Personal data linked to 1,000 Customer Delivery Services staff at HP was accidentally emailed to an external third party yesterday.
Insiders told us that HP CDS sent the entire employee payroll's info – which contained National Insurance numbers, addresses and salaries – to an unknown party yesterday by accident.
More ReadingHP or Carbonite? Hmmm. HP or Carbonite? Carbonite!Don't bother telling people if you lose their data, say Euro bodsLoss of unencrypted back-up disk costs UK prisons ministry £180KBT: Whew, we've been cleared of major privacy breach. Oh SNAP, another webmail blunderUK's emergency data slurp: IT giants panicked over 'legal uncertainty'
An HP spokeswoman said:
“HP is fully committed to protecting personal information and protecting privacy in all of our operations. We take any instances of a potential compromise seriously and will work to address any concerns as necessary.”
CDS is effectively the Synstar IT services business that HP acquired in 2004 for $293.3m. It consists of engineers who work on site for customers providing tech maintenance. It is run as a separate entity.
It is understood that the incident was caused by human error, but HP has processes in place to prevent these types of outcomes, and it is not known why the person did not follow them.
No other workers outside of CDS were impacted, and sources told us HP contacted staff to let them know what happened as well as the UK's Information Commissioner’s Office.
In a statement sent to The Channel, the ICO said:
“We are aware of an incident involving Hewlett Packard and we are currently looking into the details.” ®