The Rail, Maritime and Transport (RMT) union has sounded the alarm on a significant data security incident, revealing that a contractor for the Docklands Light Railway (DLR) inadvertently leaked a trove of sensitive staff information.
The breach occurred at KeolisAmey Docklands (KAD), the private operator responsible for running the DLR network on behalf of Transport for London (TfL). According to the RMT, an internal data spreadsheet containing confidential details of employees was made accessible on the company's internal network for a period of two weeks.
What Information Was Exposed?
The compromised file is reported to have contained a wide array of personal employee data, creating a serious privacy concern. The leaked information included:
- Staff names and home addresses
- Individual salary details
- National Insurance numbers
- Dates of birth
This type of data is highly valuable and could be misused for identity theft or fraud if it fell into the wrong hands.
Union Response and Demands
RMT General Secretary Mick Lynch did not mince words, condemning the breach as "a massive data leak" and a clear violation of the staff's trust and legal data protection rights. The union has formally demanded that KeolisAmey Docklands take immediate and transparent action.
Their demands include a comprehensive investigation into how the breach occurred, full disclosure to every affected employee, and a detailed report on the measures being implemented to prevent any recurrence of such a serious security failure.
TfL's Assurance on Passenger Data
In response to the incident, a spokesperson for Transport for London moved to reassure the public. They confirmed that the breach was contained within the internal staff data of the contractor and emphasized that no passenger data or financial information was accessed or compromised in any way.
TfL stated it is working closely with KAD to understand the full scope of the incident and to ensure that robust corrective actions are taken. The operator has reportedly referred itself to the Information Commissioner's Office (ICO), the UK's independent data protection regulator, which has the power to levy significant fines for breaches of data law.
This event highlights ongoing concerns about data security within large transport franchises and the critical importance of safeguarding employee information.
