Personal details of more than 100 individuals who applied for a job at Tate art galleries have been leaked online, exposing addresses, salaries and referee phone numbers. The data, which appeared on an unrelated website, relates to the Tate's recruitment for a website developer in October 2023.
The leaked records include applicants' current employers, education history, and lengthy answers to job application questions. While applicants are not named, their referees are identified, sometimes with mobile numbers and personal email addresses. It is unclear how long the data had been circulating.
Max Kohler, a 29-year-old computer programmer, discovered his data in the leak after a referee was contacted by a stranger who saw the data dump. Kohler expressed disappointment, stating: 'You spend time putting in all this sensitive information ... and they don't take care of this information.' He called for an apology and an investigation into how the breach occurred.
Data security incidents reported to the UK's Information Commissioner's Office (ICO) have risen from just over 2,000 per quarter in 2022 to more than 3,200 between April and June this year. Kate Brimsted, a data privacy expert at Shoosmiths, noted that most breaches are due to human error, emphasising the importance of robust processes.
The ICO reminded organisations they must notify the regulator within 72 hours of a breach unless it poses no risk to individuals. A Tate spokesperson said: 'We review all reports thoroughly and are investigating the matter. We have not identified any breach of our systems and wouldn't comment further while the matter is ongoing.'
