Last night’s 2-2 draw in the pre-World Cup friendly between England and Ecuador is causing unexpected headlines in the UK, after an embarrassing security and data protection breach. It has been revealed that prior to the start of the match the published team sheet, listing the players’ names and circulated to the press box as usual, also contained the passport numbers of England’s football squad, which was hastily tweeted in full by corporate sponsor, Vauxhall.
This online publication of highly confidential personal information, which also included the actual signature of team captain, Frank Lampard, was circulated rapidly through social media, despite Vauxhall’s attempts to quickly retract the post. As this story has attracted media coverage, the team sheet is still visible online, albeit with the passport numbers now obscured. Unfortunately the published list shows team members’ full names and dates of birth still visible.
This is a major data protection breach, which could have potentially serious consequences for the players, who are all well-known and wealthy individuals. The amount of personal data contained in the published list (names, date of birth, passport numbers and, for one player, a signature) is enough for them and the Football Association to be justifiably concerned about the risks of identity theft and fraud.
They say that all publicity is good publicity, but this incident is a reminder that human error continues to be a major factor in data protection breaches and whilst social media can be a hugely beneficial marketing tool, it can also be disastrous.