UK Pharmacy chain leaks personal details of 24,000 employees | Full investigation underway following Well Pharmacy – formerly Co-Op Pharmacy – data breach.
A UK pharmacy chain has apologised to employees following the leak of more than 24,000 staff and locum workers data.
Personal information relating to staff employed at the Manchester-based Well Pharmacy group was accidentally included in an email.
The leaked data includes; names, addresses, email addresses, phone numbers and payroll numbers. However, the company has stressed that no patient information was compromised.
Formerly the Co-Op Pharmacy, Well Pharmacy group describes itself as the largest independent pharmacy chain in the UK. The group employs more than 7,000 staff across 780 retail outlets.
Full investigation into pharmacy data leak
The data leak happened in early December, when an email was sent to an undisclosed number of locum pharmacists. Reportedly, a spreadsheet attached to the email contained details of Well Pharmacy group’s employees and locums. Attempts to recall the email failed and the company has now apologised and has launched an investigation into the leak.
Chris Ellett is a senior manager responsible for safeguarding data at Well Pharmacy. He said the email did not contain bank details, National Insurance numbers or dates of birth.
Mr Ellett added:
How we handle your personal data at Well is very important and I am truly sorry that this has happened. Any incident involving personal data is serious and I have launched a full investigation. …Changes have already been made to prevent this happening again. The Information Commissioner’s Office has been informed and we will act immediately on any advice they provide.
The Pharmacists’ Defence Association, the professions trade union, has advised members who received the email “not to open the attachment and to permanently delete the spreadsheet”.
Commenting on the pharmacy data leak, the union stated that some pharmacists have expressed concerns about what other data was included in the email.
Members believe the information includes data about their religion, pay rates, fitness to practice information and criminal record checks.
There are also concerns that the data held about them by Well Pharmacy amounts to a “blacklist”, as it includes a column entitled “reasons for inactivation”.
Our members want to know what information has been recorded about them and how it was put in the public domain.”
Chris Ellett denies this is the case in his email to staff:
The document also contains additional information to assist us in successfully placing individuals where appropriate. It does not contain any information relating to personal characteristics. ….We have been made aware that a number of locums believe this is a list of ‘banned’ individuals. …We want to reassure you that this is not true.