The UK's Civil Service Sports Club (CSSC) recently notified its members that their names, addresses, dates of birth and National Insurance numbers may have been compromised as a result of a data breach that took place in February of 2010.
"In the general letter sent to members, the CSSC promised it was treating the matter 'extremely seriously' and has taken 'robust action,'" writes The Telegraph's Hannah Furness. "It added it was 'very sorry that this happened and for any anxiety which this letter may cause.'"
"The non-profit sports body, which organises activities and leisure facilities, was alerted to the breach when a criminal investigation into fraud attempts on central government traced the data used in the scams to CSSC's database," writes The Register's Anna Leach. "Its membership is available to Royal Mail and BT staff as well as public-sector workers in the NHS, Fire Service, police, armed forces, education and other organisations."
In a press statement [PDF file], the CSSC explained why it took almost three years to disclose the breach: "CSSC sought advice from the relevant authorities concerned with the criminal investigation and data protection as to whether it should information its members. Following that advice, CSSC initially decided not to inform its members but kept the situation under regular review. Fresh information which has recently come to light has caused CSSC to revise that view."
"Despite the lapse, CSSC, which has more than 100,000 members nationally, said it believed personal risk to individuals was low and the resulting 'attempted frauds' were directed at the government," writes ZDNet's Ben Woods.