Update on Prospect’s cyber incident

In June 2025 the union experienced a cyber security incident affecting our servers. We took immediate action to secure our systems and were able to prevent any impact on our services to members.

The Information Commissioner’s Office (ICO) has today confirmed that it is investigating the incident.  As the announcement notes, the opening of this investigation should not be taken to mean that the ICO has reached a conclusion that Prospect has infringed data protection law.

In line with our obligations Prospect informed the ICO soon after the incident took place. Our full investigation report has been shared with regulatory bodies including the police and the ICO, and we have updated the ICO throughout the incident. We will continue to co-operate fully with their investigation as it continues.

The union’s National Executive Committee has also commissioned its own independent review into our cyber security and will keep members updated as that progresses.

We take our responsibilities to our members incredibly seriously and are deeply sorry for any impact on them. These kinds of incidents are sadly becoming more common, and we encourage members to utilise the support we have offered if they have not yet done so.

We have offered a package of support, including credit monitoring, to those who have been affected. Affected members have until 30 December 2025 to activate their free Experian Identity Plus membership. The membership itself lasts one year from the date it was activated. Members will need to refer to their data subject notification email to obtain their activation code.

A Q&A for members on the incident can be found here.