Council blunder leaks personal data on web

Residents in Fylde have had their private details leaked on the internet in a massive security breach by Fylde Council.

Wednesday, 22nd March 2017, 9:31 am
Updated Friday, 24th March 2017, 11:07 am
People's personal information was posted on Fylde Borough Council's website

The council today confirmed that the email addresses of people who took part in a recent consultation had been posted on its website at the weekend.

However, victims say details also included mobile phone numbers, home addresses and personal comments on a number of council issues.

Brian Watson, of the Fylde Orders For Dog Control Action Group, had been monitoring the website as he waited for the results of a recent survey conducted on proposed changes to dog control in the area when he noticed the breach.

Sign up to our daily newsletter

The i newsletter cut through the noise

He said: “As a retired IT professional I immediately tried to contact the council so they could put this right. The first attempt they made was only partially successful and after I had pointed this out access was finally blocked.

“I was left with the feeling that the people I contacted really did not understand the significance of the exposure which is very worrying given that Fylde Council holds information about bank accounts and other personal matters. ”

Fellow action group member Ann DeRizzio, said: “I was shocked, when I went to the survey via the council’s web site link, to see my personal information there in full.

“I am extremely worried that this information was there for all to see and that it has left us open to scammers.

“Fylde Council stated clearly that they would never reveal our information – well they did, with the whole world.”

A Fylde Council spokesman said: “The council was made aware over the weekend that a link from Fylde’s website could have given access to the email addresses of some respondents to a recent consultation exercise.

“The link has now been removed. The council will investigate the circumstances around this incident and will comment further in due course.”

Fylde Council declined to disclose how long the link was present on its website, as well as how many people were affected by the breach.

The incident has not been referred to the Information Commissioner’s Office, though it is not mandatory that councils do this.

An ICO spokesman said: “Under the Data Protection Act, organisations must keep personal data secure and have appropriate measures in place to prevent it from being accidentally or deliberately compromised.”