Tate Galleries Data Breach Exposes Job Applicants' Personal Details
Tate Galleries Job Applicant Data Leaked Online

Tate Galleries Investigate Major Data Security Incident

The prestigious Tate gallery group has launched an investigation after confidential information belonging to more than 100 job applicants was discovered leaked online. The security lapse exposed highly sensitive personal data including home addresses, salary details, and contact information for both applicants and their referees.

What Information Was Compromised?

The data breach relates to October 2023 when Tate was recruiting for a website developer position. According to the Guardian's findings, the leaked records span hundreds of pages and contain detailed information about 111 individuals.

While the applicants themselves aren't named directly, the exposed data includes:

  • Current employer information
  • Educational background
  • Previous and current salary details
  • Home addresses
  • Comprehensive answers to job application questions
  • Referees' names, personal email addresses, and mobile numbers

How the Breach Was Discovered

The security failure came to light when Max Kohler, a 29-year-old computer programmer, learned his personal data was included in the leak. One of his referees received an email from a stranger who had accessed the information online.

"It's very disappointing and disillusioning," Kohler told the Guardian. "You spend time putting in all this sensitive information, salaries from previous jobs, home addresses, and they don't take care of this information and have it floating around in public."

Kohler called for Tate to remove the data immediately, issue a formal apology, and conduct a thorough investigation into how the breach occurred.

Growing Data Security Concerns in the UK

This incident occurs against a worrying backdrop of increasing data security incidents across the United Kingdom. Reports to the Information Commissioner's Office (ICO) have surged from approximately 2,000 incidents per quarter in 2022 to more than 3,200 between April and June this year.

Kate Brimsted, a partner at law firm Shoosmiths and expert in data privacy, commented: "A breach doesn't have to be deliberate, and while the ransomware attacks get the headlines, the majority of breaches today are through error. It's just as important to have checks and processes as part of organisations' day-to-day practices."

Regulatory Requirements and Tate's Response

The ICO has clear guidelines for such incidents, stating that organisations must notify them within 72 hours of becoming aware of a personal data breach, unless it doesn't pose a risk to people's rights and freedoms.

A Tate spokesperson responded to the allegations, saying: "We review all reports thoroughly and are investigating the matter. We have not identified any breach of our systems and wouldn't comment further while the matter is ongoing."

As data breaches continue to rise across the UK, this incident serves as a stark reminder of the importance of robust data protection measures in all organisations, including cultural institutions like the Tate galleries.