Public service provider Serco, hired to train volunteers for the UK Government’s contact tracing programme, has apologised after sharing the email addresses of 300 people by mistake.
The company’s role is to help sign up people to track and trace cases of Covid-19, aiming to help reduce the spread of the disease across the UK. The Government says it wants 21,000 contact tracers to manually gather data to be used for tracing others in the future.
Serco has apologised and says it made the error of releasing the addresses after it emailed recruits to tell them about training.
A company spokesman said: “A spokesman for the company said: “An email was sent to recruits who had given us their permission to use their email addresses.
“In error, email addresses were visible to other recipients. We have apologised and reviewed our processes to make sure that this does not happen again.”
The contact tracers were to work with the NHS’s newly released contact-tracing app, currently being trialled on the Isle of Wight.
Using Bluetooth, the app records when a user has come into close contact with others, then sending out an alert when an individual reports having coronavirus symptoms.
Anyone who has been recorded to have been in contact with the infected individual is then advised to self-isolate as well as where to get a virus swab test if required.
This latest breach calls into question once more the security concerns with the use of such apps and deals a fresh blow to a Government attempting to roll a version out across the UK.
- EasyJet Data Breach Exposes Millions of Customer Details
- Edinburgh Supercomputers Targeted in Crypto-mining Attack
- BBC Launches Project to Let Users Group-stream iPlayer Content
Critics have raised concerns around a user handing over private information, and the potential use of GPS tracking, which could then be used for nefarious means, such as increased state surveillance.
A recent report by HSJ suggested that it “failed all the tests” required for it to feature in the NHS Apps Library, noting issues with clinical safety and performance as well as cybersecurity, the publication noted.
A senior NHS source told HSJ: “The real problem is the government initially started saying it was a ‘privacy-preserving highly anonymous app’, but it quite clearly isn’t going to be. When you use the app and you are not [Covid-19] positive in the early stages, you’re just exchanging signals between two machines.
“But the second you say, ‘actually I’m positive’, that has to go back up to the government server, where it starts to track you versus other people.”
However, a spokesperson for the Department of Health and Social Care (DHSC) insisted that the app will not track people’s location with GPS but will simply monitor who an individual has been near to via Bluetooth.
“The NHS Covid-19 app has not failed any clinical assessments and NHS Digital has been clear it will go through the normal assessment and approval process following the Isle of Wight roll-out.”