Last updated 1 month ago
Cornwall Council, a local government authority in the United Kingdom, experienced a data breach involving confidential complainant information. The breach was publicly disclosed in February 2026 after personal details of individuals who filed complaints were improperly shared with a local politician. The incident exposed sensitive personal information of complainants involved in a specific series of complaints handled by the council.
The breach occurred through an insider incident where confidential complainant details were passed to a local politician following a council debate. The data exposure involved the personal details of individuals behind the complaints, though specific data elements like names, contact information, or complaint details were not detailed in the available information. No external threat actor or ransomware group was involved in this incident, which appears to be a case of improper information handling within the government organization.
A UK councillor described the data breach as 'crazy' following the revelation that personal details of complainants had been shared with her. The breach involved complaints handling procedures within the local authority, indicating potential failures in data protection protocols for sensitive citizen communications.
Confidential complainant details were passed to a local politician following a debate
This breach demonstrates critical failures in access control and data handling procedures within government complaint systems. The incident highlights the need for strict compartmentalization of complainant information and proper authorization workflows before sharing sensitive citizen data, even with elected officials. Government organizations must implement stronger data loss prevention controls and audit trails for complaint handling processes to prevent unauthorized disclosure of confidential citizen communications.
Sign in to join the discussion.
Company
Industry
Location
Disclosed
Records Affected
Attack Vector