A law firm has issued an apology after a data breach exposed the email addresses of 194 people linked to the Church of England’s redress scheme for survivors of Church-related abuse.

The breach, which the firm attributed to “human error,” occurred on Tuesday evening, when a message was sent displaying the email addresses of individuals and law firms that had signed up to receive updates about the scheme.

Kennedys Law LLP, which has been working with the Church of England since March as independent scheme administrator, has accepted full responsibility for the mistake. It has reported the incident to the Information Commissioner’s Office, the Solicitors Regulation Authority, and the Charity Commission. The firm has also launched an internal investigation to ensure such a breach does not happen again.

In a statement, Kennedys said: “We are deeply sorry for the hurt and concern caused to everyone affected by this significant error. We understand the impact this will have and apologise unreservedly.”

The National Redress Scheme was approved by General Synod in July and is intended to provide survivors with financial compensation, therapeutic and spiritual support, acknowledgement of wrongdoing, and a formal apology from the Church.

Andrew Graystone, a long-time advocate for church abuse survivors, told Premier Christian News that the situation is “deeply damaging and traumatising".

“Some survivors have chosen not to tell their families, colleagues, or even close friends about their abuse. Now they fear their identities have been exposed,” he said.

On Wednesday, the Church of England said it was “profoundly concerned", adding: “We recognise the distress this has caused, particularly for survivors who trusted the scheme to handle their information with care and confidentiality.”

The firm said it remains “committed to supporting victims and survivors of Church of England-related abuse to secure the redress they deserve under this scheme".