UK techies' union warns members after breach exposes sensitive personal details UK trade union Prospect is notifying members of a breach that involved data such as sexual orientation and disabilities. According to disclosure emails seen by The Register sent to union members who work as scientists, engineers, techies, and managers, the attack took place in June, yet members were only notified this week. …
As a personal view, data breaches have been coming thick and fast, there's now zero excuse for the ICO not imposing major penalties, but in this case how can it? A fine just gets paid of of union funds, and and thus is paid directly by the members affected. The law allows for directors and officers to be held accountable, it's high time they were but I'm not holding my breath.
ICO, Action Fraud, the police....all just administrators.
Prospect are just about the most useless union you could be a member of. I was a member previously until I realised that every collective negotiation they had with my employer lead to a worse deal than the one originally proposed by the company. I've seen enough of their rep support to know I'd be better representing myself. I'd advise anyone who is currently a member has this union ever actually achieved anything worth the money you give them every month or are you giving them money for nothing ?
>> 12 months' worth of credit and identity monitoring to affected members through Experian.
Experian seems to be monitoring half the country at this rate.
There needs to be mandatory reporting within $shorttime to those affected. Three months down the line is useless.
I wonder if Experian pay some commission to the hacking groups for each new bit of business they gain from the breaches?
I also wonder if Experian charge newly breached organisations for the monitoring to be done on individuals who have already been involved in breaches where another organisation is already paying for monitoring?
"following other guidance provided by the National Cyber Security Centre (NCSC)"
The total POS site that displays a blank page to a user with JavaScript disabled?
A page that does not work with JavaScript disabled does not inspire me with any hope of trustworthy security advice.
.. Yes, I could alter my "whitelists" (feel free to mentally replace that with whatever the PC term is), and see how good (or not) the content is, but I make a general rule of boycotting sites that fall at the first hurdle when I visit with my default of JS off.
Ironically, the email to affected members begins with the words ‘Private and confidential’ unlike my personal details that have been ‘impacted’.
The complete lack of transparency about this matter is extraordinary! As an affected member the first I heard about this ‘IT security incident’ was on receiving an email yesterday that informed me that my details were ‘impacted’. This is because the union chose only to inform it’s members in June by posting on their website rather than emailing all members. An approach Mike Clancy stated was in the ‘interests of transparency’.
At this point, it is completely unclear whether my data has been lost, inadvertently shared, or stolen by a group or individual? Only the union knows. They do state in their email that ‘those behind the incident’ have not yet made the data available online so it seems they do have some knowledge of who was responsible for the incident. They’re simply choosing not to divulge how the data was obtained which only suggests that poor security measures are to blame.
I cannot have any faith in a union that has been so lacking in transparency to support me when the time is required. I will be cancelling my membership and moving to a different union.
It's the GS election next year and that the person responsible for this cock up is going to be standing again is beyond belief.
That the NEC is supporting his re-election show their failure to govern properly. Instead of questioning management, they'd rather crawl up its arse.
As for the presidential team, I've been stung by jellyfishes with more backbone than them.
All of them should be turfed out.
the union management, the presidential team and the nec are covering up one thing.
this is a major national security breach.
prospect represent a large number of members in the defence, telecommunication, police and energy sector.
the data that has been leaked also included personal case files.
that the data has not been found on any dark web forum is not a surprise. this breach could have been conducted by a group affiliated to a foreign state.
and now staff involved in work on nuclear weapons development, nuclear submarines, maintenance of government communications and other areas have now been exposed.
12 months of experian membership isn't going to cover this breach.
a fish rots from the head down.
they all need to go.
There was a webinar earlier this week where the General Secretary tried (and failed in a lot of cases) to answer nearly 100 questions submitted by reps. Lots of evasion, lots of obfuscation. He looked like he is worried about his job, and so he should be. In a properly governed organisation he would fall on his sword. Very tellingly the most senior members of the union – the President, Vice President and Deputy Vice President were nowhere to be seen, and their absence wasn’t even mentioned let alone apologised for. A complete failure of leadership on their part – or perhaps they don’t want to be associated with a sinking ship. Either way Prospect/Bectu needs a complete overhaul in the way it is run.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2025
