The Chelmsford City Council data breach was another preventable incident of information exposure by a local authority that has affected thousands of people.
Personal information that was submitted using online forms was accidentally left visible on the website. There’s no way of knowing for sure if the information exposed was used or copied, leaving victims with a lack of closure over the incident.
More than 6,500 people that were affected by the breach have been informed by email that their data has been exposed.
Thousand affected by Chelmsford City Council data breach
6,771 people are said to have been affected by the Chelmsford City Council data breach. Data that had been submitted using online forms was somehow published online.
Data exposed in the breach included:
- Names;
- Addresses;
- Email addresses;
- Telephone numbers;
- National Insurance Numbers.
The data was exposed between 4th November 2018 and 14th December 2018; just in time for the holiday season. There’s never a ‘good time’ for a data breach, but right across Christmas will no doubt have upset people more.
Response to the Chelmsford City Council data breach
The response to the Chelmsford City Council data breach has been the usual apologies and assurances.
When notifying victims about the breach, the council said:
“Whilst our investigations have not found any evidence of fraudulent activity related to this event, as personal information may have been visible, we are taking the precautionary measure of contacting all those affected. We respect the privacy of your information and to safeguard you and your personal information we are informing you of this incident. I would like to apologise for any concern caused by this breach.
The Council also accepted that: “Since we cannot be sure if the records of these individuals have been viewed, we have reported this issue to the ICO, taken immediate actions to secure our databases, and contacted customers proactively to notify them of the issue”.
Surprisingly, the fact that they engaged in fast responses looks to have saved them from being issued a fine. We understand that the Information Commissioner’s Office (ICO) will not be issuing a fine to the council, despite the incident falling within the realms of the new GDPR era.
The Chelmsford City Council data breach appears to have been a preventable breach that has affected thousands of people. This is may be an interesting precedent of things to come, although it should not affect the rights of people to make a claim for data breach compensation should they wish to do so.