Your web browser is outdated and may be insecure

The RCN recommends using an updated browser such as Microsoft Edge or Google Chrome

Fraudulent EGM petition: RCN releases findings of investigation into data breach

10 May 2023

We commissioned data security firm Dionach to conduct a digital forensic investigation to confirm that no member information had been compromised after it was believed signatures were fraudulently added to a petition calling for an Extraordinary General Meeting.

RCN plaque at Cavendish Square

The petition was started by members in March following the NHS pay offer for nursing staff in England. Once it had the 1,000 signatures currently required to call an Extraordinary General Meeting (EGM), it was submitted to the RCN.

Upon scrutiny, it was suspected that some signatures had been added fraudulently and an initial investigation confirmed this was the case. At this point, data security firm Dionach was commissioned to conduct a digital forensic and eDiscovery investigation. The executive summary of that investigation has been released by the RCN today.

It finds that approximately half of all signatures were submitted fraudulently – that’s without the individuals’ consent – in the 2023 EGM petition and that the likely source of the data used in this fraudulent activity was from a similar EGM petition in 2020.

The investigation found no evidence of an internal data breach, however the College apologises to members for any personal distress this situation has caused.

Last year, two external reports by KPMG and Bruce Carr KC made recommendations on modernising the RCN’s approach to EGMs. A resolution will be presented at our upcoming Annual General Meeting in July calling for a change in the rules related to how an EGM can be called, while the RCN will seek a new approach to the use of petitions that does not permit any repeat of this misuse of members’ personal information.

Read the report’s executive summary to find out more.

On Dionach’s recommendation, the RCN will enlist a further external team to contact key people who may have had access to data relating to the 2020 EGM petition to understand who, if anyone, it was shared with and, if possible, to identify who was responsible for the fraudulent activity. We’ll also seek to establish whether there are any irregularities with the 2020 petition data.


Page last updated - 08/10/2023