Personal data of thousands of Welsh residents ‘made public by mistake’
Public Health Wales has said the personal data of 18,105 Welsh residents who had tested positive for Covid-19 was “uploaded by mistake to a public server where it was searchable by anyone using the site”.
The data was for every Welsh resident who tested positive for coronavirus between February 27 and August 30.
After being alerted to the breach, which Public Health Wales said was the result of “individual human error”, the data was removed on the morning of August 31.
In the 20 hours it was online, it was viewed 56 times.
In 16,179 of the cases, the information published included people’s initials, date of birth, geographical area and sex, PHW admitted.
However, for 1,926 people living in nursing homes or other enclosed settings such as supported housing, or residents who shared the same postcodes as those settings, the information also included the name of the setting.
A spokesman for Public Health Wales said: “There is no evidence at this stage that the data has been misused.
“However, we recognise the concern and anxiety this will cause and deeply regret that on this occasion we have failed to protect Welsh residents’ confidential information.”
The Information Commissioner’s Office and the Welsh Government have been informed and an external investigation into the breach has been commissioned.