Sign-up to a data breach claim today - use our quick and easy form to begin your claim for thousands of pounds in compensation.
A Medway Council data breach incident has been discovered by a security researcher after “rudimentary” tests found a bug in a system that may have exposed personal data.
Council data breach compensation claims are increasingly common these days, and a lot of it is likely down to a lack of investment in security and technology. One of the most common types of legal cases we take forward involve local authorities or the agencies they employ, and we regularly see these kinds of breach stories hitting the news.
In this case, it appears that an issue with an online inquiry form may have allowed anyone to access the personal information of some residents.
The Medway Council data breach incident reportedly stems from a bug in an online inquiry form that’s a part of the Kent Channel Migration Project that’s aimed at encouraging greater use of technology.
It’s understood that this project has had some previous flaws and issues, resulting in delays. A security researcher has since discovered a flaw whereby the form could be manipulated to be able to access and edit the personal information for residents.
Data that has been at risk of exposure is thought to include names, email addresses and telephone numbers.
In response to the Medway Council data breach incident, the council has self-reported to the UK’s data watchdog, the Information Commissioner’s office (ICO).
Residents whose information may have been exposed due to the flaw may need to be contacted as well. If the ICO finds that the issue is serious enough to issue a financial penalty, the local authority could be faced with having to pay a GDPR fine.
A spokesperson for the Council said:
“We would like to reassure residents this was an isolated issue with our inquiry forms, which involved web links being manipulated to gain access.”
In terms of how they quickly dealt with the problem:
“As soon as we became aware that a technical expert had gained access to some forms on our website, we immediately removed all potentially affected forms. We have also taken action to fully resolve the technical issue to avoid this happening again. We have provided the Information Commissioner’s Office with an initial report, and have steps in place to ensure all data is protected.”
Based on what we know so far, the Medway Council data breach incident may well be one of those lucky escape situations.
The issue was identified and reported by a security researcher as opposed to a hacker. Of course, we don’t know whether anyone else has been able to exploit the weakness, and it’s worrying that the issue was reportedly easy to identify with testing.
As more and more of these local authority data breach incidents occur, it seems clear that more funding is required from central government in order to ensure the data councils hold is safe and secure at all times.
EasyJet admits data of nine million hacked
British Airways data breach: How to claim up to £6,000 compensation
Are you owed £5,000 for the Virgin Media data breach?
Virgin Media faces £4.5 BILLION in compensation payouts
BA customers given final deadline to claim compensation for data breach
Shoppers slam Morrisons after loyalty points stolen
Half a million customers can sue BA over huge data breach
Lawyers accuse BA of 'swerving responsibility' for data breach
The biggest data breaches of 2020
Fill out our quick call back form below and we'll contact you when you're ready to talk to us.