The personal information of nearly 14,000 staff at Liverpool's main hospital trust were accidentally emailed to hundreds of people.
A file was sent by email to a number of managers at the Liverpool University Hospital Foundation Trust (LUHFT) - which includes the Royal and Aintree hospitals - which included the personal information of thousands of staff members including names, addresses, National Insurance numbers and salaries.
The file - which was sent to hundreds of managers at the trust - included a hidden tab with the personal information of the thousands of staff members. The incident has now been reported to the Information Commissioner.
READ MORE: Mum loses nose after doctors thought she had sinusitis
Staff were notified of the data breach by an email - seen by the ECHO- from trust chief executive James Sumner who apologised for the error. He said: "I am sorry to inform you that there has been an unintentional sharing of staff personal information.
“A file was sent by email to a number of managers within LUHFT to support the ongoing management of payroll details as part of the industrial action arrangements.
“The spreadsheet file included a hidden tab which contained staff personal information. Whilst it was not visible to those receiving the email, it should not have been included in this spreadsheet. The information in this hidden tab included names, addresses, DOBs, NI numbers, gender, ethnicity, salary, it did not include bank account details.
The email added: “The inclusion of this information was a mistake, and we are truly sorry that this has happened and for any concern this may cause. Although this has been assessed by the trust as being low risk to individuals, I felt it important and right that we inform colleagues of the situation as soon as we were able to do so.
“As the file also went to 24 external email accounts (still relating to our own staff) it has been necessary to contact each individual, to confirm deletion of the file. This recovery and deletion process was completed yesterday and I wanted to update colleagues as soon as possible.” Mr Sumner added that the Trust will be sending letters to every individual who had their data shared in the file.
In a statement James Sumner, chief executive said: “We have apologised to our colleagues for this error and are providing them with the full information and support they need. The data was emailed to managers within the organisation, we set about deleting the email and the data file from our systems within an hour of the error being identified and action has been taken to prevent this from happening again. We have also commissioned an independent, external review to assist in how we establish shared learning from the experience.
"I want to reassure our patients and the communities we serve that we follow all the rules to protect their information and we take data security extremely seriously. We have reported this incident to the necessary authorities and will work with the Information Commissioners Office to implement recommendations from their review.”
READ NEXT:
Doorman 'snapped' and left racist drinker with serious injuries after vile abuse
Updates as police close off coastal road in both directions
Abusive partner 'laughed incessantly' in court as woman described pain he caused her