UK media regulator Ofcom has reportedly sent out breach notification letters to dozens of its partners after a former employee downloaded as much as six years' worth of internal company data before leaving the company and offering the trove of information to a new employer.
According to The Guardian, Ofcom has now sent out letters to TV companies that hold an Ofcom licence to broadcast in the UK explaining the data breach situation.
"On 26 February we became aware of an incident involving the misuse of third-party data by a former Ofcom employee," said a spokesman for Ofcom. "This was a breach of the former employee's statutory duty under the Communications Act and a breach of the contract with Ofcom."
While the timescale of the incident is yet to be fully determined, Ofcom said the stolen data was offered to the former staffer's new employer – known to be a broadcaster – to help give insight and a competitive advantage over rivals. Instead of taking the compromised third-party data, senior management at the broadcaster in question instead alerted high-level officials at Ofcom to the situation.
The spokesperson added: "Ofcom takes the protection of data extremely seriously, and we are very disappointed that a former employee has chosen to act in this manner. The extent of the disclosure was limited and has been contained, and we have taken urgent steps to inform all parties."