Campaigner Sir Alan Bates has criticized the ‘utter incompetence’ of Post Office bosses after learning that a document containing the names and addresses of the scandal’s victims had been published on the Post Office website.
The document, titled ‘Confidential Settlement Deed’, was discovered by journalist Nick Wallis and has since been removed from the website. At the time of writing, a link to the document can still be found via a Google search, suggesting it had been online since 2019 – the URL now returns a ‘Page not found’ error.
According to Wallis’s story published in The daily emailit contains the names and addresses of all 555 subpostmasters who took part in the 2018/2019 Supreme Court case, which proved that bugs in the Post Office’s Horizon IT system were responsible for the accounting losses for which the victims were blamed and were persecuted.
Bates, who was recently knighted for his work in exposing the scandal and campaigning for its victims, told Computer Weekly: “The level of incompetence at the Post Office continues to amaze me. Their utter incompetence in not providing documents requested for disclosure and then disclosing highly confidential material on their website – it is beyond belief. When are they going to fire these people instead of giving them bonuses?”
The Post Office has been reprimanded more than once by Sir Wyn Williams, head of the statutory inquiry into the scandal, for failing to disclose key documents to the inquiry.
Christopher Head, a former subpostmaster and victim of the scandal, said he has written to Post Office CEO Nick Read demanding answers about how the document became available online. “As you can imagine, this has caused much anxiety, fear and anger among those whose data is now in the public domain,” Head wrote, according to a copy of the text on his Twitter account.
“There are many who have not shared the details with their own families and others who are extremely traumatized even today by this whole scandal, and this has had an even greater impact on them,” he said. “Whether anyone would have accepted an apology at this stage is unknown, but I personally found it very telling that the response to The daily email The Post Office statement contained no apology or understanding for the severity of the impact on those postmasters and their families.”
Fight for compensation
Many of the affected sub-postmasters are still fighting for compensation, three years after the first hearing at the Court of Appeal in which they were acquitted. Last month, the government passed a law that overturned the convictions of all those whose appeals had yet to be heard.
“After everything that postmasters, postmistresses and their families have been through over the years, this is just another insult and can only be described as a shame,” Head said.
Jasvinder Barang, a former subpostmistress and member of the Bates-founded campaign group Justice for Subpostmasters Alliance (JFSA), told Computer Weekly that the data breach posed more risk than just sharing personal information.
“I am shocked and very angry,” she said. “It’s not just about our online security, but also about our physical security. They know where we live and our families could be in danger.”
Ron Warmington, a partner at Second Sight, the forensic accountants who uncovered evidence of bugs in Horizon and a possible cover-up by Post Office executives, also highlighted the unfortunate irony in the disclosure of confidential victim information: “The Post Office kept telling us how Important it was to keep people’s information confidential during our investigation, and they revealed it to the world. Pure incompetence from the post office as usual.”
Update: 4:30 PM June 20, 2024
Post Office CEO Nick Read has apologized for the data breach, saying: “This is a truly terrible mistake and for which I can only apologize at this stage.” In a statement, the Post Office added: “We are investigating as an urgent priority how it came to be published. We are in the process of notifying the Information Commissioner’s Office (ICO) of the incident, in accordance with our legal requirements.”
The Post Office could face regulatory scrutiny from the ICO – under the Data Protection Act it has a duty to report potential data breaches. The commissioner has the power to fine organizations up to £17.5 million or 4% of their annual global turnover, whichever is higher.
A spokesperson for the ICO said: “Post Office Limited has made us aware of an incident and we are assessing the information provided.”
The Post Office scandal was first exposed by Computer Weekly in 2009, revealing the stories of seven sub-postmasters – including Alan Bates – and the problems they suffered as a result of accounting software. It is one of the biggest miscarriages of justice in British history (see below for the timeline of Computer Weekly articles on the scandal, since 2009).
• Also read: What you need to know about the Horizon scandal •
• Also watch: ITV’s documentary – Mr Bates versus the Post Office: The Real Story •