Trans children’s charity Mermaids apologises for historical data breach
The UK charity for transgender and gender non-conforming children and their families has apologised for a historical data breach that meant private internal emails from 2016 and 2017 were accessible online.
“We are sorry,” Mermaids said in an online statement on Sunday (June 16).
“At the time of 2016-2017, Mermaids was a smaller but growing organisation. Mermaids now has the internal processes and access to technical support which should mean such breaches cannot now occur,” it said.
Mermaids was first made aware of the data breach on June 14, after a Sunday Times journalist brought it to their attention, according to the statement.
The breach was “immediately remedied” and Mermaids has notified the Information Commissioners Office. The breach meant that internal Mermaids emails from 2016 and 2017 were available online if certain search terms were used.
The statement said, “Mermaids understands that the information could not be found unless the person searching for the information was already aware that the information could be found.”
A Sunday Times story published on Sunday (June 16) calls Mermaids a “child sex-change charity” and alleges that the charity “published part of its email database on the internet, including intimate details of the vulnerable youngsters it seeks to help.”
Mermaids ‘takes its responsibilities seriously’
Mermaids, founded by Susie Green, said they were grateful to the newspaper for bringing the breach to their attention.
“The material mainly consisted of internal information involving full and frank discussion of matters relevant to Mermaids, but unfortunately included some information identifying a small number of service users. Mermaids has contacted these people,” Mermaids said.
“The information, seen in its actual and proper context, is normal internal information for a group such as Mermaids. The information shows Mermaids takes its responsibilities seriously and that there is candid internal consideration of all issues.”
A Mermaids spokesperson told the BBC that the breach consisted of 1,100 emails.
In February 2019, the National Lottery Fund confirmed it was giving Mermaids a £500,000 grant, following a two-month review of “serious allegations” made against the charity after the grant was reported in the Sunday Times.
The 40-page review by the National Lottery concluded that the allegations against Mermaids were “baseless.”