Serco apologises for sharing contact tracers’ email addresses

Outsourcing firm Serco – who are training staff to trace cases of Covid-19 for the UK government – has apologised after accidentally sharing the email addresses of almost 300 contact tracers.

The error was made when it emailed new trainees to tell them about training.

The company has so far recruited 21,000 staff, some of whom are healthcare professionals, according to Health Secretary Matt Hancock.

According to the BBC, Serco made the error when it emailed new trainees to tell them about upcoming training sessions. The firm sent an email to trainees to tell them not to contact its help desk to ask for details of the sessions.

The data breach comes after contact tracers revealed they have been given virtually no training and have been getting paid to sit around doing nothing for days on end, with one allegedly saying they had ‘never been so bored in their life’.

Earlier this week, the government announced that 21,000 tracers would be receiving ‘rigorous’ and ‘detailed’ training needed for the important role, seen as crucial for getting the country back up and running.


But the programme has been slammed as shambolic by recruits who say they have been told to watch videos online on how to handle conversations with suspected COVID-19 cases. 

By alerting other people that they are at risk of infection, they can take protective measures sooner, such as self-isolating. It is a system used in countries such as Germany and South Korea.

The justice secretary, Robert Buckland, told BBC Radio 4’s Today programme that it was right for Serco to apologise. “It brings into stark relief the importance of privacy about confidentiality which underpins all of this,” he said.

“With the app being developed as well, the government has got that issue of privacy very much in mind in making sure that we can have maximum confidence, because these systems will only work if we get a significant part of the population taking part.”

This latest breach shows yet again how effective training could stop unnecessary lapses in data security.


There is no better time than the present to raise the security awareness of employees through cost-effective training. Such training will remind people about good remote security practices.

The iCaaS data protection training course will guide your team through the data protection requirements in the UK. Fully cloud based and accessible through your browser, iCaaS training provides a comprehensive online resource on data protection.

The course is used to train all employees around data protection and provide annual refresher training. The content is delivered to all your employees via our training management system and is easy to understand.

In conjunction with the iCaaS cloud-based, data compliance solution the training supports companies to become and remain GDPR compliant. The iCaaS software does all the hard work of achieving compliance and ultimately minimises the risk of data breaches – especially those posed by home working. By securing your business the iCaaS platform will save you time and money. More importantly it will secure your staff and help to build confidence and trust within your customer base.

iCaaS, offers complete protection with low subscription and uses secure, benchmark software. Protect your business with iCaaS, the data security solution.

Get in touch, speak with a specialist today on 0345 646 0066 or email: To find out more, go to:


Scroll to Top