Possible data breach with States grant scheme being investigated

One business has described receiving an email from the financial support department that rather than having their own information in, included bank details and statements and the details of another person that had applied.

States chief executive Paul Whitfield said the States were now investigating the matter. ‘I wouldn’t get into obviously the detail and the specific individual case, but I would confirm that we’ve been made aware that there has been a potential data breach,’ he said.

‘Of course, as usual we’re making the initial inquiries and reported the data breach.

‘It’s not desirable and we would apologise at any time if there was such a breach.

‘But with an organisation that handles so much data as the States of Guernsey and now working remotely as never before we’ve got to be really cautious on how we’re handling so much data, and they will be fully investigated as if we would be operating normally.’

He added it was not a widespread problem.

Civil Contingencies Authority chairman Gavin St Pier acknowledged the seriousness of the matter.

‘I think clearly the mishandling of anybody’s data is always to be regretted,’ he said.

‘But equally, as the chief executive said, it has to be very much subject to the data protection law and working obviously with the data protection commissioner in relation to those kind of cases.’

The grant scheme was introduced at the end of March and is now open to all businesses and the self-employed with fewer than 10 employees, to receive £3,000 as additional support.

Intended to last three months, it was designed to help smaller businesses in whichever way they deem appropriate.

Those who wanted to apply for the grant were asked to first email financial support at the States before someone would get back in touch with them for more details.