Reading:
Government digital service department leaks personal information
Share:
Sign-up to a data breach claim today - use our quick and easy form to begin your claim for thousands of pounds in compensation.
Many people may have a false sense of security that the Government are able to protect us and our data. Over the years, this belief has decreased massively given there are growing trends of data breaches, with hacks and leaks scarily becoming the norm.
This is exemplified in the Government’s digital service website – www.data.gov.uk – who recently fell victim to a security breach. A spokeswoman said that a database containing usernames and email addresses was discovered on a system which was accessible to the public. This was only discovered during a routine security review.
So, if the government can’t protect themselves, how can we expect them to protect us?!
After becoming aware of the breach, the digital service is making all users change their passwords as a precautionary measure. This may be too late to be implementing as a ‘precautionary’ measure though, given that the damage has already been done.
Not that it should make any difference, but according to the Government, only email addresses, usernames and hashed passwords were breached. Names and physical addresses weren’t leaked.
Email addresses, usernames, and hashed passwords are still valuable data to cyber-criminals, however!
They could still use them to access other accounts as many individuals tend to reuse passwords across multiple online accounts.
So, the risks are still there…
The Government digital service are aware of their wrongdoing and notified the Information Commissioner’s Office (ICO) of the breach. A spokeswoman told the BBC that the breach had only affected data.gov.uk accounts, meaning users with separate accounts for other government websites weren’t affected.
The Government digital service sent notification of the breach from this email address –
data.gov.uk.support@notifications.service.gov.uk – to warn users to change their passwords. The email stated that “the names, emails and hashed passwords in the file belong to users who registered on data.gov.uk on or before 20th June 2015.”
Further warnings have been given by the Government department, urging users to be diligent if they receive an email from someone claiming to be from the Cabinet office. It’s important that you check the authenticity of an email recipient before handing over personal information.
The spokeswoman tried to give her reassurances by stating that, because hashed passwords were used i.e. the passwords were scrambled, this formation makes the information less useful. However, as we mentioned above, this doesn’t completely eliminate the risks to people affected by the breach.
A spokeswoman also stated:
“…there is no evidence of misuse of anyone’s credentials and users have been asked to reset their passwords purely as a precautionary measure.”
Spencer Young, RVP EMEA at Imperva, highlights the importance of a strong password:
“Passwords continue to be an ‘Achilles Heel’ in the fight against cybercrime as improper user behaviour such as weak passwords or use of the same password across different sites – continues.”
EasyJet admits data of nine million hacked
British Airways data breach: How to claim up to £6,000 compensation
Are you owed £5,000 for the Virgin Media data breach?
Virgin Media faces £4.5 BILLION in compensation payouts
BA customers given final deadline to claim compensation for data breach
Shoppers slam Morrisons after loyalty points stolen
Half a million customers can sue BA over huge data breach
Lawyers accuse BA of 'swerving responsibility' for data breach
The biggest data breaches of 2020
Fill out our quick call back form below and we'll contact you when you're ready to talk to us.
