Digital representation of a data breach

Information from Council letters leaked

Thousands of details from letters, that were being stored digitally by a third-party have been leaked online, and subsequently indexed by popular search engine, Google.

The letters included personal information, such as names and addresses as well as insolvency letters and final reminders of unpaid council tax.

The victims of the leak were mostly people who had been financially hit by the pandemic.

The leak has called into question how councils perform their due diligence when outsourcing part of their work to private firms, particularly when dealing with residents’ personal information, as with letters.

One of the councils affected by this breach is Reigate & Banstead Borough Council, who state that the data that they had leaked was not of a sensitive nature.

The Council said:

"Virtual Mail Room has confirmed a data breach and the Information Commissioner's Office has been notified. We've been informed that the data exposed is very limited in nature and not sensitive.

"We take data protection very seriously and are currently working closely with Virtual Mail Room to understand how this has happened and what measures are now in place to ensure this does not happen again."

"We take data protection very seriously and are currently working closely with Virtual Mail Room to understand how this has happened and what measures are now in place to ensure this does not happen again. Once we have a full understanding, we will agree the most appropriate course of action.”

The Information Commissioner’s Office has confirmed that they are aware of the leak and are making enquiries, although they haven’t made further comments specific to this case, however a spokesperson from ICO said:

“People have the right to expect that organisations will handle their personal information securely and responsibly.

"When a data incident occurs, we would expect an organisation to consider whether it is appropriate to contact the people affected, and to consider whether there are steps that can be taken to protect them from any potential adverse effects.”

The company who had their data breached, Virtual Mail Room, offer councils the ability to upload documents, contact lists and track the progress of mail-outs and generate reports.

The information that was leaked has since been recovered, although it was publicly available since June.

PSE Dec/Jan 20-21

PSE Dec.Jan 20

Public services committee: Learning from Covid

Click here to read the Dec/Jan issue of our PSE magazine which looks at the lessons we can learn from Covid, what can be done better but maybe even more importantly, what we discovered during the pandemic that should be carried on even when Coronavirus is defeated. Read our interview with Chair of the Public Services Committee, Baroness Hilary Armstrong as well as invaluable insight from Bristol’s Smart City and Innovation Manager, Freyja Lockwood, on how their smart city plans are revolutionising Bristol.

Videos...

View all videos
Cyber Security

Win a £100 Amazon Voucher

Is the Public Sector safe against a cyber-attack?

Have you got 2 minutes to talk to us about cyber security?

PSE has teamed up with Checkpoint, leaders in cyber-security solutions to assess the state of cyber-security in the public sector. 

We want to educate the sector and equip you with the best protection.

Magazine Feature

Keep communities at the heart of planning

Chris Borg, NALC policy manager

Chris Borg discusses the Planning for the Future white paper and explains the importance of residents and local councils having a say when it comes to planning

More articles...

View all