2 Welsh job centres have experienced data breaches in recent months, according to government records, while jobseekers in one town have had data compromised six times due to mailing errors.
Figures collected from the Department of Work and Pensions (DWP) show that close to 400 data breaches affected British job centres last year, while there were north of 250 data security issues involving mail errors.
Compensation experts Data Breach Claims UK learned through a Freedom of Information request that 238 job centres experienced at least one breach between November 2023 and January 2025.
“In this current climate, jobseekers already have more than enough to worry about without a mistake causing their personal data to become public,” said Data Breach Claims UK specialist Bethan Hakesley.
“Even one data breach is too many, especially if it causes a person significant stress. If personal data gets in the wrong hands, it can have a devastating impact.
“We’ve supported many people who have had their lives turned upside down by a simple error with serious consequences. If someone suffers mental harm or financial damage because of a personal data breach, they’re well within their rights to look into claiming compensation.”
Welsh job centres report breaches
A data breach is defined by information security watchdog the Information Commissioner’s Office (ICO) as a “breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data”.
The DWP was reprimanded by the ICO in 2022 after a failure to redact sensitive information by its Child Maintenance Appeals service led to 16 people’s personal data being sent to ‘inappropriate’ third parties.
Jobseekers are expected to share sensitive information when using the service, including names, addresses, National Insurance numbers, job histories and bank details, plus medical information in some cases.
Wrexham Jobcentre was the site of four data breaches in 2024, having also experienced one in the final two months of 2023, making it by far the worst-affected centre in Wales.
Also experiencing a data breach last year were:
- Abergavenny Jobcentre
- Aberystwyth Jobcentre
- Bridgend Jobcentre & Service Centre
- Caernarfon Jobcentre
- Chepstow Jobcentre
- Holyhead Jobcentre
- Morriston Jobcentre
- Pontypridd Jobcentre
- Pwllheli Jobcentre
- Swansea High Street Jobcentre
Rhyl Jobcentre avoided any data-related incidents in 2024, but was one of 30 centres to flag a data breach in the first three weeks of 2025.
London and East Midlands centres post most data breach incidents
The DWP counted 369 data breaches across its job centres through 2024, spread across 218 locations.
Two London based job centres-Barnet and Bromley-each reported seven incidents, alongside East Midlands-based Jobcentres in Derby and Nottingham.
The Ramsgate Jobcentre in Kent was also host to seven separate data breach incidents.
The five centres had just under 10% of the country’s data breaches, with only three others–Littlehampton, Northampton and Lowestoft–having five or more cases.
The DWP said that it reported 19 data breaches to the ICO in 2023/24.
There were 32 data breaches from January 1st to January 21st, a rate threatening to exceed 2024’s if it continues.
Letter mishaps affect over 250 jobseekers
The DWP said that there were 261 ‘postal security incidents’ between November 2023 and January 2025. Such incidents involve letters being sent to the wrong address and their contents–including an individual’s personal data–being seen by the wrong person.
In Bridgend, six incidents involving posted notifications affected service users. That was double the tally of mail mishaps recorded in Pontypridd and the Cardiff Gabalfa
Bangor, Merthyr Tydfil, Pembroke Dock, Treforest and Wrexham were all the source of two postal security issues.
Caerphilly, Cardiff Charles Street and Chepstow were three sites linked to one mailing mistake apiece.
This happened most often in Coventry, where 30 incidents were recorded. A postal mishap was more than twice as likely in Coventry than in the place affected second-most often (Torquay, 14 incidents).
The DWP were bullish in defending their record, telling Data Breach Claims UK that “DWP issues over 80,000,000 mail notifications per annum and the number of recorded Postal Security Incidents recorded equates to 0.00027%.”
Data Breach Claims UK is a service dedicated to offering guidance and support to people who have been emotionally or financially affected by a personal data breach.
Its phone and online service is available 24/7 and provides a free compensation claim assessment.
Related Posts
Carphone Warehouse fined £400,000 after serious failures placed customer and employee data at risk
Inquiry call as hospital deaths caused by safety breaches more than double in 12 months
WhatsApp signs public commitment not to share personal data with Facebook until data protection concerns are addressed
