City law firm Kennedys Law has launched an internal investigation after the personal details of Church of England abuse victims were leaked.
The Church has been battling its failures as it was accused of covering up decades of child abuse committed by prolific child abuser John Smyth.
The Makin Review, published last November, found Smyth had subjected as many as 130 boys and young men to traumatic attacks across five decades in three different countries in the UK and Africa.
As a result, the former Archbishop of Canterbury, Justin Welby, resigned after the damning report revealed he had not adequately followed up on reports about Smyth, who was heavily involved with the Church.
The Church approved an independent redress scheme for victims when its governing body met in February, alongside a broader shake-up of its safeguarding structure.
However, it was reported earlier this week that the personal details of almost 200 survivors of church abuse were leaked in a serious data breach.
Serious data breach
On Tuesday evening, a message was sent from the law firm Kennedys to 194 individuals and law firms that had registered to receive updates regarding the redress scheme.
A statement from the firm said: “Due to human error, the email displayed the email addresses, making them visible to all recipients.” It added that “no further personal details of individuals were shared, while attempts to recall the message were only partially successful.”
The law firm accepted full responsibility, stating it was “deeply sorry for the hurt and concern caused to everyone affected by this significant error”.
It stated that it contacted everyone who received the message, while also reporting the incident to the Charity Commission, the Information Commissioner’s Office (ICO), and the Solicitors’ Regulatory Authority (SRA).
Kennedys, which has worked with the Church of England since March 2024 as its independent scheme administrator, has launched a full internal investigation.
The Church of England stated that it was “profoundly concerned” about the incident. “We recognise the distress this has caused, particularly for survivors who trusted the scheme to handle their information with care and confidentiality.” It added that this should not have happened.
Leigh Day, a claimant law firm, has issued a statement to those affected by the data breach regarding the process for bringing a claim for compensation.