Data breaches by Mermaids exposed in the Times

[truthisarevolutionaryact]

Mermaids has apparently put lots of confidential data online including private emails, personal data and emails demonstrating the pressure they have put on the Tavistock.
Andrew Gilligan article - share token:

www.thetimes.co.uk/article/parents-anger-as-child-sex-change-charity-puts-private-emails-online-tl0g5hwcg?shareToken=2f8ddc23419c61360023562a62e74d13

The breach of the emails concerning children is horrific.

The lies in Mermaids statement is nothing new. I’m sure they’ve done it every single time an article has been written about them.

They were sucking up to MB last week, not at all concerned that MB breached safeguarding guidelines.

Their response to any well founded criticism is always to minimise, lie and to blame nasty transphobes.

I don't wish to be flippant but perhaps this will lessen Mermaids' reputation in the IT community. Data security is even more holy to them than free access to porn.

Disagree with this.

Some (most) are utterly clueless about security.

Jesus, my head's spinning...so much has happened over the last few days.

How does Susie Green sleep at night?

How do any of them at Mermaids sleep at night??

so much has happened over the last few days

I know right. Wonder what the Sunday papers will bring!

Most big stories start with a tip off, l really do think there is a possibility that we have a whistleblower.

Just in case anyone hasn't signed it yet:

www.change.org/p/uk-government-stop-mermaids-delivering-training-sessions-to-public-services

This Times article isn't merely about the data breech, its about pointing out Mermaids previous lying.

Worth reflecting on this thread in which the mermaids forum is mentioned. There was obviously something worth investigating with that.
www.mumsnet.com/Talk/womens_rights/a3552288-Mermaids-new-statement#prettyPhoto
This is dated the 6th April

It looked like their forum was locked down and not open (which raised safeguarding issues in its own right.)

This would absoluetely be something that a journalist would want to look at. What was on Mermaids forum? It was a question that I know was raised during the course of discussion of this particular Mermaids issue.

The thread links to a previous statement which references this point from a Times Article on the Tavistock:
^2. The clinicians also claim that Mermaids directs young people and their families on what to say to the specialists during assessment, in order to speed up access to medical treatment.
Has Mermaids ever advised young people and their families on what to say, in order to accelerate treatment?^

To which Mermaids responded:
Our parents and teens online forums are peer groups, where literally hundreds of messages are exchanged every day. A wide variety of topics are covered, between parents and young people, and without censure unless our rules of conduct and respect towards one another are broken, or a safeguarding concern is noted. This is not Mermaids, but open discourse between peers.

The aims of bringing families and young people together are to reduce isolation and loneliness and create a sense of community for people who are dealing with very difficult circumstances. Mermaids does not tell people what to say or do, we provide information and resources only.

Many of our service users feel understandably very anxious about access to the NHS GIDS services, exacerbated by the lengthy wait time of over 20 months. The Tavistock are working hard to reduce this waiting list, as they know the distress caused by the long wait for access to treatment is significant.

Then another point from the Times:
3.The clinicians also claim that individual staff members are rated and discussed on online forums, and that Mermaids' supporters advise each other on preferred who are more likely to make referrals quickly, and which clinicians are to be avoided because they favour a more cautious approach.

In response, Mermaids said:
Parents and young people are entitled to share experiences and that includes their clinical experiences. That is what a peer group is for.

Mermaids does not interfere with peer discussions unless our rules of conduct and respect towards one another are broken, or a safeguarding concern is noted.

and finally:

Times point 4
4. Lastly, the clinicians claims that the factors, outlined above, combine to create an "unethical and toxic" clinical environment for both the vulnerable people in need of support, and the NHS specialists trying to help them.

With Mermaids response:
Any responsible clinician would want parents and young people to remain informed about services and what to expect.

Any responsible clinician would also want users to be able to complain if their experience of the service they receive is unsatisfactory and causes distress and potential harm.

Transparency and openness of service, practice and support provided are basic principles of both Mermaids and the NHS.

We will continue to allow open discussions about all aspects of the challenges faced between peers on our forums. This will inevitably include discussions around the Tavistock service, which includes many positive messages about the care received and the excellent outcomes achieved. There will also be discussions around frustration and distress caused by the lengthy waiting list, and dissatisfaction with the care received.

These would be things that, if you were a journalist you'd follow up to see if what was being said by Mermaids was true - you'd want to see what was on that forum. Or in any other place online to produce evidence that Mermaids were hiding stuff and lying.

If I were to take a wild stab in the dark, I bet thats the line of inquiry which led to this data breech being found.

Starting with what information you have about the charity, would be the very first place you'd look. Name and Charity Number.

And if you look at what this Times article mentions as part of that, you'll see that it looks at the exact points that Mermaids put in this statement. The Times looked to see if the Mermaids statement was bullshit. And it looks to me like they found evidence to bring Mermaids statement into question.

If I was to take a wild stab in the dark, I bet The Times found this leak in April and have been taking their time shifting through it all for the evidence they wanted. 1000 pages is a lot to check through. Slow burner of a story indeed.

Mermaids now saying that certain information WASN'T leaked looks very dodgy and incredibly fucking stupid.

This article is about showing that the PREVIOUS Mermaids statement was utter crap. So what do they think The Times are going to do now? Let their concerns drop and just accept what Mermaids are saying??? Hardly!

If Mermaids think that this statement won't be followed up on again, they are utterly deluded. The Times is trying to get them to be caught with their pants around their ankles lying.

