On 1 July, BCA became aware that some data collected during processing of Direct Individual Membership fees via Paypal could be found by searching for a member’s name on Google.
The information that was accessible only included name, postal address and email address – no passwords or bank details.
The source document was removed within an hour. Searches may still find limited information in the Google cache, which is specific to the term searched for. Since the source page has been removed, the link in the search results only leads to an error page and no other data is available. Google have been asked to clear this cache but this may take some time.
The main risk is that the data could be used for phishing, that is, impersonating a trusted organisation in order to obtain more sensitive information, so people who might be affected should be alert to that possibility.
Preparations are in hand to email further information to all members who may be affected.
The system where the data was accessed will be decommissioned once the new membership arrangements using JustGo are in place, which is imminent.
This page will be updated when more information is available.