiction, and suicide within this subgroup, and improve awareness to trans children. Since the start, Mermaids has won numerous awards over the years for being an outstanding charity in the LGBT+ community and has helped thousands of children who struggle with their body.
The Data Breach In Question
The news on the data breach was reported over the weekend, and the charity has already removed the evidence from their site. Mermaids has released a statement that they are “deeply sorry” for the incident, but that there were no intimate details or personal information in anything that was released. They also stated that you could only find the information if you searched very specific keywords on Google, which does not make the release of the information much better.
However, the initial news report on the leak has a different story. They, and others, say you could find the information by simply googling the term “Mermaids” with the UK charity code assigned to them. Over 1,000 emails that should have been stored securely on a private server were able to be read by anyone who knew where to look on Mermaid’s official site, and the report suggests that there were names, addresses, and phone numbers of children seeking the charity’s support and help, along with their family information.
Going Forward From This
The Information Commissioner’s Office, which is a data protection watch group in the UK, has already been informed of the incident and have contacted those affected. The Charity Commission has already said that an independent investigation into this data incident is underway to determine just what was released, and how serious it is.
The only good news is that the emails leaked were from 2016 and 2017, meaning that the charity was a little smaller than it is now, and only the investigations will truly determine what was leaked. Mermaids has stated that it will take steps in the future to ensure this never happens again.