Reading:
East Devon Council password data leak
Share:
passwords are exposed in cyberattacks

East Devon Council password data leak

Sign-up to a data breach claim today - use our quick and easy form to begin your claim for thousands of pounds in compensation.

Start Your Claim
Your privacy is extremely important to us. Information on how we handle your data is in our Privacy Policy

solicitors regulation authority

In a serious misstep at East Devon Council, the passwords of 37 council members were reportedly exposed online to other councillors, leaving private email inboxes potentially vulnerable to unauthorised access.

The error was quickly corrected, with affected councillors resetting their passwords. However, the period of vulnerability could have caused leaks of confidential information, which is why this is a serious matter.

Despite local authorities’ important responsibility to their communities and residents, we see data breaches happening far too frequently at local councils, suggesting that many are still failing to take their data protection duties seriously. At Your Lawyers – The Data Leak Lawyers – we believe that failures when it comes to data protection law justifies legal action, as many of these local authorities need to develop more rigorous data protection measures to protect people’s information. Where they fail to do so, we are here to help.

East Devon Council data leak- what happened?

It is currently understood that the data incident did not arise through a mistake of one of the East Devon Council members, but through a misstep made by an external IT provider called Strata. In their management of the council’s IT provision, it has been reported that Strata took the decision to add Airwatch and Outlook passwords to the digital profiles of the individual councillors, such that they were then made visible to their colleagues.

The risk to the councillors’ email inboxes could have been bad, as their emails could contain confidential information. This could include medical data, probation reports and electoral register information.

Councillor Paul Millar, who was responsible for discovering the password issue, reportedly did not receive “categorical assurance” that his emails had not been accessed by another council member.

The implications of such a data leak

The security risk is generally estimated to be low, as the problem was resolved quickly and it is said to be unlikely that councillors would betray their own organisation. However, factors such as this cannot be relied on to judge the situation as completely safe from harm. In fact, this internal issue and the thoughtlessness involved could be indicative of the risks of external data breaches occurring at East Devon Council in the future. This is something to be considered.

It is understood that the breach has since been labelled as “a wake-up call” in a recent meetings of the council, where the accessibility of the passwords was regarded as “poor practice” in terms of the protection of sensitive information. It was also revealed that the issue had been raised as early as May 2019, when councillors criticised the fact that they were not allowed to set their own passwords, and that they were all stored in a spreadsheet.

The ICO was informed and have been investigating the data incident, but it is already apparent that password protection at the East Devon Council does not seem to follow best practice. Going forward, the council should be more mindful of more appropriate data protection procedures.

Claiming for a council data leak

Fortunately, there is currently no evidence that residents have been affected by the East Devon council data leak. However, the frequency of council data breaches indicates a problem that cannot be ignored in general.

We hope that an incident like this will never affect you, but Your Lawyers – The Data Leak Lawyers – are here to support your right to claim compensation in the event of a data breach. As long as councils fail to address data protection vulnerabilities, it is important to know that you have every right to claim for the distress and financial losses you may have suffered as the result of a data breach.

Start Your Claim

You can call our claims team free from a landline or mobile on 0800 634 7575 or click on the link below to create a call back with one of our expert Data Claims team.Information on how we handle your data is available in our Privacy Policy.

We offer genuine No Win, No Fee agreements for our clients. Why we do this is simple:

Leading Data Breach Lawyers
Our experience speaks for itself.
We will fight for your right to compensation.
Access to Justice
As a victim of a data breach or hack, you deserve your chance to get access to justice.
Risks Assessment
We carefully risk assess your case and take it on if we think we have a good chance of winning the claim.

Request A Callback From Our Team

Fill out our quick call back form below and we'll contact you when you're ready to talk to us.

Your privacy is extremely important to us. Information on how we handle your data is in our Privacy Policy

solicitors regulation authority

SRA
Contact
www.dataleaklawyers.co.uk is © of Your Lawyers Limited - we are 'Authorised and Regulated by the Solicitors Regulation Authority (SRA number 508768)'
arrow-up icon