Jobseeker is stunned after gaining access to CVs of other clients on Government computer
A jobseeker has uncovered a serious data breach at a Government resource centre aimed at helping people find employment.
The Department of Education and Learning is now investigating how users were able to view and potentially print off other people's CVs with personal details on them, such as home addresses.
Yesterday a DEL spokesman confirmed to the Belfast Telegraph that the problem affected 10 public access computers at its careers resource centre at Ann Street in Belfast.
"The investigation will be completed by the end of August and it will also ascertain how many CVs were visible to other users," he said.
The department also confirmed the issue is system-related and it should have deleted users' documents after they had finished.
What is not yet known is how long the problem existed and how many service users had their personal information visible to other users.
Jobseeker Martina Gunther from Belfast discovered the problem last week when she was using the facilities to apply for jobs.
She found that she had access to several CVs belonging to previous users - even though she was logged onto the system under her own password.
Ms Gunther said: "I've used the centre over the years and I value the help the staff give me, but I was shocked to see four other CVs from other clients still stored when I opened Word Viewer.
"I printed one as proof and contacted the client by email to personally warn them of the issue, and I have also made a complaint to the Information Commissioner. This was very worrying to me and I couldn't believe my eyes at what I was able to view.
"We hear so much now about identity theft and this was wide open. I think other clients would be worried too if they knew their details were visible to others."
She immediately raised the problem with the centre manager who took action. She later received a letter from the centre advising her to return the printed CV to it in case she was found in breach of data protection law.
A DEL spokesman said: "On August 4, 2015, the department was alerted to an issue with a public internet access (PIA) terminal in Ann Street Careers Resource Centre. Documents created by clients were not being deleted between sessions as they should have. ICT staff immediately checked the PIA terminals and removed any impacted terminals from use.
"All possible action has been taken to minimise the impact of the issue which is being urgently investigated and any necessary corrective changes will be made before the impacted terminals are returned to service.
"The department takes its data protection responsibilities very seriously and has robust policies and procedures in place. Decisive action is being taken to prevent a recurrence of this incident."