On 1 July, BCA became aware that some data collected during processing of Direct Individual Membership fees via Paypal could be found by searching for a member’s name on Google.
The information that was accessible included name, postal address and email address – no passwords or bank details.
The source document was removed within an hour and Google’s cache was cleared within a day.
The main risk is that the data could be used for phishing, that is, impersonating a trusted organisation in order to obtain more sensitive information, so people who might be affected should be alert to that possibility.
The email below has been sent to all the email addresses on the list that was exposed:
The system where the data was accessed will be decommissioned once the new membership arrangements using JustGo are in place, which is imminent.