Cyber Incident Victim: Midlands News Association

The Midlands News Association (MNA) experienced a data security incident in March 2021, resulting in the unauthorized publication of sensitive personal and financial information belonging to former employees. An unauthorized third party publicly disclosed records containing names, addresses, bank account details, National Insurance numbers, and dates of birth for multiple individuals who had previously worked for the independent publisher. The breach specifically impacted journalists whose employment with the organization had ended prior to the incident. MNA confirmed the exposure occurred when the attacker made this information accessible through online channels, though the company did not specify the exact platform or duration of public availability. The compromised data included multiple categories of personally identifiable information that could facilitate identity theft or financial fraud.

In its public confirmation of the breach, MNA characterized the incident as involving data that was "difficult to download and access," suggesting either technical limitations in the unauthorized publication method or potential mitigation efforts by the organization. The publisher directly notified affected former employees about the exposure of their sensitive records. While MNA identified the perpetrator as an "unauthorized third party," no further details about the attacker's identity, motives, or intrusion methods were disclosed publicly. The incident exposed financial identifiers alongside government-issued identification numbers, creating compounded risks for victims beyond typical personal data breaches. No information was provided regarding whether the data remained accessible at the time of MNA's confirmation or if any remediation actions beyond notification were undertaken.