A survivor of prolific abuser John Smyth has called for the bishop overseeing the Church of England’s redress scheme to resign following a data breach that exposed the details of nearly 200 victims.
The Church described the incident as “deeply regrettable” after an email sent by law firm Kennedys on Tuesday evening revealed the addresses of 194 people who had registered for updates on the scheme.
Kennedys, which has administered the programme since March 2024, said the breach was the result of “human error” and that no other personal information was shared.
The firm said it was “deeply sorry” and has reported the matter to the Information Commissioner’s Office, the Charity Commission and the Solicitors Regulation Authority.
But in an interview with Channel 4 News, survivor and author Mark Stibbe, who was abused by Smyth while a pupil at Winchester College in the 1970s, said the Bishop of Winchester Philip Mounstephen should step down from chairing the scheme.
Mr Stibbe told the programme: “I think their handling of this issue is appalling, they’ve parked responsibility over to the law firm.
“I think they need to take responsibility.
“They are ultimately responsible for my well-being as a survivor of Church of England-related abuse.
“And that’s true of all the other people whose names were on that data breach and whose comments I saw last night which were filled with mixture of dismay and agony, mental torment as a result of being exposed and their anonymity being breached.”
He added: “If it turns out he’s not been a supporter of (independent safeguarding) and if he has, it turns out, been in some way responsible for not looking after the rights and needs of victims and survivors properly, then yes, he needs to stand down.”
The bishop told Channel 4 News: “I want to maintain my ongoing commitment to working with survivors to ensure that the Church expresses, in as many ways as it possibly can, its lament and repentance for the appalling way in which victims and survivors have been treated over the years.
“Even though this wasn’t our error from a legal perspective, we will not shirk our moral responsibility.
“Survivors are deserving of the utmost care, confidentiality and respect and our focus has to be on their well-being.”
Mr Stibbe said receiving the email triggered a “very physical reaction”.
He told Channel 4 News: “I actually had a very physical reaction when I saw what had happened.
“I started shaking and I think the reason I started shaking was I was shocked, first of all, that such a data breach could have happened and that a new low had been reached in terms of incompetence.”
In a statement issued on Wednesday, the Church said: “While the Church of England is not the data controller for the Redress Scheme and does not hold or manage the data in question, we are nonetheless profoundly concerned.
“We are in discussions with Kennedys to understand how this breach occurred and to ensure robust steps are taken to prevent anything similar from happening again.
“Kennedys has taken full responsibility for the incident and is contacting all those affected directly to apologise and offer support.
“They have reported the breach to the Information Commissioner’s Office and are investigating the circumstances thoroughly.”
The redress scheme, approved by the Church’s General Synod in July, is designed to provide financial compensation, therapy, spiritual and emotional support, and formal apologies to survivors.
The breach comes as the Church continues to face scrutiny over its handling of safeguarding failures, including those relating to Smyth, who abused more than 100 boys and young men in the UK and Africa over five decades.