Each time they do it, evidence is building up about this charity and how its lying to its users and to the public and should be shut down.

I find it remarkable that Mermaids is continuing to lie in this way. It just gives the opportunity for journalists to record what they are doing and how they can't be trusted. And they appear to be dumb as fuck in the process in not realising that The Times are paying attention and following up on every lie they tell.

To be lying at this stage, to me just demostrates they are either a) so fucking uncompetent at every possible level its toe curling b) in the final stages of complete meltdown where everything is out of control and they don't know their arse from their elbow. Or a combination of a) and b).

Either way, its hard to see that Mermaids have a long and fruitful future ahead of them at this point.

You can bet the follow up to this story is probably already in production.

Most big stories start with a tip off, l really do think there is a possibility that we have a whistleblower.

Nope. I don't think one was needed for this story. Just an ability to know how to use the internet well. And have an idea of what you are looking for evidence of in the first place.

Mermaids understands that the information could not be found unless the person searching for the information was already aware that the information could be found.

How would a Times journalist be aware that the information could be found?

They're lying and it was a lot easier to find than they are making out or as someone has already suggested, we have a whistleblower. It would be reassuring to think there was a whistleblower but I'm more inclined to think they're just careless and incompetent which is terrifying given the influence they have over worried parents and government organisations.

The internet never forgets.

From the article:
Green appears to have thought she had set up a private email group, using a common webmail platform, to share information with her trustees. But she, or Mermaids, had failed to read her group’s homepage which said that its “archives are visible to everyone”.

Mermaids used a common webmail client - and they didn't click the 'privacy' setting.

A good IT security person knows things like advising people to check their privacy settings and how common webmail clients work and where their security weaknesses are. And how to find them very quickly if someone hasn't got them enabled.

You can hire companies to look at your IT to see if you've got glaring gaps in your security. It's a whole industry.

I note here that whilst Susie Green isn't from a medical or safeguarding background, she is an IT consultant.

And it would appear, that she's possibly not to diligent on that front.

Someone with knowledge, wouldn't take long to find a common error of privacy settings not ticked on a commonly used platform...

Sorry to be so vague on details, but a tweet is questioning why Mermaids has only 4 trustees now, down from 11 in 2016.
???

I did try to find out, but my phone is hopeless. I'll carry on looking.

I 100% thought this said "data breaches by mermaids exposed in the Thames" and was extremely confused

I was told by the staff at both schools my children (single sex schools) to use mermaids as a resource to help my son. Parents were sent to them.

Mermaids say they don’t encourage surgery. Yet a parent giving feedback after a residential asked: “When the boys do the talk about bottom surgery, is it possible to have someone who has decided against it, so that the children don’t feel that it is expected of them?”

twitter.com/transgendertrd/status/1140046612431069184?s=21

The trustee situation is interesting. According to charity commission filings 14 in April 2016 with 9 leaving during that financial year.

Four now including CEO Susie Green.

mermaidsuk.org.uk/mermaids-trustees.html

Is there another share token for the Sunday Times article please? The link in the op says it has timed out and is dated 2017?

It's infuriating that mermaids supporters are saying that mermaids has been hacked. The Times were using Google! It's not hacking in the mildest form of the word, it's like telling off journalists for being nosey.

Daily Mail article here with the headline Fury as transgender charity publishes parents' emails discussing their children's transitions - including NAMES - available for anyone to see. Hopefully this will be enough for parents to see they are the victims here.

I wonder which charity in the midlands the second trustee was associated with, weird not to mention it.

I said a while ago this bunch were ripe for some good old fashioned investigative journalism. Keep going Andrew. Good stuff.

Mermaids Twitter thread is astonishing (apart from a few "normal" posts):

@Mermaids_Gender is an extraordinary charity that bridges the enormous chasm the NHS wait times and gatekeeping creates. Without them countless families would be utterly lost. Another hit piece against them? What a shock! They will keep doing the great work they do regardless! ❤️

...

What's notable about this is that a comparatively small charity has handled a data breach (a seemingly minor one) far more swiftly, effectively & transparently that some massive corporations. I'm looking at you Sony, T-Mobile, Facebook etc.

Keep doing your great work, Mermaids
...

I was talking in scale, obviously the release of any details is a serious issue. Also, it was internal communications, not just randomly posted. Any organisation passes all sorts of sensitive data back & forth. They've addressed it swiftly & openly, a good thing.

Also, note that despite the Times continuing it's single minded harassment of the charity, they thanked it for bringing this matter to their attention so that they can address it. In the face of yet another attempt by that rag to attack the charity, they thanked it.

Again, they've addressed it promptly, which is better than many larger groups involved in much more massive breaches have done. No one is saying the breach isn't bad, but rather praising how they've responded. I see a clear bias on how certain folks are responding to this.

Also, where have you seen it? I ask because the only information I can find is from the Times & Mumsnet, and frankly I trust both of those sources even less than I trust the Sunday Sport (complete with its "Aliens Turned My Son Into A Fishfinger" style headlines).
...

Hmmm....

"....if certain precise search-terms were used."

"....unless the person searching for the information was already aware that the information could be found."

Almost as if your records had been targeted by some sort of hate group....

But who would do such a thing???
...

Are there rules against vexatious journalism?

That trustee piece is interesting. It seems to suggest Green is CEO and chair if the trustees. That’s a big governance problem right there.