Workplace pension provider NOW: Pensions has emailed a number of UK customers to warn about a data leakage caused by contractor error. According to NOW: Pensions, fewer than 2 per cent of its customers were affected.
The email, seen by The Register, claims a service provider “unintentionally” posted user data to an unnamed “public software forum”.
The documents contain biographical details (names, email addresses, birth dates) and social insurance numbers. The data were gathered by “a small number” of third parties, according to the pension provider.
It is difficult to understand the size of the issue from the customer warning. NOW: Pensions did not report the number of records exposed or the number of third parties that copied the data leaked. We have asked for comment by phone and email from NOW: Pensions and its PR agency.
The Records were out for a very short period of time,i.e, from 11th to 14th December (for three days) as stated by NOW: Pensions.
NOW: Pensions have made sure to inform about the breach to both the Information Commissioner’s Office (ICO) and The Pensions Regulator.
In the email issued to customers, NOW: Pensions admitted improper use of customer data is a possibility, describing it as “the worst-case scenario”. Downplaying the issue, it said there’s “no evidence to suggest this has happened or will happen”.
“There’s no evidence which indicates that your data is being used by unauthorised parties, or that the unknown parties who had access to your data have any malicious intent,” it added.
NOW: Pensions has also taken over damages by offering customers a 12-month free Experian Identity Plus (a credit and web-based subscription service) to relieve them of their concerns. It also vowed to review staff training and confirmed that the person responsible for snafu no longer had access to the user data – but whether he worked for or with the firm, the business did not go into any detail.
NOW: Pensions was established in 2011 and it is the third-largest trust in the UK.
This Data leak is not the first time NOW: Pensions have earned attention for its existence. The company was issued a £50,000 fine by the Pensions Regulator in 2018 followed by another hefty fine of £20,000 for failing to report late or missing contributions to members in that year.