Earlier this week, the company sent an email to affected customers, explaining that names, physical addresses, email addresses and birthdates were all leaked, as well as National Insurance numbers.
The company manages auto-enrolled pensions for more than 1.8 million workers, meaning less than two percent of its customers were affected by the breach.
Now:Pensions did not say precisely how the data leak occurred, but explained that it happened as a result of a relationship with an external contractor.
“The data was visible only to users of that forum for a short time and was copied by a small number of unknown parties. We reported this incident to the pensions regulator and the Information Commissioner’s Office,” said Patrick Luthi, CEO at Now:Pensions.
“Protecting our members’ personal data is of the utmost importance to us and we are taking this matter extremely seriously. We acted as soon as we were made aware of the issue.”
Any data beaches or leaks must be reported to the ICO within three days of their discovery, and pending investigation, Now:Pensions may be fined.