Mumsnet data breach

The Mumsnet data breach is said to have affected dozens of accounts after a software change resulted in the exposure of some users’ personal information.

Users who logged into their account during the breach period may have been able to see the account information for other users, and vice-versa. Mumsnet has reported themselves to the Information Commissioner’s Office (ICO) and has reversed the software alteration and logged all users out of their accounts.

Software changes that lead to data breach are not uncommon. Some of the data breach compensation claims we represent people for have stemmed from this type of breach. Victims of such data breaches may be able to take legal action.

How the Mumsnet data breach happened

It’s understood that the cause of the Mumsnet data breach is related to a software change that has since been reversed. The issue affected users who were logged into their accounts from 2pm on Tuesday 5^th February 2019 and 9am on Thursday 7^th February 2019.

Some users were able to see information for other people’s accounts who were logged in that the same time. Mumsnet were alerted to the problem and subsequently reversed the software change; logged users out of their accounts; and reported themselves to the ICO.

A post on their website that addresses the Mumsnet data breach confirms that the organisation is “very sorry” for what has happened. They have also confirmed that they are looking into how this has happened and accept that users have the “right to expect your Mumsnet account to be secure and private”.

Information exposed in the Mumsnet data breach

Information that was exposed in the Mumsnet data breach is said to have included:

• Email addresses;
• Account details;
• Users’ posting history;
• Personal messages.

Of the approximately 4,000 users who were logged in during the breach period, it has been confirmed so far that 46 were affected by the breach. We don’t yet know whether this is the final number, so people should remain vigilant.

The Mumsnet data breach is one of a long list of accidental information exposures that stems from websites. We all expect that the information organisations hold on their websites is safe and secure. When our rights to data privacy and data security are breached, people can be entitled to claim data breach compensation for any distress and financial losses caused.