Tate Art Galleries reports data breach exposing personal data of job applicants

The Tate art galleries, the organization operating Tate Modern and Tate Britain in London, Tate St Ives in Cornwall, and Tate Liverpool, reports a data breach that exposed sensitive information of job applicants. 

The leaked records appeared on an unrelated third-party website following the organization's recruitment drive for a website developer position in October 2023. The breach affects 111 individuals who submitted applications for the role.

The data breach was discovered when one affected individual was alerted after one of his listed referees received an email from a stranger who had accessed the leaked information online. The timeline of how long the sensitive data had been circulating on the internet is not clear.

The exposed data included:

• Home addresses of applicants
• Previous salary information
• Current employer details
• Educational background and qualifications
• Referee names with contact information
• Mobile phone numbers of referees
• Personal email addresses of referees
• Detailed responses to job application questions

The cause of the data breach has not been disclosed by Tate. Data privacy experts suspect that the incident resulted from human error or inadequate internal processes rather than a cyberattack. 

Tate issued a statement indicating the organization is conducting an investigation but has not identified any breach of its systems. The organization stated it would not provide further comments while the investigation remains ongoing.