Re: @Kain preacher
its up to the trust to ensure their service supplier adheres to all data security standards as if the trust where directly managing the service themselves. They failed to ensure their data was in safe hands. the buck stops at the trust, they can blame whom they want but it was their decision to entrust data in their control with a third party, its up to them to ensure their third party is doing the job properly.
the likely hood is the trust have no clue as to whats involved in securing their data and hoped paying our money to a third party that made the right noises is all that was required. They will likely just pay that same third party more money and hope the problem fades away, still with no idea of what is required to secure our data.