Data Breach in England
Charnwood Borough Council has said sorry to residents after losing private and personal details due to an IT administrative mistake.
Chiefs at the North Leicestershire council did not remove a series of critical details from an official document, inadvertently compromising the privacy of the data subjects concerned.
Among the data leaked were names, residential addresses, phone numbers and email addresses of citizens who responded to a study on council tax imposed on unoccupied homes. The survey was uploaded to the council’s website, but the listed details were not removed.
The body has emailed the 134 individuals whose details have been exposed in the breach. However, one victim has already reported the council to the Information Commissioner’s Office, which could lead to a fine and other regulatory sanctions.
In mitigation, Charnwood Borough Council say they have digitally masked the personal and private information, but it has not yet been removed. Until this is done, cyber hackers would still be able to use sophisticated software to reveal the compromised data.
It is not yet known whether any of the personal details were accessed or misused before the blunder was identified.
Speaking to the LeicestershireLive website, one resident said he had been unaware of the error until he received an apology email telling him that his personal data had been published.
“I was a shocked. I work in IT, and a statutory organisation like Charnwood should not be making such basic mistakes. I hope they learn from this and it doesn’t happen again,” he said.
The council said:
“We would clearly like to apologise to the people affected by this incident and we would like to reassure residents that we have reviewed our processes to ensure this does not happen again.”
In a letter to the victims, data protection and security officer for Charnwood Council, Megan Bilton, said:
“As soon as the council became aware that the published report had not been redacted correctly, the document was removed from the website.
“As the council’s data protection officer, I was informed of the matter and have investigated the circumstances of how the report was published in this way, and as a council we are now taking steps to ensure that an incident of this nature does not happen again.
“I would like to apologise to you that this breach has occurred.
“I understand that it is concerning to learn that your personal data has been published without your knowledge, and would like to reassure you that the information is no longer available outside of the council, and, as I mention above, we are taking the appropriate steps following this breach.”