You are viewing 1 of your 1 free articles
Data breach sees Bromford mistakenly send personal letters to wrong addresses
The personal information of 253 Bromford housing association residents was leaked last year after a data breach led to letters being mistakenly sent to their old addresses.
In a note to staff seen by Inside Housing, the landlord said that during an upgrade to its housing management system in June last year, some customers’ previous addresses were mistakenly copied into the new system.
As a result, a letter about rent reviews sent to 30,000 of its customers was delivered to the incorrect addresses of 253 recipients. Bromford acknowledged that previous letters might also have been sent to the wrong addresses in the time since the upgrade was carried out and the discovery of the error.
READ MORE
The Wolverhampton-based housing association initially discovered the mistake when five tenants contacted staff, and a subsequent investigation identified 248 more residents who were potentially sent correspondence to an address that was different to where they lived.
There were concerns that those affected might have moved to a new address to escape an abusive ex-partner, but further investigations found that this was not the case, Bromford said.
The breach has been reported to the Information Commissioner’s Office (ICO) and customers affected have been notified. Bromford is working with its software supplier to try to work out how the mistake happened, the note to staff said.
Bromford, which manages 44,000 homes throughout the Midlands and the South West, has also added an extra stage to its lettings process to double-check customer addresses, and is running daily checks to ensure that new accounts are not defaulting to old addresses.
Kim Avery, head of customer experience at the housing association, said: “We take the handling of customers’ personal data extremely seriously at Bromford and whilst it was thankfully a relatively isolated number of customers, we know it fell well short of our usual high standards.”
Bromford is not the first housing association to find itself caught up in a data breach: South Staffordshire Housing Association accidentally published tenants’ personal details on its website in 2014, while the following year, Peaks & Plains Housing Trust sent an email to almost 1,000 tenants that did not hide their email addresses.
In both cases, the housing associations reported themselves to the ICO when the breach was discovered.
