We have been made aware that the external organisation that we use for DBS checks (APCS) has had a significant data breach and information found on documents used to check identification has been compromised (names/ addresses/ passport details etc).
As far as we are aware, this data breach affects DBS checks completed by the diocesan office and by parishes between November 2024 and 8 May 2025. Parishes affected should have been contacted directly by APCS, but you may wish to check with the organisation if you haven’t received an email and think this might affect you.
DBS checks need to be completed through a registered body and APCS is used by the national church and at least 16 other dioceses.
We understand that the data for around 150 people who completed a DBS check verified by the diocesan office team has been compromised. We are currently contacting all these people directly, so if you haven’t received an email or letter from the diocesan safeguarding team over the next couple of days (most have already been sent), then there is no indication any personal information you may have provided is affected by this breach.
We are also liaising with APCS to understand how many of our parishes are impacted. If you have received an email from them and haven’t already let us know, please do contact us so we can provide any support you might need in contacting individuals affected/ completing reports. The National Church is investigating what specific support might be made available to those whose data has been compromised and we will pass this onto individuals as soon as we can.
It is important that those parishes who have been affected by the breach file a report with the Informational Commissioner’s Office as well as with the Charity Commission – we can provide templates to help you do this if necessary. This is because each PCC (like the DBF) is a separate legal entity, and we have been told it is not possible for the DBF (or the national team) to make a ‘blanket’ report for all affected legal entities. However, we have already notified the Information Commissioner’s Office and the Charity Commission, so they are well aware of the breach.
We have set up a dedicated email for anyone to ask advice about this situation. Do email us on databreachsupport@cofe-worcester.org.uk and one of the team will respond as soon as possible.
The team is also liaising with the national team and APCS to understand how this happened and to ensure that data remains secure for all future DBS checks, which are obviously an important part of safer recruitment. If you have any DBS checks due imminently, please do contact us.
