The York City Council data breach revealed at the end of November appears to be another avoidable breach from a local authority.
In this incident, an IT expert inadvertently stumbled across a huge vulnerability in the York City Council’s environmental app, named One Plant York. The app, which has since been taken down, had some 6,000 users and was aimed at promoting environmental protection. Unfortunately, a vulnerability in the app’s coding led to the personal and private information of the 6,000 users being compromised.
6,0000 affected by the York Council data breach
A huge 6,000 people were affected by the York Council data breach. An IT expert stumbled across the coding vulnerability and notified the council by sending a redacted sample of the compromised data to them.
The council initially reported him to the police, despite the IT expert acting in good faith in telling them (a ‘white hat hack’ of sorts). They have since reportedly thanked him and apologised for reporting him.
What data was compromised in the York Council data breach?
The data compromised in the York Council data breach included:
- User IDs;
- Passwords (understood to be in an encrypted format);
- Telephone numbers;
- Email addresses;
- References for properties;
- Location and settings;
- Information about ‘Planet points’ (an in-app feature).
This is enough information for someone with bad intentions to do some serious damage. In the wrong hands, a little data can go along way. That’s why it’s so important for data controllers to look after the data they hold. The consequences can include GDPR fines and claims for compensation.
Another council data breach
The York Council data breach is yet another local authority data breach. They are quite common, and we represent a lot of people with compensation cases for damages as a victim of a council data breach.
We offer No Win, No Fee representation for select council data breaches we take forward. We do this where we’re confident enough that there is a claim to answer for.
Councils and outsourced local authority agencies hold a lot of personal and sensitive data about people. It must be properly protected to avoid the distress associated with a data breach incident.
The content of this post/page was considered accurate at the time of the original posting and/or at the time of any posted revision. The content of this page may, therefore, be out of date. The information contained within this page does not constitute legal advice. Any reliance you place on the information contained within this page is done so at your own risk.
Request a Callback from our team!
Fill out our quick call back form below and we’ll contact you when you’re ready to talk to us.
All fields marked * are required.
You have the right to object to the processing of your personal data.