More than 7,000 businesses, many of them agricultural, had their personal details leaked on the internet after a major data breach by Old Mill.
The accounting and financial planning company, based in south west England, was forced to apologise to clients whose names, company names and addresses were accessible via Google search.
The company was made aware of the breach in July through a third party source, known as ’Person A’.
After an attempt to get Person A to delete the data, who later assured the company he had, the list was publicly released.
In a letter to its clients, Old Mill said: “We engaged with Person A multiple times requesting he delete the mailing list.
“Following our correspondence, we could not have anticipated the deliberate, hostile and potentially criminal actions which have taken place.”
The letter also pointed out Old Mills had reported Person A to the Information Commissioner’s Office (ICO).
Cornwall farmer Pat Bird said: “I wonder when they contacted the ICO? That should have been July 6, when they found out about the breach.
“But they appear to have tried to negotiate with the people who had the data for at least a month.”
Duncan Parkes, Old Mill data protection officer, said the group had updated its processes ‘to ensure this human error does not happen again’.
He added: “We find it deeply frustrating and disappointing to hear that the data list has appeared on a separate website. We are now working with our solicitors, and the police, asking for it to be urgently removed.
“We take our clients’ data protection very seriously and have strict policies, however on this occasion, we acknowledge we made an error and apologise for this.”
The innocentbadger.com website claimed 29 of the businesses were involved in the cull and listed addresses on the site.