“Our current understanding is that one of our service partners unintentionally posted some members’ personal data in a public software forum. This happened between Friday 11 and Monday 14 December 2020.
These actions contravened NOW: Pensions’ procedures, as specified for all staff and contractors. The data was visible only to users of that forum for a short time and was copied by a small number of unknown parties. We reported this incident to The Pensions Regulator and The Information Commissioner’s Office.
Protecting our members’ personal data is of the utmost importance to us and we are taking this matter extremely seriously. We acted as soon as we were made aware of the issue.
Relevant members, fewer than 2% of our total membership, who are affected by this incident (the law sets out thresholds about this) have been sent communications setting out our current understanding of the situation and the steps we are taking to mitigate any risks to their data. We would ask those members to refer to that correspondence. We do not have any evidence that any members’ data is being used by unauthorised third parties.”
Patrick Luthi, CEO, NOW: Pensions
If you have any more questions, you can contact us